Problem

A Meta engineering team is migrating a legacy monolithic application from an on-prem environment to cloud infrastructure. The application handles internal service-to-service traffic, stores sensitive user-related metadata, and currently relies on flat network trust, long-lived credentials, and manually managed hosts.

You are the security engineer assigned to the migration review. Your task is to identify your top three security priorities during the migration and explain how you would implement them.

What to cover

1. Prioritize the three most important security areas you would address first.
2. For each priority, explain:
   • the primary risk being reduced,
   • the concrete controls you would introduce,
   • how you would validate the control is working,
   • the migration trade-offs or delivery impact.
3. Assume the target environment uses Meta-style cloud infrastructure with centralized identity, service authentication, logging, and configuration management.
4. Be specific. Strong answers typically discuss areas such as:
   • identity and access management for workloads and operators,
   • secrets handling and credential rotation,
   • network segmentation and service-to-service trust,
   • hardening golden images and container/runtime posture,
   • encryption in transit and at rest,
   • logging, detection, and incident response readiness,
   • policy-as-code guardrails in the deployment pipeline.

Deliverable

Present your answer as a ranked top-three list with short justification for each item. Focus on practical migration sequencing: what must be done before cutover, what can be phased in, and what would block launch if missing.

Use realistic examples, such as replacing shared database passwords with short-lived service identities, restricting east-west traffic, or enforcing deployment checks before workloads are promoted.