Identity and access management (IAM) systems are necessary for authenticating and authorizing access to your environment. However, their mismanagement is one of the leading causes of breaches and insider threats today. Engineering teams must rapidly provision identities and permissions to keep pace with infrastructure growth—consequently, the ratio of non-human or machine identities to every human identity is also increasing at a substantial rate.

We recently released the State of Cloud Security study, where we analyzed the security posture of thousands of organizations using AWS, Azure, and Google Cloud. In particular, we found that: In this post, we provide key recommendations based on these findings, and we explain how you can leverage Datadog Cloud Security Management (CSM) to improve your security posture.

The modern application landscape is rapidly evolving, creating new tools, technologies, and processes that allow organizations to deploy production code faster. But risks to application security have also changed significantly, requiring the security discipline to evolve in order to adapt to new types of attacks.

For customers using Azure Key Vault—which helps them safeguard sensitive keys and secrets used by applications and services hosted on Azure—it can be challenging to determine when the resources in their Key Vault(s) are about to expire. Invalid keys and secrets can disrupt your day-to-day workflows by causing application downtime, holding up incident investigations, invalidating compliance, slowing down the development of new features, and more.

As the internet continues to evolve, cybersecurity threats—particularly Distributed Denial of Service (DDoS) attacks—are an increasingly significant concern for organizations. In this post, we’ll look at how you can use Datadog to collect Google Cloud Armor (GCA) logs and detect and respond to potential DDoS attacks in real-time. But first, we’ll briefly cover what DDoS attacks are and how they work.