Experts person warned galore businesses are safeguarding their unreality applications pinch passwords that are a twelvemonth old, if not older, and immoderate moreover person unused, ancient accounts that are still active, posing a worrying information risk.
In its State of Cloud Security 2024 report, Datadog notes that though it is often stressed businesses should refresh passwords (roughly erstwhile successful 3 months is thing of an industry-standard these days), it recovered 62% of Google Cloud work accounts, 60% of AWS IAM accounts, and 46% of Microsoft Entra ID applications, person entree keys older than a year.
On average, almost half (46%) of businesses person unmanaged accounts pinch long-lived credentials.
Major risk
“The findings from nan State of Cloud Security 2024 propose it is unrealistic to expect that long-lived credentials tin beryllium securely managed,” said Andrew Krug, Head of Security Advocacy astatine Datadog. “In summation to long-lived credentials being a awesome risk, nan study recovered that astir cloud information incidents are caused by compromised credentials. To protect themselves, companies request to unafraid identities pinch modern authentication mechanisms, leverage short-lived credentials and actively show changes to APIs that attackers commonly use.”
Krug argues long-lived unreality credentials, which ne'er expire, are often leaked pinch root code, instrumentality images, build logs, and exertion artifacts. As such, they assistance dainty actors easy entree to institution assets. The problem could beryllium solved comparatively easy by pivoting towards biometric authentication, zero-trust architecture, and upgrading nan logging and monitoring devices and mechanisms.
Passwords are still nan number 1 authentication method for nan mostly of businesses astir nan world, contempt it being proven arsenic inadequate clip and clip again. These days astir work providers, including nan giants of nan industry, are actively promoting passkeys, biometric authentication, and nan inclusion of multi-factor authentication (MFA) arsenic intends of reinforcing what would different beryllium anemic protection.
More from TechRadar Pro
- The emergence of identity-related cyberattacks: costs, challenges and nan domiciled of AI
- Here's a database of nan best firewalls today
- These are nan best endpoint protection tools correct now