As businesses have adopted large cloud-native environments, security and engineering teams are struggling against the fragmented, alert-heavy processes that have accompanied their efforts to reduce risk. This is the result a few years of changes of architecture and development practices that must be considered for a cloud security operation to function at scale. In this session, we will explore what has changed and propose some tips to handling these problem. We will also cover how ASOS is dealing with critical vulnerabilities and infrastructure-as-code misconfigurations, managing risk overload, leveraging automation, and improving the architecture, to secure their cloud environment.