The 2025 State of Cloud Security study reveals significant insights into the security practices of organizations using AWS, Azure, and Google Cloud. Key findings indicate that many companies manage multi-account environments through AWS Organizations but struggle with centralized control over data perimeters. There's a prevalent risk associated with long-lived cloud credentials, and while half of EC2 instances enforce IMDSv2, many older instances do not. The adoption of public access blocks in cloud storage services has stagnated, and organizations continue to operate risky workloads. To enhance security, using an AWS multi-account architecture is recommended. This setup minimizes the impact of security breaches by isolating accounts and implementing Service Control Policies (SCPs) and Resource Control Policies (RCPs). Examples of effective policies include blocking root user access and restricting use of unapproved regions. Datadog Cloud Security can help manage these accounts and provide a centralized view of resources. Implementing data perimeters is another crucial step, which ensures that only trusted identities access resources based on specific network conditions. Long-lived credentials pose a significant threat, as they can lead to data breaches. Organizations should avoid using static credentials and instead adopt alternatives like IAM roles or managed identities. Datadog Cloud Security offers tools to identify and remediate long-lived credentials, flagging overprivileged cloud identities. For AWS users, implementing policies to block the creation of insecure credentials and regularly auditing access keys can further mitigate risks. Adopting IMDSv2 is also emphasized for securing EC2 instances, ensuring that instances communicate with the metadata service securely.