Unmanaged Cloud Credentials Pose Risk to Half of Orgs

Almost half of organizations have users with "long-lived" credentials in cloud services, making them more likely to be victimized in a data breach.

Long-lived credentials are authentication tokens or keys in the cloud that remain for a long period of time — sometimes valid and sometimes not — ultimately causing major data breaches where attackers have a lengthy open window to compromise credentials.

In Datadog's 2024 "State of Cloud Security" report, the researchers found that long-lived credentials are a widespread issue across all major cloud services, including Google Cloud, Amazon Web Services (AWS), and Microsoft Entra. Not just that, but many of these are even unused, and often are leaked in source code, where they can open access to images and build logs and application artifacts, never expiring and becoming major security risks. 62% of Google Cloud service accounts, 60% of AWS IAM users, and 46% of Microsoft Entra ID applications have an access key older than one year, the researchers found.

Ultimately, organizations struggle to manage these types of credentials, especially at scale, so the researchers at Datadog recommend that long-lived credentials be avoided altogether in order to mitigate this issue. 

"The findings from the State of Cloud Security 2024 suggest it is unrealistic to expect that long-lived credentials can be securely managed," said Andrew Krug, head of security advocacy at Datadog. "To protect themselves, companies need to secure identities with modern authentication mechanisms, leverage short-lived credentials and actively monitor changes to APIs that attackers commonly use."