Cloud Security, Identity

Report highlights persistent credential management flaw

(Adobe Stock)

A new report from Datadog reveals that organizations in Australia and New Zealand are adopting more advanced cloud security strategies, yet remain highly vulnerable to identity-based attacks due to an over-reliance on long-lived access credentials, according to Security Brief Australia.

The 2025 State of Cloud Security report found that a majority of cloud identities have active keys older than one year, including 59% of AWS IAM users and 55% of Google Cloud service accounts, creating a significant attack surface. According to Datadog's ANZ regional vice president Roz Gregory, "identity-based attacks are one of the most common methods of cyberattack" in the region, with long-lived credentials often being the weak point.

The data shows a concerning upward trend in access keys older than three years, which are frequently unused but still pose a risk. On a positive note, the report indicates a shift towards modern practices, with 40% of organizations now implementing data perimeters for protection, and widespread adoption of centrally managed multi-account structures to enforce standardized security policies.

Experts emphasize that moving beyond simple credential rotation to enforce stricter access controls, remove unused roles, and apply the principle of least privilege is essential for mitigating these persistent threats.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds