You’ve been asked to define the security approach for a cloud environment running in AWS and Azure. The focus is on getting the fundamentals right early: identity and access management, network segmentation and VPC/VNet security, and encryption for data at rest and in transit. You need an approach that is practical to implement, reduces risk quickly, and can be explained clearly to both engineering and governance stakeholders.
How would you secure cloud environments in AWS or Azure, focusing on IAM, VPC security, and encryption at rest and in transit?