Spent the better part of last year moving workloads into AWS. Mostly replatform, some refactor, a lot of "just get it running" energy from leadership. Fair enough, I get the business pressure. What nobody planned for was the security gap that opened up the second we had feet in both worlds. On prem AD is still the backbone of identity for about 60% of our workforce. Half our service accounts in AWS still authenticate back through a trust to our on prem domain. The tooling - completely split: cloud team runs their own security stack, my team runs ours, and there's a gap in the middle where nobody's looking. I asked a simple question in a meeting last month: if someone compromises a cached credential on an on prem workstation, can they pivot into our AWS environment? The room? dead silence. Nobody could answer it.…