Skip to main content

Multi-Cloud Identity Security: Secure Cloud Access and Zero Standing Privileges

April 3 is World Cloud Security Day. This day aims to raise awareness about the importance and techniques of securing data and information stored in the cloud. In this article we explore two multi-cloud identity security strategies: secure cloud access and zero standing privileges. 

Multi-cloud Identity Security

Multi-cloud identity strategies are increasingly being adopted by organisations to leverage the unique capabilities of different cloud service providers as they undertake digital transformation.

However, this approach brings with it unique security challenges, particularly around exploding cloud entitlements and unmanaged identity and access management.

This article focuses on two key critical aspects of multi-cloud identity security: secure cloud access and zero standing privileges and the ways organisations can use these for different identities.

First, let’s define secure cloud access and zero standing privileges.

Secure Cloud Access

Secure cloud access (SCA) is the cornerstone of any cloud security strategy. It involves ensuring that only authorised individuals can access cloud resources, and that they can do so in a secure manner.

Zero Standing Privileges

Zero standing privileges (ZSP) is a security model that involves removing all permanent, long-lived access rights from users and systems. Instead, privileges are granted on a just-in-time basis and are automatically revoked after a certain period of time or when they are no longer needed.

Whether an organisation decides on a secure cloud access, or zero standing privileges all comes down to the identities that are using it. In this context, we categorise two broad identity types: human and non-human identities.

Human Identities: The Cloud engineers and Cloud administrators

For human identities, such as cloud engineers and admins, implementing secure cloud access is key. This often involves the use of multi-factor authentication (MFA), which requires users to provide two or more verification factors to gain access to a resource. MFA significantly reduces the risk of successful phishing attacks, as an attacker would need to compromise multiple verification methods.

In addition to MFA, organisations should implement least privilege access controls. This means that users should only be given the minimum levels of access necessary to perform their job functions. Regular audits should be conducted to ensure that access rights are up-to-date.

Non-Human Identities: The Cloud workloads that runs in your multi-cloud environment

Non-human, or machine identities are the unique digital identities and attributes assigned to workloads, servers, devices, or software applications in the context of IT systems and cybersecurity. These identities play a crucial role in ensuring secure and efficient communication within digital and cloud environments.  As businesses increasingly leverage cloud computing and automation, so too, do the number of non-human identities, which can make managing them challenging. 

For cloud workloads, secure access typically involves the use of secrets management tools and Zero standing privileges. In this case, least privilege should also be applied at the most granular level to avoid crown jewels being exposed. These tools securely store sensitive information like API keys, passwords, and certificates, and provide them to applications on an as-needed basis. This prevents secrets from being hard-coded into application code or configuration files, where they could be exposed to attackers.

Zero Standing Privileges reduce the risk of privilege escalation attacks, where an attacker gains access to a low-level account and then escalates their privileges to gain access to more sensitive resources. It also reduces the risk of insider threats, as it limits the damage that a malicious insider could do.


Implementing secure cloud access and zero standing privileges is a critical part of any multi-cloud security strategy that considers the differing types of identities across your organisation. By ensuring that only authorised users and systems can access cloud resources, and by limiting the privileges that they have, organisations can significantly reduce their risk of a security breach. However, these measures should be part of a broader security strategy that includes other elements like data encryption, network security, and incident response.

Avocado provides solutions to implement Secure Cloud Access and Zero Standing Privileges. Submit an enquiry form below to find out more.

Are you ready to uplift your cloud identity security? Fill in the form to make an enquiry. 


Dennis Baltazar

Principal Engineering Consultant

Be inspired by our related content:

Maximising Developer Experience

Maximise productivity through Developer Experience helps businesses to unlock the full potential of your developers, and enhances the overall customer experience and your bottom line.

Reducing Technical Debt in Software Development

For IT teams, understanding the importance of reducing technical debt, is crucial for making strategic decisions that optimise IT operations, improve financial resilience, and position organisations for long-term success.  

The Gordon Ramsay approach to testing (minus the swearing)

Is your inhouse team struggling, stuck in a testing loop at risk of missing the project deadline? The missing ingredient may be the Gordon Ramsay approach (minus the swearing)

What Formula 1 teaches us about the race for clean, safe software 

Under the IT lens, the traditional question was ‘do we release software fast but buggy, or slow but clean?’ The worldwide adoption of iterative development has answered this – concluding that speed matters.

Close Menu