Modern software systems rely on mining insights from business-sensitive data stored in public clouds. A data breach usually incurs significant (monetary and reputational) loss for a company. Conceptually, cloud security heavily relies on Identity Access Management (IAM) policies that IT admins need to properly configure and periodically update. Security negligence and human errors often lead to misconfigured IAM policies which may open backdoors for attackers. In this presentation, we present a framework for addressing these challenges. First, we demonstrate a novel visualization tool to uncover issues among IAM policies used by real-world commercial organizations. Second, we develop a novel framework to generate optimal IAM policies using constraint programming (CP). We use the least privilege principle as an optimality criterion, which intuitively implies minimizing unnecessary permissions. Third, to make IAM policies interpretable, we use graph representation learning using historical access patterns of users to encode similarity constraints: similar users should be grouped together within permission groups/roles. Finally, we describe multiple attack models and show that our optimized IAM policies significantly reduce the impact of security attacks using real data from multiple commercial organizations and synthetic instances.