The only way to manage that risk is to implement the principle of least privilege across their cloud environment. How can they reduce the risk in the cloud? They need to understand the attack surface has changed and operate under the assumption that the number one risk to their cloud is a trusted identity with excessive high-risk permissions. If not, they run the risk of compromising every security system, policy, and procedure they’ve worked to put in place, it’s not well enough.
Source: https://www.helpnetsecurity.com/2021/02/10/whitepaper-ciem/