Datadog Inc., the leading monitoring and security platform for cloud applications, has released its 2025 State of Cloud Security Report, revealing a decisive shift in how enterprises are protecting data in the cloud. The report shows that 40% of organizations have adopted data perimeters — a rapidly emerging security framework — while credential theft continues to top the list of cloud attack vectors.
Cloud Security Enters a New Phase
The report, based on aggregated telemetry from thousands of companies using AWS, Azure, and Google Cloud, highlights how identity has become the new perimeter for enterprise cloud environments. As multi-cloud architectures grow in scale, enforcing consistent access controls and data boundaries has become more difficult — driving organizations toward automated, centralized governance models.
Datadog found that 86% of companies now manage their AWS environments through AWS Organizations, a best-practice model that enables centralized policy enforcement. Nearly 70% of these organizations have fully migrated to multi-account setups, allowing stricter separation of workloads and privileges.
Meanwhile, 40% of enterprises have implemented data perimeter policies — particularly on Amazon S3 and VPC endpoints — to ensure that data access is restricted only to approved networks or trusted accounts. This marks a notable increase compared to just 25% adoption in 2023, signaling rapid maturity in cloud data protection practices.
Credential Theft Remains the Silent Breach Vector
Despite stronger controls, long-lived credentials remain a serious weakness. The report found that 59% of AWS IAM users, 55% of Google Cloud service accounts, and 40% of Microsoft Entra ID applications had access keys older than a year — a major security gap that attackers continue to exploit.
“Credentials continue to be a common attack vector, and we’re not seeing meaningful improvement in organizations’ ability to manage or rotate them,” said Emilio Escobar, CISO at Datadog. He noted that data perimeters now serve as a compensating control, ensuring that even if credentials are compromised, malicious requests from unauthorized networks are automatically denied.
In India, phishing and credential misuse remain among the most reported cybersecurity incidents. Anupam Kumar Jha, Technical Solutions Engineering Manager at Datadog India, warned that long-lived credentials are “becoming a ticking time bomb,” particularly as digital activity spikes during tax seasons and festive sales.
The Rise of Proactive Identity-Aware Defenses
Organizations are now adopting identity-aware guardrails that restrict data movement based on context rather than static policies. This includes continuous authentication, context-based access control, and automated credential expiry systems. The report underscores that traditional perimeter-based defense is no longer effective in cloud environments where workloads and users span multiple geographies and providers.
Datadog also notes that data governance and visibility are now central to compliance, with regulatory mandates increasingly requiring proof of identity-linked data flows. Enterprises are responding by shortening credential lifecycles and integrating real-time monitoring into their DevOps pipelines.
The Bigger Picture: Cloud Security Beyond Compliance
While companies have made progress, Datadog’s findings suggest that many remain reactive rather than predictive. Identity security incidents often go undetected until lateral movement occurs, magnifying impact. Experts stress that threat modeling, least-privilege enforcement, and automated credential rotation are key to building resilience.
With cyber threats becoming faster and more adaptive, Datadog’s 2025 report signals that enterprises must treat identity management and data perimeters not as optional add-ons, but as core layers of defense in a cloud-first world.
