Unmanaged Cloud Credentials Pose Risk to Half of Orgs

  /     /     /  
Publicated : 23/11/2024   Category : security

Unmanaged Cloud Credentials Pose Risk to Half of Orgs


These types of long-lived credentials pose a risk for users across all major cloud service providers, and must meet their very timely ends, researchers say.


Almost half of organizations have users with long-lived credentials in cloud services, making them more likely to be victimized in a data breach.
Long-lived credentials are authentication tokens or keys in the cloud that remain for a long period of time — sometimes valid and sometimes not — ultimately causing major data breaches where attackers have a lengthy open window to compromise credentials.
In Datadogs 2024 State of Cloud Security
report, the researchers found that long-lived credentials are a widespread issue across all major cloud services, including
Google Cloud
, Amazon Web Services (AWS), and Microsoft Entra. Not just that, but many of these are even unused, and often are leaked in source code, where they can open access to images and build logs and application artifacts, never expiring and becoming major security risks. 62% of Google Cloud service accounts, 60% of AWS IAM users, and 46% of Microsoft Entra ID applications have an access key older than one year, the researchers found.
Ultimately, organizations struggle to manage these types of credentials, especially at scale, so the researchers at Datadog recommend that long-lived credentials be avoided altogether in order to mitigate this issue. 
The findings from the
State of Cloud Security 2024 
suggest it is unrealistic to expect that long-lived credentials can be securely managed,
said Andrew Krug
, head of security advocacy at Datadog. To protect themselves, companies need to secure identities with modern authentication mechanisms, leverage short-lived credentials and actively monitor changes to APIs that attackers commonly use.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Unmanaged Cloud Credentials Pose Risk to Half of Orgs