Skip to Content

Datadog Details Most Common AWS Security Mistakes

Posted on October 26, 2022 by

Categories: AWS

Tags:

Datadog presented a survey at its Dash 2022 conference that identified improper credential management as the primary security issue businesses face when using the Amazon Web Services (AWS) cloud.

The report also made a note of the complexity of the AWS identity and access management (IAM) service, which may cause organizations to accidentally expose sensitive resources to the public, based on data gathered from more than 600 organizations that rely on the Datadog platform to monitor their AWS cloud computing environments.

Access keys are a static kind of persistent credential. According to the Datadog research, 25% of AWS IAM users have active access keys that are over a year old and haven’t been used in the last 30 days, while 75% of users have keys that are active but older than 90 days.

40% of companies have at least one IAM user accessing the AWS Console without multifactor authentication (MFA) configured, and 40% of users have not used their credentials in the previous 90 days.

According to Andrew Krug, a chief technical evangelist for security at Datadog, managing cloud credentials is difficult since many firms don’t have offboarding procedures to restrict access, for example, when an employee leaves the company. Because businesses don’t rotate access keys, he continued, hackers who get credentials may then readily access cloud environments.

Datadog Web3 DNSSEC OPSWAT web application security

Furthermore, Datadog pointed out that AWS supplies users at the root level by default, giving them unrestricted access to administrative functions. Datadog discovered that 10% of businesses now utilize a root user access key. Some of these keys are as ancient as thirteen years. In the 30 days before the Datadog survey, someone used root user credentials in 25% of the firms. Although Krug highlighted the ideal practice is to use least-privilege access whenever it is practical, there may be an absolute requirement for that degree of access.

Other difficulties raised by Datadog include how companies set up cross-account access using an IAM policy that is resource-based and tied to the resource. According to the study, 18% of companies that utilize the Amazon Simple Queue Service, for instance, have at least one publicly available queue that anybody may use to send or receive messages. More than a third of businesses using AWS S3 has at least one bucket that is publicly accessible.

According to Krug, developing safe IAM policies that offer granular, least-privilege permissions requires less complexity. Simply put, mistakes are too simple to make, he said.

The continuous use of an EC2 Instance Metadata Service (IMDS) service’s initial version, which has known vulnerabilities, is a fourth cloud security concern that is frequently disregarded. AWS has made a more secure version accessible; however, according to Datadog, 93% of EC2 instances do not require using IMDSv2. 95% of EC2 users’ companies have at least one vulnerable instance. According to Krug, the default setup for IMDS should be version 2.

Finally, Datadog discovered that 6% of firms use more than 10 AWS accounts, with at least 41% of organizations using a multi-account approach. To make it simpler to track who has acquired access to a cloud computing environment, Datadog advised centralizing accounts.

Despite these problems, cloud computing systems remain more secure than on-premises IT setups. It’s also apparent that several opportunities exist for mistakes to be committed.