In the cloud era, identity management becomes a formidable challenge for enterprises due to complex usage patterns and diverse identities and permissions. According to Gartner’s 2023 report, 'Managing Privileged Access in Cloud Infrastructure', it is predicted that 75% of cloud breaches will involve misconfigurations in Identity and Access Management (IAM), highlighting the crucial importance of identity visibility. To address this, we propose a system designed to identify and visualize the identity attack surface, presenting relationships between all cloud-related identities and assets graphically. 

Various types of accounts exist in the cloud environment, including CI / CD service accounts and on-premise synced accounts. Often, users may overlook these account types if they are not included in standard cloud inventory tools, focusing primarily on cloud-only accounts. Additionally, trusted relationships significantly extend the identity perimeter. This situation requires users to manage not only their own account permissions but also those of guest accounts, which can vary significantly in terms of risk.

In this talk, we will provide an inventory list of assets and configurations related to cloud initial access. Afterward, we will discuss a case study involving a cloud managed service provider that uses guest accounts to manage cloud services, highlighting issues related to identity and IAM misconfigurations. We will introduce how to reduce the attack surface of identities.