The core tenet of a zero trust strategy is least-privilege access. Yet, organizations continue to rely on user and machine identities that are susceptible to compromise, abuse/misuse, and theft. Risk is compounded by over-permissive, static access rights that provide little to no visibility into who and what is using access and how. Vaguer is how identities are being/should be monitored and protected. Availability of modern, cloud-managed identity services is widespread. Yet organizations have been slow to pivot their security programs from traditional endpoint, network, and SecOps to an approach that focuses on identity orchestration and experiences, which is dynamic and distributed. Where there are no perimeters, a multitude of identity verification services and managed identity services exist.