Treat identities as a new kind of network boundary by shifting focus from where traffic comes from to who or what is accessing an environment, and regularly audit identities to visualize the boundaries of their environment with improved accuracy. Use complex passwords and multi-factor authentication for user accounts to protect them from account takeovers and other threats. Limit the use of static, long-lived credentials for service accounts to reduce the attack surface and increase security. Organize identities into logical groups based on their role or function to manage permissions at a high level and provide context around who is accessing a resource. Assign permissions as needed, based on zero-trust and least-privilege principles, to systematically deploy the right permissions at every level of cloud infrastructure. Monitor IAM activity using logs to capture key information about user activity and identify potential security threats.