In a world where data breaches are becoming increasingly common, one silent threat looms large – unmanaged users with long-lived credentials in cloud services. According to Datadog’s State of Cloud Security 2024 report, a staggering 46% of organizations are at high risk of falling victim to these breaches.

But what exactly are long-lived credentials? These are authentication tokens or keys in the cloud that remain valid for extended periods, making them prime targets for attackers. With these credentials in hand, hackers have ample time to compromise sensitive data, and in some cases, gain persistent access with the same privileges as the original owner.

The alarming findings of the report reveal that long-lived credentials are prevalent across all major cloud service providers, including Google Cloud, Amazon Web Services (AWS), and Microsoft Entra. Moreover, many of these credentials are not only old but also unused, with a significant percentage dating back over a year.

Want to learn more about the impact of cloud breaches on organizations? Read now

Andrew Krug, Datadog’s Head of Security Advocacy, stresses the importance of having a proactive strategy in place to mitigate these risks. He highlights the need for modern authentication mechanisms, short-lived credentials, and constant monitoring of API changes that attackers commonly exploit.

Risky Cloud Permissions: A Recipe for Disaster

While long-lived credentials pose a significant threat, the report also uncovers another unsettling reality – risky cloud permissions. Shockingly, 18% of AWS EC2 instances and 33% of Google Cloud VMs have sensitive permissions, leaving organizations vulnerable to severe breaches.

Furthermore, 10% of third-party integrations possess risky cloud permissions, granting vendors access to sensitive data or the entire account. Even more concerning is the revelation that 2% of these integrations do not enforce the use of External IDs, opening the door to sophisticated “confused deputy” attacks.

On a positive note, the report highlights a growing trend in the adoption of cloud guardrails. For instance, 79% of S3 buckets are now covered by account-wide or bucket-specific S3 Public Access Blocks, indicating a step in the right direction towards enhanced security.

As organizations navigate the complex landscape of cloud security, it is crucial to stay vigilant, adapt to evolving threats, and prioritize robust security measures to safeguard sensitive data in an increasingly interconnected world.