Tenable Research Finds Rampant Cloud Misconfigurations Exposing Critical Data and Secrets
Cloud environments face dramatically increased risk due to exposed sensitive data, misconfigurations, underlying vulnerabilities and poorly stored secrets – such as passwords, API keys and credentials. The 2025 Cloud Security Risk Report provides a deep dive into the most prominent cloud security issues impacting data, identity, workload and AI resources and offers practical mitigation strategies to help organizations proactively reduce risk and close critical gaps.
Key Findings From The Report Include:
? Secrets Found in Diverse Cloud Resources, Putting Organizations at Risk: Over half of organizations (54%) store at least one secret directly in Amazon Web Services (AWS) Elastic Container Service (ECS) task definitions — creating a direct attack path. Similar issues were found among organizations using Google Cloud Platform (GCP) Cloud Run (52%) and Microsoft Azure Logic Apps workflows (31%). Alarmingly, 3.5% of all AWS Elastic Compute Cloud (EC2) instances contain secrets in user data — major risk given how widely EC2 is used.
? Cloud Workload Security Is Improving, But Toxic Combinations Persist: While the number of organizations with a 'toxic cloud trilogy' – a workload that is a publicly exposed, critically vulnerable, and highly privileged – has decreased from 38% to 29%, this dangerous combination still represents a significant and common risk.
? Using Identity Providers (IdPs) Alone Doesn't Eliminate Risk: While 83% of AWS organizations are exercising best practices in using IdP services to manage their cloud identities, overly-permissive defaults, excessive entitlements, and standing permissions still expose them to identity-based threats.
'Despite the security incidents we have witnessed over the past few years, organizations continue to leave critical cloud assets, from sensitive data to secrets, exposed through avoidable misconfigurations,' said Ari Eitan, Director of Cloud Security Research, Tenable.
'The path for attackers is often simple: exploit public access, steal embedded secrets or abuse overprivileged identities. To close these gaps, security teams need full visibility across their environments and the ability to prioritize and automate remediation before threats escalate. The cloud demands continuous, proactive risk management, and not reactive patchwork.'
The report reflects findings by the Tenable Cloud Research team based on telemetry from workloads across diverse public cloud and enterprise environments, analyzed from October 2024 through March 2025. To download the report today, please visit:
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Web Release
2 hours ago
- Web Release
Hyra Network Honored as 'Technology Startup of the Year' at the 2025 Globee® Awards
Hyra Network Honored as 'Technology Startup of the Year' at the 2025 Globee® Awards The digital economy has witnessed transformative platforms that fundamentally changed resource sharing: Grab revolutionized transportation, Airbnb transformed hospitality, and Shein disrupted supply chains. Now, a Vietnamese technology company is redefining the next frontier-computational power sharing itself. Hyra Network has been officially named 'Technology Startup of the Year' at the prestigious 2025 Globee® Awards for Technology, marking a watershed moment for decentralized artificial intelligence infrastructure. This recognition validates an ambitious vision that could reshape how the world builds, owns, and benefits from AI technology. (Official winner list available at: The Vision Behind Innovation This breakthrough platform is researched and developed by Hyra Tek JCS (Vietnam) and operated by Hyra Tek Smart Solution L.L.C (UAE). Hyra Network's mission is to democratize computational power by activating billions of idle devices and transforming everyday users into AI infrastructure providers. Hyra Network serves as the flagship platform alongside Hyra AI, creating an unprecedented model where computational resources are shared across distributed networks rather than concentrated in centralized data centers. If ride-sharing optimizes vehicle utilization and home-sharing maximizes property efficiency, then computational sharing unlocks vast processing power lying dormant in smartphones, computers, and IoT devices globally. Global Recognition for Excellence The Globee® Awards represent the technology sector's highest honor, with winners selected by over 100 seasoned professionals including C-suite executives, venture capitalists, and industry analysts. 'This honor transcends our company – it validates the entire movement toward democratized AI infrastructure,' said Mr. Jonh Tran, Founder of Hyra Network. 'We're witnessing global acknowledgment that the future of AI belongs not to centralized monopolies, but to communities that collectively own and benefit these powerful technologies.' The decentralized AI infrastructure and compute resource-sharing model of Hyra Network Pioneering Community-Powered AI At its core, Hyra Tek's innovation centers on Hyra AI, one of the world's first Train-to-Earn platforms. This system allows users to convert personal devices into active AI training nodes, earning rewards while contributing to advanced model development. The Layer-3 blockchain architecture supports high-throughput, low-latency workloads, enabling scalable AI training and inference at the network's edge. The economic model creates a virtuous cycle: participants provide computational resources, earn tangible rewards, and simultaneously advance AI capabilities that benefit the broader ecosystem. Global Impact Today, the Hyra ecosystem spans more than 205 countries, powering a global network of approximately 2.5 million connected devices, including 700,000 active online nodes and over 1 million KYC-verified users. With strong community engagement across Southeast Asia, Latin America, and Africa, Hyra delivers more than 360,000 teraflops of distributed computing power and supports a growing base of enterprise clients – now serving over 10 paying customers. This real-world adoption reaffirms Hyra's core belief: that distributed, permissionless infrastructure can drive meaningful innovation while remaining truly open and accessible to all. As artificial intelligence and DePIN technologies gain momentum, Hyra positions itself at the technological vanguard, architecting the foundation for a more equitable, intelligent, and inclusive AI future.
Middle East Eye
12 hours ago
- Middle East Eye
Francesca Albanese: Tech firms profiting from Israeli 'economy of genocide'
A UN expert has called on corporations to cut ties with Israel and for executives to be held accountable for enabling and profiting from crimes including illegal occupation, apartheid and genocide in the occupied Palestinian territories. UN Special Rapporteur Francesca Albanese's call for action comes in a scathing new report in which she names over 60 companies, including major technology firms like Google, Amazon and Microsoft, alleging their involvement in what she calls "the transformation of Israel's economy of occupation to an economy of genocide". "By shedding light on the political economy of an occupation turned genocidal, the report reveals how the forever-occupation has become the ideal testing ground for arms manufacturers and Big Tech . . . while investors and private and public institutions profit freely," Albanese writes in the report. "Too many influential corporate entities remain inextricably financially bound to Israel's apartheid and militarism." The detailed, 24-page report, which is set to be presented to the UN Human Rights Council on Thursday, identifies dozens of corporate actors, including those involved in the arms, technology, construction and energy sectors, which it says are complicit. UN Special Rapporteur for the occupied Palestinian territories Francesca Albanese speaking in The Hague in February 2025 (Robin Utrecht/AFP)
Middle East Eye
16 hours ago
- Middle East Eye
UN rapporteur says tech firms and corporations profiting from Israeli genocide
A UN expert has called on corporations to cut ties with Israel and for executives to be held accountable for enabling and profiting from crimes including illegal occupation, apartheid and genocide in the occupied Palestinian territories. UN Special Rapporteur Francesca Albanese's call for action comes in a scathing new report in which she names over 60 companies, including major technology firms like Google, Amazon and Microsoft, alleging their involvement in what she calls "the transformation of Israel's economy of occupation to an economy of genocide". "By shedding light on the political economy of an occupation turned genocidal, the report reveals how the forever-occupation has become the ideal testing ground for arms manufacturers and Big Tech . . . while investors and private and public institutions profit freely," Albanese writes in the report. "Too many influential corporate entities remain inextricably financially bound to Israel's apartheid and militarism." The detailed, 24-page report, which is set to be presented to the UN Human Rights Council on Thursday, identifies dozens of corporate actors, including those involved in the arms, technology, construction and energy sectors, which it says are complicit. New MEE newsletter: Jerusalem Dispatch Sign up to get the latest insights and analysis on Israel-Palestine, alongside Turkey Unpacked and other MEE newsletters They range from companies which the report says are destroying Palestinian life, including weapons companies Elbit Systems and Lockheed Martin, to heavy equipment manufacturers whose machinery is used in building illegal Israeli settlements, such as Caterpillar and HD Hyundai. 'Unique testing ground' The report also focuses on the historic and current role of technology companies which it says have profitted from "the unique testing ground" of the occupied territories, highlighting how the repression of Palestinians has "become progressively automated". In October 2023, when Israel's internal military cloud overloaded, Microsoft Azure and the Project Nimbus Consortium, run by Google and Amazon, "stepped in with critical cloud and AI infrastructure", the report says. The report also focuses on AI systems that have been developed by the Israeli military to process and generate targets during the war on Gaza, pointing to the collaboration between Palantir Technology Inc and Israel which predates October 2023. "There are reasonable grounds to believe Palantir has provided automatic predictive policing technology, core defence infrastructure for rapid and scaled-up construction and deployment of military software, and its Artificial Intelligence Platform, which allows real-time battlefield data integration for automated decision making," the report said. Gulf states linked to Israeli businesses on UN settlements blacklist Read More » It said 48 of the companies named have been "duly informed of the facts" that led Albanese to make her allegations, 15 of which responded directly to Albanese's office. Their replies were not published. Middle East Eye is seeking comments from all of the companies named in this article. But these companies are "just the tip of the iceberg", the report says, adding that Albanese's office has developed a database of 1,000 entities in total from submissions received in a call for input into the investigation. The report also finds that since the start of the Israeli assault on Gaza, the Tel Aviv Stock Exchange has risen by 179 percent, adding $157.9bn in market value. Israel's mission in Geneva told Reuters that the report was "legally groundless, defamatory and a flagrant abuse of her office". Albanese calls on UN member states to impose sanctions and full arms embargos on Israel, and suspend all trade agreements and investor relations on any inviduals or entities that endanger Palestinians. She also says the International Criminal Court and national judiciaries should pursue investigations and prosecutions of corporate executives and entities for "their part in the commission of international crimes and laundering of the proceeds from those crimes".
