The cloud is poised to become the dominant platform for enterprise application development. As architectures shift to take full advantage of cloud native technologies, governing identity and access management (IAM) will become an even more critical component of cloud security. IAM policies across all cloud accounts must be constantly monitored and evaluated to determine the potential exposure risk to the business. Threat actors are constantly looking for ways to exploit misconfigurations, take advantage of excessive access permissions and compromise infrastructure vulnerabilities within an organization’s environment - to achieve their objectives. This diagram illustrates the step-by-step actions an attacker can take to discover, exploit, move laterally, and eventually gain access to credentials in the customer's cloud environment