[weseven]

Companies were struggling even in the non cloud world.

Add to that a cloud migration severely underestimated that involves refactoring of n legacy processes (and possible team reorganization), a "brilliant" idea of mapping AD roles and nonsensical forests into <insert propietary cloud IAM solution>, a new CISO coming in following the mantra of least privilege without taking the time to understand (and eventually help redesign) current operations, and urgent deadlines to meet/emergencies to manage/general unwillingness to change standard operating procedures for the new environments (trying to fit everything in the custom servicenow workflows that was designed years ago)... the result is either everyone gets its own tailored set of overpermissions, or broad wildcard roles that for some strange reason fit <insert compliance framework>.