Are Long-Lived Credentials the New Achilles’ Heel for Cloud Security?

Are Long-Lived Credentials the New Achilles’ Heel for Cloud Security?

2 minutes, 23 seconds Read

The head of security advocacy at Datadog, a cloud-based tracking and analytics platform, has advised business in Australia and the APAC area to speedup phasing out long-lived qualifications for popular hyperscale cloud services, caution that they stay a major information breach threat.

Speaking with TechRepublic, Andrew Krug highlighted findings from Datadog’s State of Cloud Security 2024 report, which recognized long-lived qualifications as a relentless security danger element. While credential management practices are enhancing, Krug keptinmind they are not advancing as rapidly or successfully as required to alleviate threats.

Long-lived qualifications are still a huge danger to cloud security

The report exposed that almost half (46%) of organisations utilizing AWS rely on IAM users for human gainaccessto to cloud environments — a practice Datadog called a kind of long-lived credential. This was real even for organisations utilizing centralised identity management to grant gainaccessto throughout numerous systems.

Moreover, almost one in 4 relied exclusively on IAM users without carryingout centralised federated authentication. According to Datadog, this highlights a consistent problem: while centralised identity management is endingupbeing more typical, unmanaged users with long-lived qualifications continue to posture a considerable security danger.

Nearly half of organisations using AWS are still using long-lived credentials.
Nearly half of organisations utilizing AWS are still utilizing long-lived qualifications. Source: Datadog

The occurrence of long-lived qualifications covers all significant cloud serviceproviders and typically consistsof out-of-date or unused gainaccessto secrets. The report discovered that 62% of Google Cloud service accounts, 60% of AWS IAM users, and 46% of Microsoft Entra ID applications had gainaccessto secrets that were more than a year old.

Long-lived qualifications come with a substantial threat of information breaches

Long-lived cloud qualifications neverever end and often get dripped in source code, container images, construct logs, and application artifacts, according to Datadog. Past researchstudy carriedout by the business hasactually revealed they are the most typical cause of openly recorded cloud security breaches.

SEE: The leading 5 cybersecurity patterns for 2025

Krug stated there is fullygrown tooling in the market to makesure tricks do not end up in production environments, such as fixed code analysis. Datadog’s report likewise keepsinmind the increase of IMDSv2 enforcement in AWS EC2 circumstances, an crucial security system to block credential theft.

There are less long-lived qualifications, however modification is too sluggish

There haveactually been moves to alleviate the issue, such as AWS introducing IAM Identity Centre, enabling organisations to centrally handle gainaccessto to AWS applications. While business are in the procedure of altering to the service, Krug stated, “I simply wear’t understand that everybody thinksabout this their greatest toppriority.”

“It absolutely oughtto be, duetothefactthat if we appearance at the last 10 years of information breaches, the main style is that long-lived gainaccessto secret sets were the root cause of those information breaches integrated with excessively liberal gainaccessto,” he described. “If we getridof one side of that, we truly considerably lower the danger for the company.”

The long-lived qualifications issue isn’t unique to APAC — it’s a worldwide problem

Read More.

Similar Posts