Security experts have revealed that many businesses protect their cloud applications with old passwords that have not been changed in a year or more. They also note that old accounts that are still active but unused pose a serious security risk.
In its State of Cloud Security 2024 report, Datadog found that despite frequent emphasis that businesses need to renew their passwords, 62% of Google Cloud service accounts, 60% of AWS IAM accounts, and 46% of Microsoft Entra ID applications have access keys that are more than one year old. did. Additionally, on average, nearly half (46%) of businesses have unused accounts with similar credentials.
“The findings of the State of Cloud Security 2024 show that it is unrealistic to expect long-lived credentials to be managed securely,” said Andrew Krug, Head of Security Advocacy at Datadog. “Not only are long-lived credentials a major risk, but the report also shows that cloud security incidents found that most of them were due to compromised credentials. “To protect themselves, companies need to secure identities with modern authentication mechanisms, leverage ephemeral credentials, and actively monitor changes to APIs commonly used by attackers.”
Krug says long-lived cloud credentials that never expire are often leaked via source code, container images, build logs, and application artifacts. These methods allow attackers to access company assets more easily. This problem can be solved relatively easily by moving toward biometric authentication, zero trust architecture, and updating logging and monitoring tools and mechanisms, Krug said.
62546
