- Orphan, dormant accounts.
- Too many people with privileged access.
- Static admin, service passwords a security risk.
- Weak password, password-reset processes.
- Inappropriate, outdated entitlements.
- Who owns ID X on system Y?
- Who approved entitlement W on system Z?
- Limited/unreliable audit logs in apps.
- Need temporary access (e.g., prod migration).
- Half the code in every new app is the same:
- Manage the above.
- Mistakes in this infrastructure create security holes.