You’ve been asked to secure a cloud environment running across AWS and Azure before additional business workloads are onboarded. The current setup has grown quickly, and there are inconsistent IAM patterns, uneven network segmentation, and mixed use of encryption controls for storage and service-to-service traffic. You need an approach that reduces risk without slowing delivery, and that can be understood by engineering, infrastructure, and risk stakeholders.
How would you secure cloud environments in AWS or Azure, focusing on IAM, VPC security, and encryption at rest and in transit?