Identity risk examples
Cloudryption identifies risky permission patterns and lateral movement vectors:
- Over-privileged identities — roles with excessive permissions
- Publicly assumable roles — cross-account assumption from any identity
- Missing MFA — console access without multi-factor authentication
- Credential exposure — identities exposed through misconfigurations
- Privilege escalation chains — permission sequences enabling escalation
- Cross-account trust paths — unauthorized cross-account access vectors
- Unused high-privilege identities — stale accounts retaining permissions
Important limitations
Identity analysis is CIEM-equivalent, not a complete CIEM platform. Coverage and accuracy depend on:
- Available cloud identity metadata and API visibility
- Third-party federation and trust paths (not fully visible)
- Application-layer authorization (outside cloud IAM)
- Business context accuracy about identity function
- Real-time activity analysis requires logging service integration
- Managed and workload identity patterns (provider-dependent)
Ready to analyze identity risks?
Start with a pilot to explore identity exposure in your environment.