Poor cloud security leaves secrets & data at risk, report finds
A new report from Tenable Research has detailed the ongoing risks facing organisations due to poor cloud security practices and widespread misconfigurations.
The 2025 Cloud Security Risk Report analyses data from global cloud systems spanning October 2024 to March 2025. It highlights significant vulnerabilities related to data exposure, identity management, cloud workloads, and the use of artificial intelligence resources. The findings indicate that sensitive information and credentials remain at risk due to inconsistent security implementations across major public cloud providers.
Exposure of sensitive data
According to Tenable Research, 9% of publicly accessible cloud storage contains sensitive data, and 97% of this content is classified as restricted or confidential. These circumstances increase the risk of exploitation, particularly when misconfigurations or embedded secrets are also present.
The report notes that cloud environments are subject to significantly heightened risk from exposed data, misconfigured access, and the insecure storage of secrets such as passwords, API keys, and other credentials. These issues are compounded by underlying vulnerabilities and inconsistent security practices across organisations using public cloud providers like Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.
Secrets and workload security
The assessment documented that over half of organisations (54%) store at least one secret directly within AWS Elastic Container Service (ECS) task definitions, creating a direct attack path for threat actors. On GCP Cloud Run, similar patterns were observed, with 52% of organisations found to be storing secrets within resources, and 31% on Microsoft Azure Logic Apps workflows.
Furthermore, 3.5% of all AWS Elastic Compute Cloud (EC2) instances were identified as containing secrets within user data. AWS EC2's broad adoption means this level of exposure represents a substantial risk across the industry.
The report points to some improvement in cloud workload security: the prevalence of the so-called "toxic cloud trilogy"-a situation in which a workload is publicly exposed, critically vulnerable, and endowed with high privilege-has decreased from 38% to 29%. However, Tenable researchers note that this combination continues to represent a significant risk for businesses.
Issues in identity and access management
One significant finding relates to the use of Identity Providers (IdPs). The research indicates that 83% of AWS organisations employ IdP services to manage cloud identities, which is regarded as best practice. Despite this, risks persist due to permissive default settings, excessive entitlements, and lingering standing permissions that give rise to identity-based threats. "Despite the security incidents we have witnessed over the past few years, organizations continue to leave critical cloud assets, from sensitive data to secrets, exposed through avoidable misconfigurations," said Ari Eitan, Director of Cloud Security Research, Tenable.
The report suggests that attackers are often able to find entry points with relative ease, exploiting public access, extracting embedded secrets, or misusing over-privileged identities.
Recommendations and risk management "The path for attackers is often simple: exploit public access, steal embedded secrets or abuse overprivileged identities. To close these gaps, security teams need full visibility across their environments and the ability to prioritize and automate remediation before threats escalate. The cloud demands continuous, proactive risk management, and not reactive patchwork," added Eitan.
Tenable's analysis is based on telemetry collected from a diverse array of public cloud and enterprise environments and provides detailed insight into the cloud security challenges currently faced by businesses. The report offers practical recommendations to help security professionals reduce risks, mitigate vulnerabilities, and address gaps before they can be exploited.
The findings underline the necessity for organisations to adopt unified cloud exposure management, increase visibility across their cloud assets, and take a systematic approach to automation and remediation of security risks, particularly as cloud adoption and reliance on AI-driven resources continue to rise.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
4 days ago
- Techday NZ
BeyondTrust & AWS partner to boost cloud identity security
BeyondTrust has entered into a multi-year strategic collaboration agreement with Amazon Web Services to align efforts on secure cloud adoption and identity security. The agreement sees BeyondTrust and AWS focusing on joint innovation, market expansion and long-term growth by coordinating go-to-market strategies and joint investments. The partnership is intended to help organisations accelerate secure adoption of the cloud, with a particular emphasis on identity security across hybrid environments. Shared objectives The collaboration allows BeyondTrust and AWS to provide customers with more integrated solutions, coordinated field engagement, and a wider global reach. Both companies aim to address the growing need for robust security measures as more businesses transition to cloud-based infrastructure. David Manks, Vice President of Strategic Alliances at BeyondTrust, said: "At BeyondTrust our mission is to deliver exceptional identity-first security within reach of any organisation. As sophisticated attacks increase, our collaboration with AWS delivers the end-to-end visibility and control customers need to stay ahead of these threats. Together, we're empowering organisations to secure both human and non-human identities with the scale and confidence only AWS and BeyondTrust can deliver." BeyondTrust's Pathfinder Platform will enable customers to deploy a set of six core identity security controls tailored for cloud environments. These controls comprise Just-in-Time Access and Least Privilege Enforcement, Secure Remote Access without legacy VPNs, Password Management for privileged accounts, Secrets Management for DevOps credentials in the cloud, Cloud Infrastructure Entitlement Management to address over-permissioned identities, and Identity Threat Detection & Response for real-time threat monitoring and containment. The controls are designed to enhance security posture while supporting operational efficiency. Customer perspectives David Lokke, Senior Systems Administrator at Premier Bankcard, commented on the impact of the integrated solutions, stating: "As part of our move to AWS, we needed a more seamless, secure way to manage access across our cloud environment. BeyondTrust Password Safe integrated easily with our existing BeyondTrust solutions, connecting through Privileged Remote Access directly on AWS. It simplified access management and improved the experience for our vendor partners." This integration is expected to be particularly beneficial for organisations that have distributed workforces or rely on external partners, as it provides a unified approach to identity security across various environments, thus reducing complexity and risk. Security alignment Carol Potts, General Manager, North America ISV Sales at AWS, addressed the shared commitment to security standards, saying: "Security is 'job zero' at AWS, and BeyondTrust is equally committed to upholding rigorous security, compliance, and scalability standards. We are excited to deepen our relationship with BeyondTrust as we continue to innovate for our joint customers and provide them with unparalleled threat protection today—and in the future." The collaboration highlights how both AWS and BeyondTrust intend to support customers as security becomes an ever more significant focus due to increasing cyber threats targeting identity infrastructure. The two companies aim to bring flexibility to organisations across industries, enabling a more secure transition and operation in cloud environments. BeyondTrust and AWS plan to continue coordinating their technological and business efforts to help customers manage identities more effectively, responding to the evolving landscape of cloud security risks. The agreement sets the stage for ongoing product development and customer-focused initiatives grounded in security best practice and operational efficiency. Follow us on: Share on:
Techday NZ
5 days ago
- Techday NZ
Wild Tech hires Andrew Kirk to lead enterprise cloud growth
Wild Tech has appointed Andrew Kirk as Senior Business Development Manager to drive the company's expansion in enterprise-grade managed services and digital transformation partnerships. Kirk brings extensive experience from previous senior roles at Telstra and IBM, and comprehensive familiarity with Amazon, Microsoft and Google Cloud platforms. Wild Tech aims to leverage Kirk's expertise to assist organisations seeking to modernise operations and build robust, cloud-first environments. Dan Whittle, General Manager – Managed Services at Wild Tech, stated, "Andrew's background working with Tier 1 enterprises makes him an exceptional fit for our next phase of growth. He has walked in the shoes of large, complex organisations and knows what it takes to implement scalable, compliant solutions that deliver real outcomes. His insight will be pivotal as we help clients transition from project-based deployments to ongoing service-led transformation." During his tenure at Telstra, Kirk held responsibility for the profit and loss in Cloud Services and led the introduction of Microsoft, Amazon, and Cisco cloud offerings across Australia and the broader APAC region. Early in his career, he was involved in the development of managed desktop services at Advantra, a joint venture between IBM, Lend Lease, and Telstra. More recently, Kirk played a role in establishing Searce's Australian operations, with a focus on Google Cloud and AWS solutions for the retail and mining sectors. In joining Wild Tech, Kirk steps into a role centred on expanding the company's influence across the enterprise and upper mid-market sector, concentrating on government, financial services, and retail. He will facilitate the alignment of long-term managed services with cloud, AI, and data solutions. "The appetite for transformation is strong—but the real challenge is productivity," Kirk said. "Wild Tech gets this. They're not just delivering tech projects, they're embedding long-term capability and service models that evolve with the client and drive the bottom line. That's exactly where I want to be." Kirk's recruitment supports Wild Tech's approach of linking technology delivery with operational excellence through a managed services approach tailored to enterprise requirements. Wild Tech states that its strategy for transformation is rooted in a comprehensive understanding of specific industry demands. The company asserts the importance of listening to clients to remain ahead of evolving requirements, and of taking into account how end-to-end business processes and organisational maturity interact with each technology platform's capability. The company continues to position itself as an Australian-owned and operated entity serving clients across APAC, with a focus on building the next generation of digital operating models through partnerships and established market platforms. Follow us on: Share on:
Techday NZ
19-06-2025
- Techday NZ
Poor cloud security leaves secrets & data at risk, report finds
A new report from Tenable Research has detailed the ongoing risks facing organisations due to poor cloud security practices and widespread misconfigurations. The 2025 Cloud Security Risk Report analyses data from global cloud systems spanning October 2024 to March 2025. It highlights significant vulnerabilities related to data exposure, identity management, cloud workloads, and the use of artificial intelligence resources. The findings indicate that sensitive information and credentials remain at risk due to inconsistent security implementations across major public cloud providers. Exposure of sensitive data According to Tenable Research, 9% of publicly accessible cloud storage contains sensitive data, and 97% of this content is classified as restricted or confidential. These circumstances increase the risk of exploitation, particularly when misconfigurations or embedded secrets are also present. The report notes that cloud environments are subject to significantly heightened risk from exposed data, misconfigured access, and the insecure storage of secrets such as passwords, API keys, and other credentials. These issues are compounded by underlying vulnerabilities and inconsistent security practices across organisations using public cloud providers like Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. Secrets and workload security The assessment documented that over half of organisations (54%) store at least one secret directly within AWS Elastic Container Service (ECS) task definitions, creating a direct attack path for threat actors. On GCP Cloud Run, similar patterns were observed, with 52% of organisations found to be storing secrets within resources, and 31% on Microsoft Azure Logic Apps workflows. Furthermore, 3.5% of all AWS Elastic Compute Cloud (EC2) instances were identified as containing secrets within user data. AWS EC2's broad adoption means this level of exposure represents a substantial risk across the industry. The report points to some improvement in cloud workload security: the prevalence of the so-called "toxic cloud trilogy"-a situation in which a workload is publicly exposed, critically vulnerable, and endowed with high privilege-has decreased from 38% to 29%. However, Tenable researchers note that this combination continues to represent a significant risk for businesses. Issues in identity and access management One significant finding relates to the use of Identity Providers (IdPs). The research indicates that 83% of AWS organisations employ IdP services to manage cloud identities, which is regarded as best practice. Despite this, risks persist due to permissive default settings, excessive entitlements, and lingering standing permissions that give rise to identity-based threats. "Despite the security incidents we have witnessed over the past few years, organizations continue to leave critical cloud assets, from sensitive data to secrets, exposed through avoidable misconfigurations," said Ari Eitan, Director of Cloud Security Research, Tenable. The report suggests that attackers are often able to find entry points with relative ease, exploiting public access, extracting embedded secrets, or misusing over-privileged identities. Recommendations and risk management "The path for attackers is often simple: exploit public access, steal embedded secrets or abuse overprivileged identities. To close these gaps, security teams need full visibility across their environments and the ability to prioritize and automate remediation before threats escalate. The cloud demands continuous, proactive risk management, and not reactive patchwork," added Eitan. Tenable's analysis is based on telemetry collected from a diverse array of public cloud and enterprise environments and provides detailed insight into the cloud security challenges currently faced by businesses. The report offers practical recommendations to help security professionals reduce risks, mitigate vulnerabilities, and address gaps before they can be exploited. The findings underline the necessity for organisations to adopt unified cloud exposure management, increase visibility across their cloud assets, and take a systematic approach to automation and remediation of security risks, particularly as cloud adoption and reliance on AI-driven resources continue to rise.
