The latest edition of Datadog’s State of Cloud Security report shows that organizations are increasingly adopting advanced security strategies to better protect their cloud infrastructures. Key trends include the use of data perimeters and centrally managed multi-account environments.
Data perimeters as an advanced security measure
Although considered a complex approach, more than one-third of surveyed companies have already implemented data perimeters. These measures typically involve policies at the level of S3 buckets and VPC endpoints, allowing organizations to control access to sensitive data in a targeted manner. This separation helps minimize potential attack vectors and clearly delineates critical data.
Multi-account management becomes standard
Alongside data perimeters, managing multiple cloud accounts is gaining traction. Centralized management via platforms such as AWS Organizations allows companies to enforce security policies consistently and apply the principle of least privilege efficiently. Datadog reports that 86% of organizations use multi-account structures within an AWS Organization, with 70% of all accounts fully integrated under centralized management.
Credential theft remains the top risk
A major driver for adopting these advanced strategies is the ongoing threat posed by credential theft. Many keys, service accounts, and IAM user accounts rely on long-lived credentials that are frequently exposed in source code, container images, or build logs. According to the report, 59% of AWS IAM users, 55% of Google Cloud service accounts, and 40% of Microsoft Entra ID applications had credentials older than one year.
Emilio Escobar, CISO at Datadog, emphasizes: “Every identity—human or machine—represents a potential entry point to sensitive data. Strong access controls and continuous verification aren’t just security features—they are essential for protecting digital assets in today’s borderless cloud environment.”
Conclusion
The report highlights a clear trend: traditional security concepts alone are no longer sufficient in cloud environments. Practices such as data perimeters and centrally managed multi-account structures are increasingly becoming the standard to prevent data loss, unauthorized access, and credential theft.
The full State of Cloud Security 2025 report from Datadog provides detailed insights into current security practices, risks, and trends across cloud infrastructures.
