IaaS platforms are complex and wrought with a myriad of convoluted security policies. Overprivileged human and machine identities can make unauthorized changes and grant unauthorized administrator privileges; hackers use them to steal data. Fortunately, cloud identity governance (CIG) solutions can detect excessive identity privileges and their unauthorized compute, storage, and network resource access activity and offer and implement remediated IaaS cloud platform security policies. This report shows how to implement CIG solutions to decrease the IaaS cloud threat surface and the costs of cloud data protection.