- Report warns long-lived credentials stay a big safety threat
- Outdated entry keys improve vulnerability throughout cloud platforms
- Automated credential administration is essential for cloud safety
As cloud computing adoption continues to rise, organizations more and more depend on platforms akin to Amazon Internet Companies (AWS), Microsoft Azure, and Google Cloud for his or her infrastructure and companies, nonetheless, this implies their safety dangers additionally develop extra advanced.
The latest Datadog State of Cloud Safety 2024 report reveals one significantly regarding subject – the usage of long-lived credentials, which pose vital safety threats throughout all main cloud suppliers.
Regardless of developments in cloud safety instruments and practices, many organizations nonetheless use long-lived credentials, which don’t expire mechanically.
The prevalence of long-lived credentials
Lengthy-lived credentials, significantly these which might be not actively managed, can function a straightforward goal for attackers. If leaked or compromised, they might present unauthorized entry to delicate information or methods. The longer these credentials stay in place with out rotation or monitoring, the better the danger of a safety breach.
Datadog’s report reveals almost half (46%) of organizations nonetheless have unmanaged customers with long-lived credentials. These credentials are significantly problematic as a result of they’re usually embedded in varied property akin to supply code, container photographs, and construct logs. If these credentials usually are not correctly managed, they will simply be leaked or uncovered, offering an entry level for attackers to entry vital methods and information.
Nearly two-thirds 62% of Google Cloud service accounts, 60% of AWS Id and Entry Administration (IAM) customers, and 46% of Microsoft Entra ID functions have entry keys which might be greater than a yr outdated.
In response to those dangers, cloud suppliers have been making strides towards enhancing safety. Datadog’s report notes that the adoption of cloud guardrails is on the rise. These guardrails are automated guidelines or configurations designed to implement safety finest practices and stop human error.
For example, 79% of Amazon S3 buckets now have both account-wide or bucket-specific public entry blocks enabled, up from 73% the earlier yr. Nevertheless, whereas these proactive measures are a step in the precise route, long-lived credentials stay a serious blind spot in cloud safety efforts.
Moreover, the report added there’s a conspicuously excessive variety of cloud sources with overly permissive configurations.
About 18% of AWS EC2 cases and 33% of Google Cloud VMs had been discovered to have delicate permissions that would doubtlessly enable an attacker to compromise the atmosphere. In instances the place a cloud workload is breached, these delicate permissions might be exploited to steal related credentials, enabling attackers to entry the broader cloud atmosphere.
As well as, there may be the danger of third-party integrations, that are frequent in trendy cloud environments. Greater than 10% of third-party integrations examined within the report had been discovered to have dangerous cloud permissions, doubtlessly permitting the seller to entry delicate information or take management of your entire AWS account.
What’s extra, 2% of those third-party roles don’t implement the usage of Exterior IDs, leaving them inclined to a “confused deputy” assault, a situation the place an attacker tips a service into utilizing its privileges to carry out unintended actions.
“The findings from the State of Cloud Safety 2024 counsel it’s unrealistic to anticipate that long-lived credentials might be securely managed,” stated Andrew Krug, Head of Safety Advocacy at Datadog.
“Along with long-lived credentials being a serious threat, the report discovered that almost all cloud safety incidents are brought on by compromised credentials. To guard themselves, corporations must safe identities with trendy authentication mechanisms, leverage short-lived credentials and actively monitor modifications to APIs that attackers generally use,” Krug added.
