Key learnings from the State of Cloud Security study

The State of Cloud Security study analyzed the security posture of thousands of organizations using AWS, Azure, and Google Cloud. Key findings include long-lived cloud credentials exposing cloud identities, inconsistent enforcement of multi-factor authentication (MFA), insufficient adoption of IMDSv2 in AWS, varying use of public access blocks on storage buckets across platforms, and non-administrator permissions allowing access to sensitive data or privilege escalation. Recommendations include minimizing long-lived cloud credentials, enforcing MFA for cloud users, using IMDSv2 on Amazon EC2 instances, blocking public access proactively on cloud storage services, limiting privileges assigned to cloud workloads, and limiting network exposure of cloud workloads. Datadog Cloud Security Management (CSM) can help organizations improve their security posture by identifying long-lived cloud credentials, tracking down stale cloud credentials, enforcing MFA for cloud users, using IMDSv2 on Amazon EC2 instances, finding overprivileged roles, and finding publicly exposed workloads.