Notifications
Clear all
Topic starter
06/06/2026 11:08 am
TL;DR: Enterprises have accelerated into multi-cloud environments while identity governance, access control, and visibility struggle to keep up, according to Strata Identity’s State of Multi-Cloud Identity report. The real issue is not cloud adoption itself but the assumption that identity controls built for a single environment will still hold across distributed platforms and workloads.
NHIMG editorial — based on content published by Strata Identity: Identity & Access Management State of Multi-cloud Identity 2023 Report
Questions worth separating out
Q: How should security teams govern identities across multiple cloud platforms?
A: Security teams should define one governance model for entitlement ownership, review cadence, and lifecycle state, then map it to each cloud’s native controls.
Q: Why do non-human identities become harder to control in multi-cloud environments?
A: Non-human identities become harder to control because they are created and reused across different platforms with different entitlement semantics, logging, and review mechanisms.
Q: What breaks when identity governance is handled cloud by cloud?
A: Cloud-by-cloud governance breaks when no one can reconcile ownership, privilege, and offboarding across the whole environment.
Practitioner guidance
- Map identity control planes across every cloud Document where authentication, authorisation, logging, and entitlement review are enforced in each cloud so gaps do not hide behind federation.
- Create one inventory for non-human identities Track service accounts, tokens, keys, and workload identities in a single register with owner, purpose, expiry, and cloud scope.
- Separate federation from governance checks Verify that cross-cloud sign-in does not mask over-privileged entitlements, stale access, or missing lifecycle controls.
What's in the full report
Strata Identity's full report covers the operational detail this post intentionally leaves for the source:
- The report's year-over-year survey framing and how the research was structured across multi-cloud environments.
- The specific challenge breakdown by enterprise environment, which helps teams benchmark where their own identity model is most exposed.
- The broader executive summary around cloud identity adoption and the operational themes behind the findings.
- The report's additional commentary on how enterprises are approaching distributed identity management across platforms.
👉 Read Strata Identity's report on multi-cloud identity governance →
Multi-cloud identity sprawl: what IAM teams need to change?
Explore further
06/06/2026 11:45 am
Multi-cloud identity exposes the limit of environment-specific governance. Identity controls designed around one cloud provider assume a stable control surface, but multi-cloud environments fragment that surface into multiple policy domains. The practical effect is that ownership, review, and enforcement become harder to reconcile across platforms. Practitioners should read this as a governance design constraint, not a tooling inconvenience.
A few things that frame the scale:
- 35.6% of organisations cite managing consistent access across hybrid and multi-cloud environments as their top NHI security challenge, according to the 2024 Non-Human Identity Security Report.
- Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities.
A question worth separating out:
Q: How should organisations decide whether their multi-cloud identity model is working?
A: They should test whether they can answer four questions consistently: who owns the identity, where it is active, what it can access, and when it should be removed. If those answers differ by platform or depend on manual reconciliation, governance is not yet reliable enough for multi-cloud operations.
👉 Read our full editorial: Multi-cloud identity governance is reaching its breaking point
