{"id":5866,"date":"2024-10-21T16:03:09","date_gmt":"2024-10-21T21:03:09","guid":{"rendered":"https:\/\/www.darkreading.com\/cloud-security\/unmanaged-cloud-credentials-risk-half-orgs"},"modified":"2024-10-21T16:03:09","modified_gmt":"2024-10-21T21:03:09","slug":"unmanaged-cloud-credentials-pose-risk-to-half-of-orgs","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/10\/21\/unmanaged-cloud-credentials-pose-risk-to-half-of-orgs\/","title":{"rendered":"Unmanaged Cloud Credentials Pose Risk to Half of Orgs"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt2d6e4175287f80e7\/6716bb9fb8830f08234ec15b\/credentials1800_Artur_Marciniec_alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/unmanaged-cloud-credentials-pose-risk-to-half-of-orgs.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/unmanaged-cloud-credentials-pose-risk-to-half-of-orgs.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Almost half of organizations have users with &#8220;long-lived&#8221; credentials in cloud services, making them more likely to be victimized in a data breach.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Long-lived credentials are authentication tokens or keys in the cloud that remain for a long period of time \u2014 sometimes valid and sometimes not \u2014 ultimately causing major data breaches where attackers have a lengthy open window to compromise credentials.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.datadoghq.com\/state-of-cloud-security\/\" rel=\"noopener\">In Datadog&#8217;s 2024 &#8220;State of Cloud Security&#8221;<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> report, the researchers found that long-lived credentials are a widespread issue across all major cloud services, including <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/threat-intelligence\/targeted-pypi-package-steals-google-cloud-credentials-macos-devs\" rel=\"noopener\">Google Cloud<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, Amazon Web Services (AWS), and Microsoft Entra.&nbsp;Not just that, but many of these are even unused, and often are leaked in source code, where they can open access to images and build logs and application artifacts, never expiring and becoming major security risks.&nbsp;62% of Google Cloud service accounts, 60% of&nbsp;AWS IAM&nbsp;users, and 46% of Microsoft Entra ID applications have an access key older than one year, the researchers found.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Ultimately, organizations struggle to manage these types of credentials, especially at scale, so the researchers at Datadog recommend that long-lived credentials be avoided altogether in order to mitigate this issue.&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;The findings from the <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">State of Cloud Security 2024&nbsp;<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">suggest it is unrealistic to expect that long-lived credentials can be securely managed,&#8221; <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.prnewswire.com\/news-releases\/datadogs-state-of-cloud-security-2024-finds-room-for-improvement-in-the-use-of-long-lived-credentials-across-all-major-clouds-302282005.html#:~:text=The%20report%20found%20that%20long,them%20a%20major%20security%20risk.\" rel=\"noopener\">said&nbsp;Andrew Krug<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, head of security advocacy at Datadog.&nbsp;&#8220;To protect themselves, companies need to secure identities with modern authentication mechanisms, leverage short-lived credentials and actively monitor changes to APIs that attackers commonly use.&#8221;<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/cloud-security\/unmanaged-cloud-credentials-risk-half-orgs\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Almost half of organizations have users with &#8220;long-lived&#8221; credentials in<\/p>\n","protected":false},"author":12,"featured_media":5867,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-5866","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/unmanaged-cloud-credentials-pose-risk-to-half-of-orgs-scaled.jpg?fit=2560%2C1440&ssl=1",2560,1440,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/unmanaged-cloud-credentials-pose-risk-to-half-of-orgs-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/unmanaged-cloud-credentials-pose-risk-to-half-of-orgs-scaled.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/unmanaged-cloud-credentials-pose-risk-to-half-of-orgs-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/unmanaged-cloud-credentials-pose-risk-to-half-of-orgs-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/unmanaged-cloud-credentials-pose-risk-to-half-of-orgs-scaled.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/unmanaged-cloud-credentials-pose-risk-to-half-of-orgs-scaled.jpg?fit=2048%2C1152&ssl=1",2048,1152,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/unmanaged-cloud-credentials-pose-risk-to-half-of-orgs-scaled.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/unmanaged-cloud-credentials-pose-risk-to-half-of-orgs-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/unmanaged-cloud-credentials-pose-risk-to-half-of-orgs-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/unmanaged-cloud-credentials-pose-risk-to-half-of-orgs-scaled.jpg?fit=2560%2C1440&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5866","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5866"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5866\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/5867"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5866"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5866"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5866"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}