1、research/security/cloud security/aws/google cloud/azure/security research/threat detectionSecurely conguring the potentially thousands of cloud identities,workloads,and other resources neededto support the high pace of modern software development is dicultbut also critical to prevent attackersfrom b

2、reaching these systems,where security gaps too often go unnoticed.For this report,we analyzed security posture data from a sample of thousands of organizations that useAWS,Azure,or Google Cloud.In particular,we focused on understanding how organizations approach andmitigate common risks that frequen

3、tly lead to documented public cloud security incidents.(A detailedmethodology is available in the annex.)Our ndings suggest that,while some elements of strong cloudsecurity posture show signs of improvement,organizations still face signicant challenges.These includemanaging static,long-lived credent

4、ials;securely conguring user roles,access,and privileges within cloudresources;and enforcing best-practice safeguards such as multi-factor authentication(MFA).FACT Long-lived credentials continue to be a riskLong-lived credentialsi.e.,those that are static and do not expireare well-known as a major

5、cause ofcloud security breaches,and they continue to be a widespread issue in cloud environments.These types ofcredentials are widely regarded as insecure,not only because they never expire but also because they caneasily be leaked in source code,container images,or conguration les.Indeed,leaks of l

6、ong-livedcredentials are one of the most common causes for security breaches in the cloud.Despite common knowledge of this attack vector,we identied that organizations still have room to improvein replacing long-lived credentials with more secure solutions that use centralized identity management an