STOCK TITAN
  1. Home
  2. News
  3. TENB
  4. Tenable Research Finds Pervasive Cloud Misconfigurations Exposing Critical Data and Secrets

Tenable Research Finds Pervasive Cloud Misconfigurations Exposing Critical Data and Secrets

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Negative)
Tags
Rhea-AI Summary
Tenable's 2025 Cloud Security Risk Report reveals significant security vulnerabilities in cloud environments, with 9% of public cloud storage containing sensitive data, of which 97% is classified as restricted or confidential. The study found that 54% of organizations store secrets in AWS ECS task definitions, 52% in GCP Cloud Run, and 31% in Azure Logic Apps workflows. While the number of organizations with a "toxic cloud trilogy" decreased from 38% to 29%, significant risks persist. Even among the 83% of AWS organizations using Identity Provider services, security gaps remain due to overly-permissive settings and excessive entitlements. The research, conducted from October 2024 to March 2025, highlights the urgent need for improved cloud security practices and continuous risk management.
Il Rapporto sui Rischi della Sicurezza Cloud 2025 di Tenable evidenzia vulnerabilità significative negli ambienti cloud, con il 9% dello storage pubblico contenente dati sensibili, di cui il 97% classificato come riservato o confidenziale. Lo studio rileva che il 54% delle organizzazioni conserva segreti nelle definizioni di task AWS ECS, il 52% in GCP Cloud Run e il 31% nei workflow di Azure Logic Apps. Sebbene la percentuale di organizzazioni con una "trilogia cloud tossica" sia diminuita dal 38% al 29%, permangono rischi rilevanti. Anche tra l'83% delle organizzazioni AWS che utilizzano servizi di Identity Provider, persistono lacune di sicurezza dovute a configurazioni troppo permissive e autorizzazioni eccessive. La ricerca, condotta da ottobre 2024 a marzo 2025, sottolinea l'urgenza di migliorare le pratiche di sicurezza cloud e la gestione continua dei rischi.
El Informe de Riesgos de Seguridad en la Nube 2025 de Tenable revela vulnerabilidades significativas en entornos cloud, con un 9% del almacenamiento público que contiene datos sensibles, de los cuales el 97% están clasificados como restringidos o confidenciales. El estudio encontró que el 54% de las organizaciones almacenan secretos en definiciones de tareas de AWS ECS, el 52% en GCP Cloud Run y el 31% en flujos de trabajo de Azure Logic Apps. Aunque el porcentaje de organizaciones con una "trilogía tóxica en la nube" disminuyó del 38% al 29%, persisten riesgos importantes. Incluso entre el 83% de las organizaciones AWS que usan servicios de Proveedor de Identidad, existen brechas de seguridad debido a configuraciones demasiado permisivas y excesivos privilegios. La investigación, realizada de octubre de 2024 a marzo de 2025, destaca la necesidad urgente de mejorar las prácticas de seguridad en la nube y la gestión continua de riesgos.
Tenable의 2025 클라우드 보안 위험 보고서는 클라우드 환경에서 심각한 보안 취약점을 밝혀냈으며, 공개 클라우드 저장소의 9%가 민감한 데이터를 포함하고 있고 그 중 97%는 제한되거나 기밀로 분류되어 있습니다. 연구에 따르면 54%의 조직이 AWS ECS 작업 정의에 비밀을 저장하고, 52%는 GCP Cloud Run, 31%는 Azure Logic Apps 워크플로우에 저장하고 있습니다. '유해한 클라우드 3대 요소'를 보유한 조직 비율은 38%에서 29%로 감소했지만, 여전히 상당한 위험이 존재합니다. AWS 조직의 83%가 ID 공급자 서비스를 사용함에도 불구하고, 과도하게 허용된 설정과 과다한 권한으로 인해 보안 취약점이 남아 있습니다. 2024년 10월부터 2025년 3월까지 수행된 이 연구는 클라우드 보안 관행 개선과 지속적인 위험 관리의 시급한 필요성을 강조합니다.
Le Rapport sur les Risques de Sécurité Cloud 2025 de Tenable révèle d'importantes vulnérabilités dans les environnements cloud, avec 9 % du stockage public contenant des données sensibles, dont 97 % sont classées comme restreintes ou confidentielles. L'étude a constaté que 54 % des organisations stockent des secrets dans les définitions de tâches AWS ECS, 52 % dans GCP Cloud Run et 31 % dans les workflows Azure Logic Apps. Bien que le nombre d'organisations présentant une « trilogie cloud toxique » soit passé de 38 % à 29 %, des risques importants subsistent. Même parmi les 83 % d'organisations AWS utilisant des services de fournisseur d'identité, des failles de sécurité persistent en raison de configurations trop permissives et de droits excessifs. La recherche, menée d'octobre 2024 à mars 2025, souligne l'urgence d'améliorer les pratiques de sécurité cloud et la gestion continue des risques.
Der Cloud-Sicherheitsrisiko-Bericht 2025 von Tenable zeigt erhebliche Sicherheitslücken in Cloud-Umgebungen auf, wobei 9 % des öffentlichen Cloud-Speichers sensible Daten enthalten, von denen 97 % als eingeschränkt oder vertraulich eingestuft sind. Die Studie ergab, dass 54 % der Organisationen Geheimnisse in AWS ECS-Aufgabendefinitionen speichern, 52 % in GCP Cloud Run und 31 % in Azure Logic Apps Workflows. Obwohl die Anzahl der Organisationen mit einer "toxischen Cloud-Trilogie" von 38 % auf 29 % zurückging, bestehen weiterhin erhebliche Risiken. Selbst unter den 83 % der AWS-Organisationen, die Identity Provider-Dienste nutzen, bestehen Sicherheitslücken aufgrund zu großzügiger Einstellungen und übermäßiger Berechtigungen. Die von Oktober 2024 bis März 2025 durchgeführte Untersuchung unterstreicht den dringenden Bedarf an verbesserten Cloud-Sicherheitspraktiken und kontinuierlichem Risikomanagement.
Positive
  • Decrease in 'toxic cloud trilogy' vulnerabilities from 38% to 29% shows improvement in cloud workload security
  • High adoption rate (83%) of Identity Provider services among AWS organizations indicates growing security awareness
  • Comprehensive research covering multiple cloud platforms (AWS, GCP, Azure) provides valuable insights for security improvements
Negative
  • 9% of publicly accessible cloud storage contains sensitive data, with 97% being restricted or confidential
  • 54% of organizations store secrets in AWS ECS task definitions, creating direct attack paths
  • 3.5% of AWS EC2 instances contain secrets in user data, posing major security risks
  • Persistent security gaps in identity management due to overly-permissive defaults and excessive entitlements

Insights

Tenable's research demonstrates their leadership in cloud security by identifying significant risks organizations face from exposed data and misconfigurations.

Tenable's 2025 Cloud Security Risk Report reveals concerning statistics about cloud security vulnerabilities that highlight both market challenges and Tenable's expertise in identifying them. The finding that 9% of publicly accessible cloud storage contains sensitive data (with 97% classified as restricted or confidential) represents a significant attack surface for malicious actors. This research positions Tenable as a thought leader with unique visibility into cloud security trends.

The report's identification of specific risk vectors across major cloud platforms is particularly valuable. The data showing that 54% of organizations store secrets directly in AWS ECS task definitions, 52% in Google Cloud Platform's Cloud Run, and 31% in Azure Logic Apps workflows demonstrates Tenable's cross-platform expertise. Most concerning is that 3.5% of AWS EC2 instances contain secrets in user data, creating significant exposure given EC2's widespread use.

While the decrease in organizations with the "toxic cloud trilogy" from 38% to 29% shows modest industry improvement, it also indicates continued market need for Tenable's solutions. The research reinforces Tenable's value proposition in providing the visibility and remediation capabilities organizations need to address these persistent cloud security gaps. This report likely serves as both educational content and an effective marketing tool demonstrating Tenable's deep understanding of cloud security challenges.

Insecure cloud configurations create widespread risk, highlighting the urgent need for unified cloud exposure management

COLUMBIA, Md., June 18, 2025 (GLOBE NEWSWIRE) -- Tenable®, the exposure management company, today released its 2025 Cloud Security Risk Report. The research revealed that 9% of publicly accessible cloud storage contains sensitive data, 97% of which is classified as restricted or confidential. These exposures increase the risk of exploitation, particularly when paired with misconfigurations or embedded secrets.

Cloud environments face dramatically increased risk due to exposed sensitive data, misconfigurations, underlying vulnerabilities and poorly stored secrets – such as passwords, API keys and credentials. The 2025 Cloud Security Risk Report provides a deep dive into the most prominent cloud security issues impacting data, identity, workload and AI resources and offers practical mitigation strategies to help organizations proactively reduce risk and close critical gaps.

Key findings from the report include:

  • Secrets found in diverse cloud resources are putting organizations at risk: Over half of organizations (54%) store at least one secret directly in Amazon Web Services (AWS) Elastic Container Service (ECS) task definitions — creating a direct attack path. Similar issues were found among organizations using Google Cloud Platform (GCP) Cloud Run (52%) and Microsoft Azure Logic Apps workflows (31%). Alarmingly, 3.5% of all AWS Elastic Compute Cloud (EC2) instances contain secrets in user data — major risk given how widely EC2 is used.
  • Cloud workload security is improving, but toxic combinations persist: While the number of organizations with a “toxic cloud trilogy” – a workload that is publicly exposed, critically vulnerable, and highly privileged – has decreased from 38% to 29%, this dangerous combination still represents a significant and common risk.
  • Using Identity Providers (IdPs) alone doesn’t eliminate risk: While 83% of AWS organizations are exercising best practices in using IdP services to manage their cloud identities, overly-permissive defaults, excessive entitlements, and standing permissions still expose them to identity-based threats.

“Despite the security incidents we have witnessed over the past few years, organizations continue to leave critical cloud assets, from sensitive data to secrets, exposed through avoidable misconfigurations,” said Ari Eitan, Director of Cloud Security Research, Tenable.

“The path for attackers is often simple: exploit public access, steal embedded secrets or abuse overprivileged identities. To close these gaps, security teams need full visibility across their environments and the ability to prioritize and automate remediation before threats escalate. The cloud demands continuous, proactive risk management, and not reactive patchwork.”

The report reflects findings by the Tenable Cloud Research team based on telemetry from workloads across diverse public cloud and enterprise environments, analyzed from October 2024 through March 2025. To download the report today, please visit: https://www.tenable.com/cyber-exposure/tenable-cloud-security-risk-report-2025

More information on Tenable Cloud Security is available at: https://www.tenable.com/cloud-security.

About Tenable
Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com.

Media Contact:
Tenable
tenablepr@tenable.com


FAQ

What are the key findings of Tenable's 2025 Cloud Security Risk Report?

The report found that 9% of public cloud storage contains sensitive data, 54% of organizations store secrets in AWS ECS task definitions, and while toxic cloud trilogy cases decreased to 29%, significant security risks persist across cloud environments.

What percentage of AWS organizations use Identity Provider services according to Tenable's report?

83% of AWS organizations use Identity Provider services to manage cloud identities, though security gaps remain due to overly-permissive settings and excessive entitlements.

What is the 'toxic cloud trilogy' mentioned in Tenable's report and how has it changed?

The 'toxic cloud trilogy' refers to workloads that are publicly exposed, critically vulnerable, and highly privileged. The percentage of organizations with this issue decreased from 38% to 29%.

How many AWS EC2 instances contain secrets in user data according to Tenable's research?

3.5% of all AWS Elastic Compute Cloud (EC2) instances contain secrets in user data, which represents a major security risk.

What are the main cloud platforms analyzed in Tenable's 2025 security report?

The report analyzed security issues across Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure cloud platforms.
Stock TENB logo
Tenable Holdings

NASDAQ:TENB

TENB Rankings

#1459 Ranked by Market Cap
N/A Ranked by Dividends

TENB Latest News

Jun 16, 2025
Tenable Recognized for AI Leadership with Globee Award for AI-Powered Security
May 29, 2025
Tenable Announces Intent to Acquire Apex Security to Expand Exposure Management Across the AI Attack Surface
May 20, 2025
Tenable Reveals 2025 Global Partner Award Winners
May 15, 2025
Tenable Powers AI-Driven Exposure Management with Third-Party Data Connectors and Unified Dashboards
May 1, 2025
Tenable to Participate in Upcoming Investor Events

TENB Stock Data

3.96B
119.91M
1.84%
92.57%
3.11%
Software - Infrastructure
Services-prepackaged Software
Link
United States
COLUMBIA

Related Articles

Continue reading with these related stories

View All Latest News