To effectively prioritise security measures in a cloud-based system first of all assess assets and understand compliance requirements. Develop a comprehensive security policy, implement strong identity and access management (IAM) with multi-factor authentication (MFA), and encrypt data both at rest and in transit. Secure configurations, conduct regular security assessments, and have an incident response plan ready. Monitor and log activities, provide security awareness trainings. Frequently review and update systems to ensure patches and updates are applied to mitigate any vulnerabilities.

Starting from scratch means security must be built in, not bolted on later. I begin with the principle of least privilege, ensuring every component and user has only the access they need. Encryption is a priority—data is secured at rest and in transit. Next, I focus on secure authentication, using MFA and OAuth. Logging and monitoring come early, so unusual activity is caught fast. Automating compliance checks ensures security isn’t an afterthought. Security isn’t a one-time setup—it evolves with the system. By making it foundational from the start, I prevent costly fixes down the road.