However, organizations are becoming more dependent on cloud infrastructure and as a result, effective identity management becomes even more critical. But those same clues are leaving half (46%) of organizations with unmanaged and long-lived cloud credentials which represent serious vulnerabilities in their identity management practices.
According to Datadog’s State of Cloud Security 2024 report, these unmanaged credentials leave these data gaps open that give attackers plenty of time to exploit them and gain access to sensitive data and enable resources.
Table of Contents
Your Credentials Could Be Costing You Your Identity
Cloud credentials are credentials with long lifetime, like authentication tokens or access keys, which shall be valid for long time or even forever. That means they are a tempting target for cyber attackers because, so long as they have the passwords, they can leverage them for access to an organisation’s cloud for an extended period of time.
In contrast, long-lived credentials give attackers a longer time frame than short lived credentials. This can result in huge breaches, in that the attacker can capture persistent control over critical resources with the same permissions and privileges as the normal users. This prolonged access can give these malicious actors a way into your environment, move laterally, and, over time, extract or compromise sensitive data.
Identity Management’s Impact of Cloud Computing
Across the three largest cloud platforms mentioned, Datadog’s report finds that nearly every instance of cloud resource has long-lived credentials, namely Google Cloud, Amazon Web Services (AWS), and Microsoft Entra. However, more troublesome, is that a lot of these accounts are not only unmaintained, but many credentials also are outdated and unused.
For example, the report points out that 60 percent of Google Cloud service accounts, 60 percent of AWS Identity and Access Management (IAM) users, and 46 percent of Microsoft Entra ID applications have access keys that are kicking around for over a year. This lacuna in identity management leaves them vulnerable in this obsolescence because these old keys are not properly identified or forgotten in security rounds, so they can be easy redeting targets.
Managing Long Live credentials is a Must
‘Long living’ credentials, while being a great security measure in theory, however, can’t rely on the assumption that they will stay secure by default,’ Andrew Krug, Data Dogs Security Advocates Head, said. Organisations, he suggests, must create and implement comprehensive identity management strategies to alleviate these risks. Krug says this is a huge vulnerability in long lived credentials and many of the cloud security incident start with compromised credentials.
In a drive to strengthen their security posture, Krug recommends companies should adopt modern authentication mechanisms, force the use of short lived credentials whenever possible and track API changes due to its being possible by attackers to gain unauthorised access.
The Datadog report also highlights another critical area of concern related to identity management: Within cloud setups, risky permissions. An example is that 18% of AWS EC2 instances and 33% of Google Cloud VM’s have sensitive permissions accessible within their own projects.
Barrier of Identity Management
Workloads that accept such permissions open up pathways for attackers who compromise these workloads to abuse the permissions and steal cloud credentials giving them further access throughout the environment.
In addition, we found 10 percent of third party integrations have excessive cloud permissions, allowing vendors to gain access to highly sensitive data, or take full control of your accounts, which only emphasizes the ever increasingly importance identity management practices.
The report also identifies another vulnerability in which third party integration roles can access with no external id. About 2 per cent of these roles are at risk of ‘confused deputy’ attacks where higher privileged entities can, on the attackers behalf, execute unauthorised actions.
The identity oversight covered in this specific case can act as a cheat sheet to enable attackers to manipulate permissions and get indirect access to valuable resources in the cloud environment.
Cloud Security for Holistic Identity And Access Management
These findings indicate there is enormous risk of cloud security breaches, but Datadog also points to positive adoption of cloud security guardrails as well. Most of the cloud providers started enabling specific guard rails by default and made overall security posture much better especially for users.
For instance, the report found that 79% of S3 buckets are now protected by Public Access Blocks at either the account wide level or the bucket specific level, up from 73% in 2023. Increasing enforcement from cloud providers means that more organisations are now starting to prioritize cloud security and hack attempts are following suit.
Prevention Is Better Than An Identity And Access Management Breach
With cloud adoption apace, identity management risks need to be addressed by organizations.
Organisations can mitigate many of the risks inherent to long lived unmanaged credentials by proactively implementing shorter lives credentials and using default guardrails that do not provide elevated access rights.
They can help bring the exposure down significantly to avoid the potential breaches and strengthen the cloud environment security as a whole.
Working With identity Management Experts
Are you ready to build your organization’s identity and access management?
Follow us across Europe to join the conversations at Whitehall Media’s events and connect with industry leaders on the most up to date security practices. Go to our website, secure your spot, stay in the loop on upcoming events.
