Cloud security access management gaps are widening in multi-cloud

At a glance

What this is: This is an analysis of cloud security access management and its biggest control gaps, with emphasis on passwords, lifecycle management, JIT access, and rogue accounts.

Why it matters: It matters because the same access-control weaknesses that affect cloud workloads also shape NHI, privileged access, and lifecycle governance across human and machine identities.

By the numbers:

• With the total cost of recovery from a ransomware attack rising to $5.13 million in 2024, cloud access control failures can turn identity gaps into expensive operational incidents.
• In 2022, 49% of teams used spreadsheets to store cloud passwords, while 75% managed application credentials this way.
• 12% reported using automated technology to identify and, y and remove rogue cloud accounts within three days.
• 70% reported they cannot remediate compromised or non-compliant passwords within 24 hours.

👉 Read Bravura Security's analysis of cloud security access management risks

Context

Cloud security access management is the discipline of deciding who or what can access cloud resources, when that access is granted, and how quickly it can be removed. In practice, the problem is that identity governance often lags behind cloud sprawl, manual credential handling, and rapid workforce change, which creates a persistent gap between policy and actual control.

Bravura Security’s article frames cloud access as an IAM issue first, not just a cloud operations problem. That matters for NHI, privileged access, and lifecycle governance because the same weaknesses that leave cloud accounts exposed also affect service accounts, temporary access, and offboarding discipline.

The article is typical of many enterprise environments: teams have multiple point controls, but they still lack consistent enforcement across passwords, JML, JIT, and rogue-account handling. The result is a control surface that looks covered on paper but remains uneven in execution.

Key questions

Q: How should security teams reduce cloud identity risk when passwords and credentials are still widely shared?

A: Security teams should remove informal credential sharing first, because shared spreadsheets and chat-based secrets create invisible persistence. Move cloud credentials into managed secret systems, enforce ownership, and require rotation and revocation workflows that do not depend on manual recall. The goal is to make distribution, expiry, and recovery part of the control plane, not a side process.

Q: Why do rogue cloud accounts increase security risk so quickly?

A: Rogue accounts matter because they preserve access after the organisation has lost the business reason for that access. Once a former employee, contractor, or stale workload still has valid credentials, attackers only need one usable path to turn forgotten access into privilege abuse. Fast discovery is useful, but fast revocation is what limits damage.

Q: When should organisations prioritise JIT access over standing privileges?

A: Organisations should prioritise JIT access whenever elevated access is used for recurring but task-scoped administrative work. If the access does not need to exist continuously, standing privilege increases exposure without adding operational value. JIT is most effective when paired with approval, expiry, and logging so the access window is narrow and auditable.

Q: What does a unified identity lifecycle approach change for cloud governance?

A: A unified identity lifecycle approach replaces isolated onboarding, access review, and offboarding steps with one control model that follows the identity from creation to removal. That matters because cloud risk often appears when one team believes another owns revocation. A single lifecycle view reduces gaps between HR, IT, security, and cloud operations.

Technical breakdown

Why cloud access management breaks down in multi-cloud environments

Cloud security access management becomes difficult when each platform exposes slightly different identity controls, approval paths, and audit formats. Multi-cloud adds policy drift, because access decisions are made in different consoles and by different teams, which makes uniform enforcement harder. The real failure is not a lack of policy language but the absence of a single operating model that can keep access scope, approvals, and revocation aligned across cloud providers and business units.

Practical implication: standardise cloud access policy enforcement across platforms before expanding the number of identities or providers.

Why spreadsheet-based credential handling creates systemic exposure

Spreadsheets are not just an insecure storage choice, they are a governance failure because they make secret distribution, ownership, and rotation invisible. Once passwords or application credentials are shared through email or messaging, the organisation loses reliable control over who holds them and where they persist. That creates lasting exposure for cloud and NHI credentials alike, especially when recovery depends on manual discovery rather than managed rotation.

Practical implication: move application credentials into managed secret workflows and eliminate informal sharing channels.

How JML and JIT reduce cloud identity blast radius

Joiner-Mover-Leaver processes remove stale access over the identity lifecycle, while Just-in-Time access limits how long elevated access exists. Used together, they reduce the number of standing entitlements that can be abused if a user, contractor, or workload is compromised. The technical point is that duration and scope matter as much as privilege level, because short-lived access is much harder to exploit at scale than persistent access.

Practical implication: pair lifecycle offboarding with time-bounded privilege grants for both human and non-human identities.

Threat narrative

Attacker objective: The attacker aims to turn weak credential governance into persistent cloud access that can be used for fraud, ransomware, or lateral movement.

1. Entry occurs when cloud passwords or application credentials are stored in spreadsheets or shared through insecure channels such as email or messaging applications.
2. Escalation follows when a compromised or stale identity retains standing access because the organisation cannot remediate or revoke it quickly enough.
3. Impact comes when rogue accounts or privileged cloud identities are abused to enable ransomware, data access, or broader cloud compromise.

Breaches seen in the wild

• 230M AWS environment compromise — 230M AWS environments compromised via exposed .env files with cloud credentials.
• MongoBleed breach — MongoBleed exposed secrets across 87K MongoDB servers.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Cloud access management is really lifecycle management under a cloud label: The article’s central weakness is not cloud complexity alone, but the absence of durable identity lifecycle control across passwords, access grants, and revocation. That is why JML, JIT, and rogue-account handling appear together in the same failure pattern. Practitioners should treat cloud access as a lifecycle governance problem, not a tooling checklist.

Standing credential exposure remains the most dangerous cloud governance assumption: The article shows that many organisations still tolerate credential storage and access methods that assume secrets will remain controlled after issuance. That assumption fails as soon as credentials are copied into spreadsheets, chat threads, or shared folders. The implication is that cloud programmes must stop treating secret persistence as a harmless convenience.

Identity blast radius is now the metric that matters: In environments where compromised passwords cannot be remediated quickly, the real question is how much access can survive before containment catches up. That makes revocation speed, scope limitation, and access segmentation more important than nominal policy coverage. Practitioners should measure how far a single credential can travel before it is removed.

Cloud governance is converging on the same controls needed for NHI and privileged human access: The same patterns that create cloud risk, such as static credentials, delayed revocation, and fragmented ownership, also drive non-human identity exposure. That is why cloud access management, PAM, and NHI governance are no longer separate conversations. Security teams should align them under one identity control model.

Manual control creates compliance theatre, not resilience: The article repeatedly shows that organisations can report policy intent while still relying on spreadsheets, manual reviews, and inconsistent SLAs. That produces a false sense of control because the governance process looks complete until a real incident forces action. Practitioners should assume that any control not instrumented for repeatable enforcement will fail under pressure.

From our research:

• 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to The 2024 Non-Human Identity Security Report.
• Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities.
• That gap is why teams should pair cloud access controls with NHI Lifecycle Management Guide practices and the OWASP Non-Human Identity Top 10.

What this signals

Credential governance is becoming the common failure mode across cloud, human identity, and NHI programmes: When access is still tracked in spreadsheets or informal channels, the problem is no longer just weak storage. It becomes a lifecycle failure that affects provisioning, revocation, and auditability across the whole identity stack, especially where cloud teams inherit access they did not issue.

Identity blast radius is the right programme metric for cloud access maturity: With 23.7% of organisations still sharing secrets through insecure methods such as email or messaging applications, per The 2024 Non-Human Identity Security Report, access governance is only as strong as the least disciplined distribution path. Teams should measure how many identities can survive a revocation event, not just how many policies exist.

Cloud programmes that already use lifecycle and zero-trust language should extend those controls to service accounts, application credentials, and ephemeral access paths. The governance model is converging on one principle: if access cannot be issued, observed, and removed with equal precision, it is not actually controlled.

For practitioners

• Eliminate spreadsheet-based credential handling Move cloud passwords and application credentials into managed secret workflows, then remove email and messaging as distribution paths for anything that authenticates to production systems.
• Set revocation SLAs for cloud identities Define maximum removal windows for rogue accounts, compromised passwords, and leaver access, then measure actual revocation time against those thresholds across environments.
• Unify JML across human and machine access Treat joiner, mover, and leaver events as a single governance process that covers employees, contractors, service accounts, and cloud workloads.
• Use JIT for elevated cloud access Reserve standing privilege for only the smallest set of administrative needs and require time-bounded access for high-risk tasks in cloud environments.

Key takeaways

• Cloud access management fails when identity governance is fragmented across passwords, lifecycle events, and revocation workflows.
• The article’s own data shows a large gap between policy intent and operational control, especially around credential handling and rogue-account removal.
• Practitioners should collapse cloud, NHI, and privileged access into one lifecycle model with explicit revocation SLAs and time-bounded privilege.

Key terms

• Cloud Security Access Management: Cloud security access management is the set of policies and controls that decide who or what can use cloud resources and under what conditions. In practice, it spans authentication, authorisation, lifecycle removal, and audit evidence across cloud platforms, with the main challenge being consistent enforcement at scale.
• Rogue Account: A rogue account is an identity that still has valid access even though the organisation no longer recognises it as authorised. For cloud programmes, that usually means a former user, contractor, or workload credential that was not revoked on time and can still be abused.
• Just-In-Time Access: Just-In-Time access is a method of granting privileges only for the short period needed to complete a task. For cloud and machine identities, it reduces standing exposure by making access temporary, scoped, and easier to audit than permanent elevated rights.
• Identity Lifecycle Management: Identity lifecycle management is the process of creating, changing, reviewing, and removing access as an identity moves through the organisation. It applies to people, service accounts, and workloads, and its strength depends on whether revocation is reliable when roles or relationships change.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Bravura Security: cloud security access management risks and control gaps in multi-cloud environments. Read the original.