Not every cloud service is highly sensitive or poses a vulnerability and many enterprises do not want to abandon their current user stores (most likely an MS active directory). But to properly manage our corporate identities and their access rights we have to keep everything centralized.
From a governance standpoint we want to ensure efficient use of IT budget. So we’d like to be able to provision and de-provision cloud subscriptions and users based on our central user store. We need to prevent running any unwanted security risks. Think of deletion or suspension of all account access when an employee leaves the company, proper Role Based Access Control (RBAC), a uniform password policy, etc.. Also, we need the means to report on the effectiveness of our governance measures.
A mature cloud supplier should offer a way to implement a federated identity. There is more than one standard however, which means that in most cases a third party solution should be considered to manage identities and access. The CCoE will support with requirements, designs and acquisition of an IAM solution. Standards and guidelines around IAM are considered to be part of the Enterprise Architecture.
If your organization is lacking in IAM maturity you should preferably fix that first. On the other hand, it’s not that difficult to find a simple but sufficient IAM application to hold you over until all the other IAM issues are sorted out. The message is, better to have something than nothing. Cloud adoption will move fast, fixing your IAM process issues will not.