October 21, 2024 at 05:23PM
Nearly half of organizations have long-lived credentials in cloud services, increasing risks of data breaches. Datadog’s 2024 report indicates many credentials are outdated or unused, often leaking in source code. To enhance security, experts recommend avoiding long-lived credentials and adopting short-lived ones along with modern authentication methods.
### Meeting Takeaways:
1. **Prevalence of Long-Lived Credentials**:
– Nearly 50% of organizations utilize long-lived credentials in cloud services, increasing their risk of data breaches.
2. **Definition of Long-Lived Credentials**:
– These are authentication tokens or keys that remain valid for extended periods, often leading to security vulnerabilities as attackers may exploit them during their active lifespan.
3. **Findings from Datadog’s 2024 Report**:
– Long-lived credentials are a common issue across major cloud providers:
– 62% of Google Cloud service accounts
– 60% of AWS IAM users
– 46% of Microsoft Entra ID applications
– A significant number of these credentials are unused or leaked in source code, posing substantial security risks.
4. **Challenges in Credential Management**:
– Organizations face difficulties managing long-lived credentials at scale, indicating a need for improved strategies in credential security.
5. **Recommendations**:
– The researchers advise organizations to avoid using long-lived credentials altogether.
– They recommend adopting modern authentication methods, using short-lived credentials, and actively monitoring API changes that could be exploited by attackers.
6. **Expert Insight**:
– Andrew Krug from Datadog emphasizes that expecting secure management of long-lived credentials is unrealistic, underscoring the necessity for companies to enhance their identity protection strategies.
### Action Items:
– Review current credential management strategies to identify long-lived credentials.
– Implement short-lived credential solutions and modern authentication mechanisms.
– Enhance monitoring tools for API changes and usage.