Logo

46% of organisations are using unmanaged users with long-lived credentials

Datadog has published its new report, the State of Cloud Security 2024. The report found that long-lived credentials continue to be a major risk for organizations across all cloud providers.

  • Monday, 28th October 2024 Posted 1 year ago in Tech & Trends by Phil Alsop

Long-lived cloud credentials never expire and frequently get leaked in source code, container images, build logs and application artifacts, making them a major security risk. Research has shown that they are the most common cause of publicly documented cloud security breaches. While the risks are well documented, Datadog’s report found that almost half (46%) of organizations are still using unmanaged users with long-lived credentials.

According to the report, not only are long-lived credentials widespread across all major clouds, they are also often old and even unused. 62% of Google Cloud service accounts, 60% of AWS IAM users and 46% of Microsoft Entra ID applications have an access key older than one year.

“The findings from the State of Cloud Security 2024 suggest it is unrealistic to expect that long-lived credentials can be securely managed,” said Andrew Krug, Head of Security Advocacy at Datadog. “In addition to long-lived credentials being a major risk, the report found that most cloud security incidents are caused by compromised credentials. To protect themselves, companies need to secure identities with modern authentication mechanisms, leverage short-lived credentials and actively monitor changes to APIs that attackers commonly use.”

Other key findings from the report include:

● Adoption of cloud guardrails is on the rise—79% of S3 buckets are covered by an account-wide or bucket-specific S3 Public Access Block, up from 73% a year ago—thanks to cloud providers starting to enable guardrails by default.

● More than 18% of AWS EC2 instances and 33% of Google Cloud VMs have sensitive permissions to a project. This puts organizations at risk as any attacker compromising the workload is able to steal associated credentials and access the cloud environment.

● 10% of third-party integrations have risky cloud permissions, allowing the vendor to access all data in the account or to take over the whole AWS account. 2% percent of third-party integration roles don't enforce the use of External IDs, which allows an attacker to compromise them through a "confused deputy" attack.

A third of European organisations don't know if they've been hit by an AI-powered cyberattack

Posted 4 minutes ago by Phil Alsop
A third (35%) of European organisations cannot say whether they have been hit by an AI-powered cyberattack, according to the latest AI Pulse Poll...

Why millions in annual cloud waste is stalling European AI ambitions

Posted 2 days ago by Phil Alsop
Nearly half of European organisations spend up to €5 million a year on cloud – yet a quarter of capacity sits idle.

AI-Driven attacks reshape the MSP threat landscape

Posted 4 days ago by Phil Alsop
New research shows session hijacking surging 23%, ransomware up 190%, and non-human identities outnumbering users 25:1 as AI accelerates attacks...

70% of Enterprise AI is Uncontrolled, Driving Hidden Risk, Cost and Slower ROI

Posted 4 days ago by Phil Alsop
Lenovo research highlights a growing AI execution gap as organizations struggle to control and operate AI across their environments.

AvePoint announces platform updates focused on AI data security and governance

Posted 6 days ago by Sophie Milburn
AvePoint has introduced updates to its Confidence Platform, with a focus on AI data protection, multicloud resilience, and governance capabilities.

inforcer launches Copilot Manager for AI service enablement for MSPs

Posted 6 days ago by Sophie Milburn
inforcer introduces Copilot Manager to support MSPs in delivering AI services, including features related to monitoring and managing Shadow AI usage.

Guardz 2026 State of MSP Threat Report: AI and cybersecurity landscape

Posted 6 days ago by Sophie Milburn
Guardz outlines how AI is influencing cybersecurity, with the report highlighting identity-related issues and vulnerabilities affecting MSPs, based...

Kaseya launches Agentic IT management platform

Posted 6 days ago by Sophie Milburn
Kaseya has introduced an autonomous IT management system that uses AI and unified data to support IT operations and security management.

© 2026 - Angel Business Communications Limited

Made with by Angels