Companies’ clouds present more complex risks than their static old computer networks. Clouds teem with unmonitored users holding top-level control, two recent studies found. One report found that 50 percent of Microsoft customers’ 209 million cloud identities (many not human) held super administrator access to “all permissions and all resources” across the customer company’s cloud – a mind-boggling situation that could increase “the blast radius” of any attack. This article presents key findings from Microsoft’s and Sonraí Security’s studies, explains the operational binds exacerbating cloud security risks and offers measures that companies can take to harden security around cloud identity and authentication. See “Six Steps for Improving Cloud Security From CSRB’s Report on Microsoft Intrusion” (Jun. 12, 2024).