Key Findings of the report:
Rightsize user roles to overcome overprovisioned group access;
Stick to the principle of least privilege, and put guardrails around policy exceptions;
Apply analytics, context, and reporting metrics to avoid compliance violations.