Datadog, Inc., the monitoring and security platform for cloud applications, today announced the 2025 version of its State of Cloud Security report. In it, Datadog found that newer strategies—such as data perimeters and centrally managed multi-account environments—are growing in popularity.
Datadog’s report analyzes security posture data from a sample of thousands of organizations that use AWS, Azure or Google Cloud. In its research, Datadog found that 40% of organizations are using data perimeters—a high number considering that implementing data perimeters is an advanced practice. The most popular way to implement data perimeters was through S3 bucket and VPC endpoint policies.
Another strategy teams are employing to reduce security risk is multi-account environments. Enforcing minimal privileges in a single AWS account is challenging, which is why centrally managing multiple accounts through AWS Organizations has become a security best practice. This approach enables teams to enforce security invariants across all AWS accounts with organization-level guardrails. Datadog found that adoption of AWS Organizations is widespread—86% of companies have AWS accounts using AWS Organizations, with more than two in three (70%) having all their AWS accounts part of an AWS organization.
Part of the reason teams are implementing new security strategies is that credential theft remains a major attack vector, a problem that is exacerbated by long-lived credentials that never expire and frequently get leaked in source code, container images, build logs and applications artifacts. This year, 59% of AWS IAM users, 55% of Google Cloud service accounts and 40% of Microsoft Entra ID applications had an access key older than one year.
“Identity has become the new perimeter for cloud environments,” said Emilio Escobar, CISO at Datadog. “Credentials continue to be a common attack vector and we are not seeing marked improvement in organizations’ ability to regulate long-lived credentials. Given this, using data perimeters to restrict certain cloud API calls so they only succeed if they come from approved networks or trusted accounts is quickly becoming a best practice.”
“In India, phishing and credential misuse continue to account for a large share of reported cyber incidents,” said Anupam Kumar Jha, Technical Solutions Engineering Manager – India, Datadog. “Just earlier this year, CERT-In flagged a steep rise in phishing campaigns targeting both consumers and enterprises during peak digital activity, such as tax filing and festive sales. Long-lived credentials are becoming a ticking time bomb for organizations, opening doors to lateral attacks and data leakage. Security teams can no longer rely on reactive approaches, they need proactive, identity-aware guardrails that limit access only to trusted networks and accounts. By embracing strategies like shortening credential lifecycles and implementing data perimeters, Indian enterprises can build resilience and protect customer trust in an environment where every click carries risk.”
