[unethical_ban]

My previous employer is or has already transitioned mostly to the cloud. The answer to your question is " the same teams that were doing it before, but with cloud guardrails instead of hacky bespoke solutions ".

AWS IAM is baked into every single product natively. It isn't perfect and their JSON dialect is annoying at times, but having granular RBAC for storage, compute, ops, network in a single language is incredible for security.

And using IaC, you can put guardrails on specific tasks that IT does often. Manual reviews become automated.

It is a ton of conversion and up front work, but there are upsides.

And then of course there is the instant global reliability, where a lot of formerly complicated sysops becomes automated as well

Final thought: other than the hardware abstraction, everything I talked about re: IAM could be done with a local software stack, if it existed.

[freedude]

" the same teams that were doing it before, but with cloud guardrails instead of hacky bespoke solutions "

you do realize that "cloud guardrails" often started out life as "hacky bespoke solutions". you are assuming more business risk than is necessary.

[unethical_ban]

As someone who did it for two years, I know not everything is perfect. But the tooling, monitoring, automation, orchestration, etc. becomes a lot easier when there are 4-5 toolsets vs. dozens.

It's like taking an ops support team that is using perl, java, php, python, bash, ksh running on RHEL5 and HP-UX and getting everyone on RHEL8, terraform and Go.