Datadog’s newly released 2025 State of Cloud Security report highlights a growing trend among organizations: the adoption of data perimeters. As concerns about credential theft escalate, companies are increasingly turning to advanced strategies like data perimeters and centrally managed multi-account environments to bolster their security.
Companies Adopt Data Perimeters Amid Rising Credential Theft
The report analyzes security posture data from thousands of organizations utilizing AWS, Azure, or Google Cloud. A significant 40% of these organizations have already implemented data perimeters, marking it as a widely adopted, albeit advanced, security practice. The most common methods for implementing these perimeters involve S3 bucket and VPC endpoint policies.
Multi-Account Environments for Enhanced Security
Another popular strategy for mitigating security risks is the use of multi-account environments. Managing minimal privileges within a single account can be complex, leading many to adopt centrally managed multi-account environments through AWS Organizations. This approach allows teams to enforce security protocols across all accounts using top-down guardrails. The report indicates that 86% of companies use multi-account setups within an AWS Organization, with 70% having all their accounts integrated into an Organization.
The Persistent Threat of Credential Theft
The implementation of these new security strategies is largely driven by the ongoing threat of credential theft. This issue is often compounded by long-lived credentials that never expire, which are frequently exposed in source code, container images, build logs, and application artifacts. Alarmingly, 59% of AWS IAM users, 55% of Google Cloud service accounts, and 40% of Microsoft Entra ID applications have access keys that are over a year old.
Expert Insights on Data Protection
“Every identity—human or machine—represents a potential entry point to our critical data,” stated Emilio Escobar, CISO at Datadog. “Strong access controls and continuous verification aren’t just security features; they’re foundational to protecting our assets in today’s borderless environment.”
Key Findings from the Report
The 2025 State of Cloud Security report reveals several critical insights about the current state of cloud security across major platforms. Organizations are facing unprecedented challenges in managing access credentials, with a substantial portion of credentials remaining active for extended periods without rotation. This practice significantly increases the risk of unauthorized access and data breaches.
Data perimeters have emerged as a powerful defense mechanism, creating logical boundaries around sensitive data to prevent unauthorized access even when credentials are compromised. By implementing policies at the S3 bucket and VPC endpoint levels, organizations can enforce strict controls on who can access data and from where, adding an essential layer of defense-in-depth.
Access the Complete Report
For a deeper dive into the findings, the complete Datadog 2025 State of Cloud Security report is available here. Additional information on how Datadog aids companies in securing their cloud environments can be found at Datadog Cloud Security.
