One of the most fundamental challenges of securing the identity-defined perimeter is efficiently managing and securing the cloud identity life cycle. 

This priority comes into sharpest focus with offboarding users—or, more accurately, the failure of so many organizations to revoke standing access privileges to DevOps environments and other sensitive IT resources. 

Companies today use hundreds or thousands of cloud services, and a typical DevSecOps operation can easily generate thousands of data access events every day. The result is that each human and machine user has multiple identities and standing privilege sets sitting vulnerable to exploitation. If those privileges are not revoked or expired when an employee or contractor leaves the organization, that massive attack surface remains in place indefinitely. 

Read more at securityboulevard: Securing Onboarding and Offboarding in the Cloud