How would you secure AWS or Azure environments at T-Mobile, with a focus on IAM policies and container security?