Historically, defense in depth has mostly been performed through network-layer controls. While network security controls remain an important component of cloud security, an additional layer of identity and access management (IAM) governance is now needed as organizations continue to scale their cloud presence. Similar to scanning applications for vulnerabilities, IAM policies across all cloud accounts must be constantly monitored and evaluated to determine the risk impact to the business.