Datadog's State of Cloud Security 2024 Finds Room for Improvement in the Use of Long-Lived Credentials Across All Major Clouds
Datadog's State of Cloud Security 2024 report reveals significant security risks associated with long-lived credentials across major cloud providers. Key findings include:
- 46% of organizations use unmanaged users with long-lived credentials
- 62% of Google Cloud service accounts, 60% of AWS IAM users, and 46% of Microsoft Entra ID applications have access keys older than one year
- 79% of S3 buckets are covered by Public Access Block, up from 73% last year
- 18% of AWS EC2 instances and 33% of Google Cloud VMs have sensitive project permissions
- 10% of third-party integrations have risky cloud permissions
The report emphasizes the need for modern authentication mechanisms, short-lived credentials, and active monitoring of APIs to enhance cloud security.
Il rapporto di Datadog Stato della Sicurezza nel Cloud 2024 rivela significativi rischi di sicurezza associati a credenziali di lunga durata presso i principali fornitori di cloud. I risultati chiave includono:
- Il 46% delle organizzazioni utilizza utenti non gestiti con credenziali di lunga durata
- Il 62% degli account di servizio di Google Cloud, il 60% degli utenti di AWS IAM e il 46% delle applicazioni di Microsoft Entra ID hanno chiavi di accesso più vecchie di un anno
- Il 79% dei bucket S3 è coperto dal Blocco Accesso Pubblico, in aumento rispetto al 73% dell'anno scorso
- Il 18% delle istanze AWS EC2 e il 33% delle VM di Google Cloud hanno permessi sensibili per progetti
- Il 10% delle integrazioni di terze parti ha permessi cloud rischiosi
Il rapporto sottolinea la necessità di meccanismi di autenticazione moderni, credenziali di breve durata e monitoraggio attivo delle API per migliorare la sicurezza nel cloud.
El informe de Datadog Estado de la Seguridad en la Nube 2024 revela riesgos de seguridad significativos asociados con credenciales de larga duración en los principales proveedores de nube. Las conclusiones clave incluyen:
- El 46% de las organizaciones utiliza usuarios no gestionados con credenciales de larga duración
- El 62% de las cuentas de servicio de Google Cloud, el 60% de los usuarios de AWS IAM y el 46% de las aplicaciones de Microsoft Entra ID tienen claves de acceso de más de un año
- El 79% de los buckets S3 están protegidos por el Bloqueo de Acceso Público, un aumento desde el 73% del año pasado
- El 18% de las instancias de AWS EC2 y el 33% de las máquinas virtuales de Google Cloud tienen permisos sensibles para proyectos
- El 10% de las integraciones de terceros tienen permisos riesgosos en la nube
El informe enfatiza la necesidad de mecanismos de autenticación modernos, credenciales de corta duración y monitoreo activo de APIs para mejorar la seguridad en la nube.
Datadog의 클라우드 보안 현황 2024 보고서에서는 주요 클라우드 공급자와 관련된 장기 인증 정보의 중대한 보안 위험을 드러냅니다. 주요 결과는 다음과 같습니다:
- 46%의 조직이 장기 인증 정보를 가진 관리되지 않는 사용자를 사용합니다
- 62%의 Google Cloud 서비스 계정, 60%의 AWS IAM 사용자 및 46%의 Microsoft Entra ID 응용 프로그램이 1년 이상 된 액세스 키를 가지고 있습니다
- 79%의 S3 버킷이 공개 액세스 차단으로 보호되며, 이는 작년의 73%에서 증가한 수치입니다
- 18%의 AWS EC2 인스턴스와 33%의 Google Cloud VM이 민감한 프로젝트 권한을 갖고 있습니다
- 10%의 제3자 통합이 위험한 클라우드 권한을 보유하고 있습니다
이 보고서는 클라우드 보안을 강화하기 위해 현대적인 인증 메커니즘, 단기 인증 정보 및 API의 적극적인 모니터링이 필요하다는 점을 강조합니다.
Le rapport de Datadog État de la Sécurité Cloud 2024 révèle des risques de sécurité significatifs associés aux identifiants de longue durée auprès des principaux fournisseurs de cloud. Les résultats clés comprennent :
- 46% des organisations utilisent des utilisateurs non gérés avec des identifiants de longue durée
- 62% des comptes de service Google Cloud, 60% des utilisateurs AWS IAM et 46% des applications Microsoft Entra ID ont des clés d'accès âgées d'un an ou plus
- 79% des buckets S3 sont couverts par le Blocage d'Accès Public, en hausse par rapport à 73% l'année dernière
- 18% des instances AWS EC2 et 33% des machines virtuelles Google Cloud ont des autorisations sensibles pour des projets
- 10% des intégrations tierces ont des permissions cloud risquées
Le rapport souligne la nécessité de mécanismes d'authentification modernes, d'identifiants de courte durée et d'une surveillance active des API pour améliorer la sécurité du cloud.
Der Bericht von Datadog Zustand der Cloud-Sicherheit 2024 zeigt erhebliche Sicherheitsrisiken im Zusammenhang mit langfristigen Anmeldeinformationen bei den großen Cloud-Anbietern auf. Die wichtigsten Ergebnisse umfassen:
- 46% der Organisationen nutzen nicht verwaltete Benutzer mit langfristigen Anmeldeinformationen
- 62% der Google Cloud-Dienstkonten, 60% der AWS IAM-Benutzer und 46% der Microsoft Entra ID-Anwendungen haben Zugriffsschlüssel, die älter als ein Jahr sind
- 79% der S3-Buckets sind durch die öffentliche Zugriffsblockierung geschützt, ein Anstieg von 73% im Vergleich zum letzten Jahr
- 18% der AWS EC2-Instanzen und 33% der Google Cloud-VMs haben sensible Projektberechtigungen
- 10% der Integrationen von Dritten haben riskante Cloud-Berechtigungen
Der Bericht betont die Notwendigkeit moderner Authentifizierungsmechanismen, kurzfristiger Anmeldeinformationen und aktiver Überwachung von APIs, um die Cloud-Sicherheit zu verbessern.
- Adoption of cloud guardrails is increasing, with 79% of S3 buckets now covered by Public Access Block, up from 73% last year
- Datadog's report provides valuable insights for companies to improve their cloud security posture
- 46% of organizations are still using unmanaged users with long-lived credentials, posing a major security risk
- 62% of Google Cloud service accounts, 60% of AWS IAM users, and 46% of Microsoft Entra ID applications have access keys older than one year
- 18% of AWS EC2 instances and 33% of Google Cloud VMs have sensitive permissions to a project, increasing the risk of credential theft
- 10% of third-party integrations have risky cloud permissions, potentially allowing unauthorized access to all data in the account
- 2% of third-party integration roles don't enforce the use of External IDs, making them vulnerable to 'confused deputy' attacks
Insights
The State of Cloud Security 2024 report highlights significant vulnerabilities in cloud security practices, particularly the widespread use of long-lived credentials. This is a critical issue as 46% of organizations are using unmanaged users with these persistent credentials, which pose substantial risks.
The prevalence of outdated credentials is alarming, with 60-62% of service accounts and users across major cloud providers having access keys older than a year. This increases the attack surface for potential breaches. However, there's a positive trend in the adoption of cloud guardrails, with
The report also reveals concerning statistics about excessive permissions:
18% of AWS EC2 instances and33% of Google Cloud VMs have sensitive project-wide permissions10% of third-party integrations have risky cloud permissions2% of third-party integration roles don't enforce External IDs
The Datadog report unveils critical vulnerabilities in cloud security practices that could have significant implications for businesses. The persistent use of long-lived credentials across major cloud providers is particularly concerning, as it increases the risk of credential leakage and subsequent breaches.
What's particularly alarming is the age of these credentials. With 60-62% of access keys being older than a year, organizations are essentially leaving their digital doors unlocked. This practice goes against cybersecurity best practices, which recommend regular rotation of credentials.
The excessive permissions granted to cloud instances and third-party integrations further compound the risk. If compromised, these could lead to large-scale data theft or account takeovers. The
On a positive note, the increased adoption of cloud guardrails, particularly for S3 buckets, shows that some progress is being made. However, organizations need to accelerate their efforts in implementing modern authentication mechanisms and actively monitoring for suspicious API activities to mitigate these risks effectively.
The report found that
Long-lived cloud credentials never expire and frequently get leaked in source code, container images, build logs and application artifacts, making them a major security risk. Research has shown that they are the most common cause of publicly documented cloud security breaches. While the risks are well documented, Datadog's report found that almost half (
According to the report, not only are long-lived credentials widespread across all major clouds, they are also often old and even unused.
"The findings from the State of Cloud Security 2024 suggest it is unrealistic to expect that long-lived credentials can be securely managed," said Andrew Krug, Head of Security Advocacy at Datadog. "In addition to long-lived credentials being a major risk, the report found that most cloud security incidents are caused by compromised credentials. To protect themselves, companies need to secure identities with modern authentication mechanisms, leverage short-lived credentials and actively monitor changes to APIs that attackers commonly use."
Other key findings from the report include:
- Adoption of cloud guardrails is on the rise—
79% of S3 buckets are covered by an account-wide or bucket-specific S3 Public Access Block, up from73% a year ago—thanks to cloud providers starting to enable guardrails by default. - More than
18% of AWS EC2 instances and33% of Google Cloud VMs have sensitive permissions to a project. This puts organizations at risk as any attacker compromising the workload is able to steal associated credentials and access the cloud environment. 10% of third-party integrations have risky cloud permissions, allowing the vendor to access all data in the account or to take over the whole AWS account.2% percent of third-party integration roles don't enforce the use of External IDs, which allows an attacker to compromise them through a "confused deputy" attack.
For the report, Datadog analyzed security posture data from a sample of thousands of organizations using AWS, Azure or Google Cloud.
Datadog's State of Cloud Security 2024 is available now. To dive deeper into the findings, read the blog. Learn more about how Datadog helps companies secure their cloud environments.
About Datadog
Datadog is the observability and security platform for cloud applications. Our SaaS platform integrates and automates infrastructure monitoring, application performance monitoring, log management, user experience monitoring, cloud security and many other capabilities to provide unified, real-time observability and security for our customers' entire technology stack. Datadog is used by organizations of all sizes and across a wide range of industries to enable digital transformation and cloud migration, drive collaboration among development, operations, security and business teams, accelerate time to market for applications, reduce time to problem resolution, secure applications and infrastructure, understand user behavior and track key business metrics.
Forward-Looking Statements
This press release may include certain "forward-looking statements" within the meaning of Section 27A of the Securities Act of 1933, as amended, or the Securities Act, and Section 21E of the Securities Exchange Act of 1934, as amended including statements on the benefits of new products and features. These forward-looking statements reflect our current views about our plans, intentions, expectations, strategies and prospects, which are based on the information currently available to us and on assumptions we have made. Actual results may differ materially from those described in the forward-looking statements and are subject to a variety of assumptions, uncertainties, risks and factors that are beyond our control, including those risks detailed under the caption "Risk Factors" and elsewhere in our Securities and Exchange Commission filings and reports, including the Quarterly Report on Form 10-Q filed with the Securities and Exchange Commission on May 8, 2024, as well as future filings and reports by us. Except as required by law, we undertake no duty or obligation to update any forward-looking statements contained in this release as a result of new information, future events, changes in expectations or otherwise.
Contact
Dan Haggerty
press@datadoghq.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/datadogs-state-of-cloud-security-2024-finds-room-for-improvement-in-the-use-of-long-lived-credentials-across-all-major-clouds-302282005.html
SOURCE Datadog, Inc.
FAQ
What percentage of organizations are using unmanaged users with long-lived credentials according to Datadog's report?
How many S3 buckets are covered by Public Access Block in 2024 compared to the previous year?
What percentage of AWS EC2 instances have sensitive permissions to a project, according to Datadog's report?
What percentage of third-party integrations have risky cloud permissions according to the State of Cloud Security 2024 report?