Most organisations use more than one public cloud to deploy infrastructure (AWS,Azure,GCP etc.).Having a large distributed deployment opens up avenues for attackers to exploit, misusing the lateral movement paths and inter-dependencies between the clouds. Mandiant has observed attackers compromise entire cloud environments by performing token theft-replay, AiTM attacks. Such compromises often involve abuse of user accounts exposed to multiple clouds, permissions leak, lateral movement paths, trust relationships and integrations between the cloud service providers. This session will walk through Mandiant’s frontline experience of such attacker paths across multi-cloud and delve into the proposed architecture to secure the cloud. This is meant to eliminate attacker paths of lateral movement and privileged escalation. It adopts tiering model practices for segregation of resources, endpoints, accounts, and applies it consistently across multiple cloud platforms. The session delves into security configurations, monitoring and detection mechanisms to secure and harden critical assets across multi-cloud.