Which practice best aligns with minimizing risk by following a security principle during cloud IAM?

Limiting permissions to the minimum needed for a task—often called the principle of least privilege—is the best fit for reducing risk in cloud IAM. By giving each user or service account only the exact roles and permissions they require, you shrink the attack surface and make it harder for an attacker to move laterally if a credential is compromised. Practical approaches include role-based access control, narrowly scoped policies, and just-in-time elevation so permissions aren’t granted longer than necessary. This makes abuse easier to detect, contain, and audit, while preserving legitimate functionality. Wide open access exposes everything to everyone, increasing exposure; sharing admin credentials eliminates accountability and makes revocation failures dangerous; and reusing passwords breeds credential theft and common reuse exploits. The least-privilege approach directly minimizes risk while maintaining operational capabilities.