Cloud security advances as ageing credentials put firms at risk

Organisations across Australia and New Zealand are shifting towards advanced cloud security measures amid ongoing risks from credential theft, according to new data from Datadog's 2025 State of Cloud Security report.

Credential risks

The report highlights that identity-based attacks remain a frequent method of cyberattack within the region. Long-lived credentials are a particular concern. Datadog found that 59 per cent of AWS identity and access management users, 55 per cent of Google Cloud service accounts, and 40 per cent of Microsoft Entra ID applications have active access keys older than one year. This reliance on long-standing credentials can leave organisations vulnerable to unauthorised access.

Emilio Escobar, Chief Information Security Officer at Datadog, said,

"Every identity - human or machine - represents a potential entry point to our critical data. Strong access controls and continuous verification aren't just security features; they're foundational to protecting our assets in today's borderless environment."

Cloud security practices

The research indicates a shift towards modern security approaches, with 40 per cent of organisations now using data perimeters-considered an advanced measure for protecting cloud environments. The report identifies the most common method for implementing data perimeters as the use of S3 bucket and VPC endpoint policies. These settings help control access to sensitive data and establish boundaries within cloud services.

Additionally, multi-account cloud environments are becoming commonplace. The adoption of centrally managed account structures, such as AWS Organisations, is high. Datadog found 86 per cent of companies use multi-account setups within an AWS Organisation, and 70 per cent include all of their accounts within such frameworks. This approach allows standardised security controls and policies to be applied more effectively across multiple accounts.

Access limitations

The tendency for organisations to accumulate access keys that remain active well beyond their intended period can create significant exposure. The report notes an upward trend in the percentage of access keys older than three years in cloud environments when compared to 2024. These aging credentials, especially if unused, expand the attack surface for potential exploitation.

Roz Gregory, Regional Vice President for Australia and New Zealand at Datadog, said, "We know identity-based attacks are one of the most common methods of cyberattack in Australia and New Zealand and too often it is long-lived credentials opening the door."

"Teams must move beyond simply shortening credential lifecycles, they must also employ controls that restrict access to trusted networks and accounts. The State of Cloud Security report revealed that many organisations have cloud accounts with active access keys older than one year - and many of these are potentially unused - while every cloud environment has seen an increased percentage in access keys older than three years from 2024. Combined with the potential of overprivileged third-party integrations, these risks further underscore the need for organisations to regularly remove unused roles and enforce minimum privileges. A proactive approach will not only keep organisations ahead of emerging threats, it will limit the threat of identity-based attacks and risk of third-party exposure," said Gregory.