Unmanaged Cloud Credentials Pose Risk to Half of Orgs

  /     /     /  
Publicated : 23/11/2024   Category : security


Unmanaged Cloud Credentials Pose Risk to Half of Orgs


These types of long-lived credentials pose a risk for users across all major cloud service providers, and must meet their very timely ends, researchers say.



Almost half of organizations have users with long-lived credentials in cloud services, making them more likely to be victimized in a data breach.
Long-lived credentials are authentication tokens or keys in the cloud that remain for a long period of time — sometimes valid and sometimes not — ultimately causing major data breaches where attackers have a lengthy open window to compromise credentials.
In Datadogs 2024 State of Cloud Security
report, the researchers found that long-lived credentials are a widespread issue across all major cloud services, including
Google Cloud
, Amazon Web Services (AWS), and Microsoft Entra. Not just that, but many of these are even unused, and often are leaked in source code, where they can open access to images and build logs and application artifacts, never expiring and becoming major security risks. 62% of Google Cloud service accounts, 60% of AWS IAM users, and 46% of Microsoft Entra ID applications have an access key older than one year, the researchers found.
Ultimately, organizations struggle to manage these types of credentials, especially at scale, so the researchers at Datadog recommend that long-lived credentials be avoided altogether in order to mitigate this issue. 
The findings from the
State of Cloud Security 2024 
suggest it is unrealistic to expect that long-lived credentials can be securely managed,
said Andrew Krug
, head of security advocacy at Datadog. To protect themselves, companies need to secure identities with modern authentication mechanisms, leverage short-lived credentials and actively monitor changes to APIs that attackers commonly use.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Unmanaged Cloud Credentials Pose Risk to Half of Orgs