Twilio discloses a data breach. What could be done better to prevent it in the future?

Least Privilege is about giving the least privilege (role and privilege) as required by the user, while Zero Trust completely eliminates trust at a whole level, whether internal or external.  Zero Trust sample is MFA, where you would need to validate your access credentials (e.g., through biometrics).

Least privilege access is used to provide access needed to perform a role or action, which is good, while Zero trust completely assumes every attempt as a possible compromise and treats it as such.  If something with the least privilege access tries to access any resource in an environment where Zero Trust is implemented, Zero trust will still take precedence.

Identity and access management in the cloud - there are more interpretations of this question - like where are the identities stored (on-premise/in cloud/ both with sync between them already)?  where is the service with managed access located? what is the access based on? what kind of SSO service API is supported by the user store/ application if any? what authentication methods are supported by applications/services?  what technology is preferred by customers consuming/planed to consume those services?  What authorizations are possible/requested and based on what?  Too many possibilities, too many options to answer it in short.  To be honest, universal best practices in this area, as I am aware of, don't exist yet.  Case by case, the best practices will be different based on answers to the questions above.

Case by case, that will be the very first thing I am going to tell.  In general, you will definitely need a team to start, IT professionals, application owners, and a trustworthy partner who has the skills.  IAM product-wise, the top-ranking list on the market is always the resort, so go and find someone （architecturally, not sales) from e.g., One Identity, AAD, and have them carve your way out. 

Zero Trust Security is all the rage these days and for good reason. It’s a powerful security framework that organizations can use to protect themselves against cyber threats. While it sounds complicated, at its core there are five simple principles that makeup Zero Trust Security: 1. Never trust, always verify: With managed email security services,  organizations can employ various layers of authentication and authorization to verify user identities before allowing access. 2. Least privilege: Organizations should only grant users the minimal amount of access necessary for their role in order to reduce the risk of a data breach or other malicious activity. 3. Zero trust boundaries: By using managed email security services, organizations can ensure that data and systems are segmented into secure boundaries to prevent the lateral movement of malicious actors. 4. Continuous monitoring: Organizations should employ managed email security services to continuously monitor and log user activity, allowing administrators to spot suspicious behavior quickly and take appropriate action. 5. Comprehensive security solutions: By employing managed email security services, organizations can ensure comprehensive protection from cyber threats. These five principles are the foundation of Zero Trust Security and managed email security services are necessary for implementing them in a secure and effective way. Take advantage of managed email security services today to ensure that your organization is protected against all types of cyber threats.