Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Participate in the CSA Top Threats to Cloud Computing 2025 peer review to help shape industry insights!

How to Address Cloud Identity Governance Blind Spots

Published 03/18/2025

Home
Industry Insights
How to Address Cloud Identity Governance Blind Spots

Written by Gerry Gebel, VP of Products and Standards, Strata.

 

Working directly with organizations that are navigating the complexities of multi-cloud environments, one thing has become clear: managing identities across cloud and on-prem systems isn’t getting any easier. Whether it’s ensuring governance, improving visibility, or building resilience, many companies still struggle to get a firm grip on their identity infrastructures. And it’s leaving them open to security risks, compliance issues, and operational bottlenecks.

Let’s examine some of the key challenges that organizations face today and, more importantly, what can be done to strengthen governance, visibility, and resilience in identity ecosystems.

 

Identity Analytics and Governance

Although identity analytics is foundational to modern governance, many organizations still have blind spots in their identity systems. I’ve seen companies that struggle to answer basic questions like, “How are our applications being secured?” or “What identity providers (IDPs) are we using with each application?” Furthermore, some don’t even know if multifactor authentication (MFA) is consistently enforced.

This isn’t just a compliance issue—it’s a governance problem. The 2024 State of Multi-Cloud Identity Report underscores this point, with 75% of organizations rating visibility as a top priority. Yet, many can’t seem to gain the much-needed insight into their users, applications, and identity systems. Without this visibility, it’s tough to manage access, enforce policies, or meet compliance requirements.

The good news? Emerging identity analytics tools are offering granular data and insights that can strengthen governance frameworks. For example, tagging applications by department, region, or compliance requirements like GDPR, it’s possible to generate reports that show whether critical security measures like MFA are in place. This level of visibility is a game changer for improving governance and reducing risk.

 

Visibility Gaps Remain a Problem

One of the biggest pain points I hear from executives is how hard it is to get a full view of their identity infrastructures, especially when dealing with multiple IDPs across cloud environments. It’s no surprise that 73% of organizations in the report said their Identity Governance and Administration (IGA) tools don’t meet their needs when it comes to managing identities across multiple IDPs. This creates serious security and compliance vulnerabilities.

I’ve often referred to this as a “blind spot” in identity management. Too many organizations lack a clear inventory of the applications running in their environments and don’t have the tools to track how those applications are secured or who has access. As complexity grows, so do these gaps.

So, what can we do about it? First, we need to invest in tools that integrate visibility across multiple IDPs and cloud environments. Identity orchestration solutions are becoming essential here, automating the discovery and management of identities across fragmented systems. This approach doesn’t just improve visibility—it streamlines the entire process, ensuring that you’re not flying blind when it comes to managing your identity infrastructure.

 

Improving Application Governance with Analytics

Another area where advanced analytics delivers immediate value is application governance. Application owners—whether they’re in finance, marketing, or IT—often don’t have visibility into how their apps are protected by identity systems. They might not know if the app is secured by OIDC, SAML, or another standard, and they may not have a clear picture of which users are registered for MFA.

With the right identity analytics tools, application owners can gain a clear view of how their apps are secured. Here again, tagging apps based on business function or region can generate reports that show compliance with key security policies. It’s a win-win: application owners get the visibility they need to manage security and compliance, and CISOs get peace of mind that their governance framework is robust.

 

Building Identity Resilience

Of course, it’s not just about governance and visibility—resilience is also becoming a top priority for many organizations. With so many companies operating in multi-cloud environments, ensuring identity resilience is critical for business continuity. What happens when an IDP fails? Without a failover plan, applications — and business processes — will grind to a halt.

According to the 2024 State of Multi-Cloud Identity Report, 43% of organizations are prioritizing investments in identity availability and resilience for 2025. But here’s the catch: only 38% have fully implemented measures to ensure continuous availability of their identity services. That’s a lot of risk exposure for many organizations.

Resilience doesn’t just happen; it requires careful planning and the right technology. A robust continuity strategy should include automated failover mechanisms that switch to a backup IDP if the primary one fails. This ensures that even if the primary IDP goes down, business operations keep running smoothly. At the end of the day, identity resilience is about more than just security—it’s about ensuring business continuity in an always-on world.

 

Next Steps

So, where do we go from here? To strengthen identity governance, here are three key takeaways:

  1. Invest in Visibility: You can’t manage what you can’t see. Advanced identity analytics and orchestration tools provide the visibility needed across users, applications, and identity systems.
  2. Focus on Governance: With the right tools, it’s possible to tag and categorize applications, monitor compliance, and report on key security metrics like MFA enforcement and IDP health.
  3. Build Resilience: A strong identity continuity plan is essential. Make sure automated failover mechanisms are in place to ensure that identity services remain available, even when an IDP goes down.

As multi-cloud environments grow more complex, managing and securing identities isn’t just a technical challenge—it’s a business imperative. Closing visibility gaps, strengthening governance, and building resilience can ensure that identity infrastructures not only meet today’s needs but are ready for whatever the future brings.

Cloud Security Services ManagementIdentity and Access ManagementRisk Management

Share this content on your favorite social network today!

Cloud Assurance
Related Resources
STAR
The industry's standard for security assurance in the cloud.
Cloud Controls Matrix & CAIQ v4
The standard cybersecurity control framework.
Trusted Cloud Provider
Demonstrate your commitment to holistic security.
Latest from CSA
Help Shape the Next Top Threats Deep Dive
Participate in the Open Peer Review for Data Privacy Engineering
Explore Shadow Access and AI
Unlock Cloud Security Insights

Subscribe to our newsletter for the latest expert trends and updates

Enhance your cloud security skills with CSA's online training options.
Related Articles:
3 Time-Consuming Security Functions to Automate in 2025

Published: 03/18/2025

AI Security and Governance

Published: 03/14/2025

A.I in Cybersecurity: Revolutionizing Threat Detection and Response

Published: 03/14/2025

The Hidden Costs of Manual GRC in a Cloud-First World

Published: 03/13/2025