Andrew Krug emphasizes that long-lived credentials remain a significant risk to cloud security, highlighting that 46% of AWS users rely on IAM users as human access to their environments.
Krug points out that while organizations are increasingly adopting centralized identity management, the continued use of unmanaged long-lived credentials represents a serious oversight in their security practices.
The findings show that 62% of Google Cloud service accounts and 60% of AWS IAM users retain access keys older than a year, illustrating the dangerous longevity of these credentials.
Datadog identifies long-lived credentials as a major factor in security breaches, noting their frequent leakage in various technical artifacts, including source code and application logs.
Collection
[
|
...
]