The head of security advocacy at Datadog, a cloud-based monitoring and analytics platform, has urged enterprises in Australia and the APAC region to accelerate phasing out long-lived credentials for popular hyperscale cloud services, warning that they remain a serious data breach risk. Speaking with TechRepublic, Andrew Krug highlighted findings from Datadog’s State of Cloud Security 2024 report, which identified long-lived credentials as a persistent security risk factor. While credential management practices are improving, Krug noted they are not advancing as quickly or effectively as needed to mitigate risks. Long-lived credentials are still a big threat to cloud security The report revealed that nearly half (46%) of organisations using AWS rely on IAM users for human access to cloud environments — a practice Datadog called a form of long-lived credential. This was true even for organisations using centralised identity management to grant access across multiple systems. Moreover, nearly one in four relied solely on IAM users without implementing centralised federated authentication. According to Datadog, this highlights a persistent issue: while centralised identity management is becoming more …