The state of cloud security in 2024 (plus: fake customer support phishing schemes, unique cybersecurity initiatives, & more)

Miriam Saslove | Last updated on November 8, 2024 | 2 minute read

Datadog recently published its 2024 State of Cloud Security report, in which it analyzed security posture data from thousands of organizations that use AWS, Azure, or Google Cloud.

Key takeaways:

  • Long-lived cloud credentials pose a major security risk to companies, as they never expire and frequently get leaked in source code, container images, build logs, and application artifacts.
  • Research shows that most publicly documented cloud incidents are caused by compromised cloud credentials, both from humans (i.e., passwords) and applications.
  • Assigning overprivileged permissions to cloud environments can create substantial risks, as any attacker who compromises the workload—for instance, by exploiting an application-level vulnerability—can steal the associated credentials and access the cloud environment.

What’s the lesson here?

While cloud environments are becoming more secure thanks to greater awareness of threats and vulnerabilities among individuals, as well as better enforcement of cloud security protocols among organizations, there are still risks to be aware of—especially as attackers adapt their techniques. What’s your 2025 data security strategy? Start here.

What other topics are trending?

The Soapbox: Online conversations you don’t want to miss

Featuring insights from our Co-Founder & CTO, James Ciesielski.

What cool cybersecurity awareness initiatives has your company done?

My take? We take cybersecurity very seriously at Rewind, but we also like to have fun! For Cybersecurity Awareness Month in October, our Trust team held cybersecurity challenges to build awareness all month long. A highlight was the “phish your coworkers” challenge, which gamified our vigilance against the most common causes of security breaches. This encouraged discussions about the importance of being agile when it comes to data protection and disaster recovery planning.

Join the conversation on Reddit.

Schneider Electric was breached by HellCat Ransomware claiming access to their Atlassian Jira system

My take? It was only a matter of time before someone hacked a company’s Jira system. This just goes to show the importance of a robust data security strategy that considers all of your organization’s business-critical SaaS data. Maybe Schneider Electric could have avoided this data disaster by implementing a third-party backup and recovery solution to protect its assets and those of customers. 

Join the conversation on X.

Subscribe to Retro for more!

Like what you read? Subscribe to Retro so you don’t miss any of our industry’s top stories and conversations.


Profile picture of <a class=Miriam Saslove">
Miriam Saslove
Miriam Saslove is a chronically online storyteller based in Montreal. She loves books, concerts, coffee, and helping brands foster engagement and awareness through impactful multi-channel content. Also puns.