TL;DR: Cloud management platforms centralize orchestration, cost, monitoring, and security controls across hybrid environments, but the source article shows that identity, governance, and compliance remain only one part of the stack according to Zluri. The practical issue is that cloud control planes can simplify operations without solving who or what should hold access, how that access is reviewed, or when it should be revoked.
NHIMG editorial — based on content published by Zluri: IT Teams 14 Best Cloud Management Platforms in 2026
Questions worth separating out
Q: How should security teams govern access in cloud management platforms?
A: They should treat the CMP as an access broker, not just an operations tool.
Q: Why do cloud management platforms create non-human identity risk?
A: Because every automated workflow can create credentials, delegated permissions, and service accounts that persist beyond the task they were meant to support.
Q: What do teams get wrong about policy-based controls in cloud platforms?
A: They assume policy checks and RBAC are enough on their own.
Practitioner guidance
- Bind CMP actions to named identities Require every provisioning, orchestration, and de-provisioning action to resolve to a specific human, service account, or automation identity before the platform is approved for broad use.
- Inventory non-human identities created by workflows Track the service accounts, API keys, tokens, and certificates generated by self-service catalog items, automation jobs, and cloud templates, then assign owners and expiry rules.
- Connect audit logs to entitlement lifecycle Review whether logs show who approved access, what permissions were granted, when they were last used, and whether they were revoked after the workflow completed.
What's in the full article
Zluri's full blog post covers the vendor-by-vendor feature detail this analysis intentionally leaves for the source:
- Feature-by-feature breakdown of the 14 cloud management platforms and their stated capabilities
- Vendor-specific descriptions of security, governance, and cost-management functions across different cloud estates
- Customer ratings and product-positioning detail for each platform, which implementation teams may want to compare directly
- The article's own buying checklist for evaluating cloud management platforms in context
👉 Read Zluri's guide to the 14 best cloud management platforms in 2026 →
Cloud management platforms and identity governance: what’s missing?
Explore further
Cloud management platforms are becoming identity control planes by accident, not by design. The article focuses on orchestration, monitoring, cost, and security, but each of those functions depends on identity decisions hidden underneath the platform. That means the CMP can end up governing access paths without owning lifecycle discipline, which is where entitlement drift begins. Practitioners should treat CMP deployment as an identity architecture decision, not just an operations upgrade.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- That leaves 38% with no or low visibility and a further 47% with only partial visibility, which is why cloud control planes cannot be treated as complete identity governance systems on their own.
A question worth separating out:
Q: How do organisations know if their cloud governance is working?
A: Look for evidence that access can be traced from request to owner to removal, across both human and non-human identities. If teams can see cloud spend and resource usage but cannot explain who still holds access or why, governance is incomplete.
👉 Read our full editorial: Cloud management platforms still leave identity governance fragmented