We strongly advise organizations to make sure, when they really need to use cloud service accounts, that they are rotating the credentials. Rotation is one of the three R's of security. It is far too easy for organizations to forget about these accounts unless an incident occurs. This is leading to accounts with unnecessarily broad permissions remaining in use for long periods alongside a lack of planning for how to replace or rotate them. Regularly applying a cloud service account rotation approach also provides a chance to exercise the principle of least privilege.