The research reveals embedded secrets, misconfigurations, and public access that increase the risk of cyberattacks in cloud environments.
Tenable®, a company specializing in cyber exposure management, has published its Cloud Security Risk Report 2025, which warns about the impact of poor cloud configurations, the exposure of sensitive data, and the presence of poorly stored secrets that threaten the digital security of thousands of organizations.
The report, based on real telemetry analysis between October 2024 and March 2025, reveals that 9% of publicly accessible cloud storage contains sensitive information, and that 97% of this data is classified as restricted or confidential.
Hidden Risks: Secrets in Unsafe Places
One of the most concerning findings in the report is the improper storage of keys, passwords, and access tokens in commonly used resources. According to Tenable’s data:
- More than half of organizations (54%) store at least one secret directly in AWS ECS task definitions.
- In Google Cloud Run, this behavior is repeated in 52% of cases.
- In Azure Logic Apps, 31% of workflows also contain embedded secrets.
- 3.5% of analyzed EC2 instances had confidential data in their user metadata.
These configuration errors represent direct attack vectors for cybercriminals who no longer need complex vulnerabilities but can simply exploit public access or visible credentials.
The Toxic Trio Remains in the Cloud
Tenable identifies what it calls a “toxic trilogy”: workloads that are simultaneously publicly exposed, vulnerable, and have elevated permissions. Although the presence of this type of combination has decreased from 38% to 29% in the past year, it still poses a critical threat in cloud environments.
These configurations provide a quick path for malicious actors to escalate privileges, access sensitive information, or unleash automated attacks using artificial intelligence models.
Cloud Identities: Best Practices with Nuances
The report also examines identity management in the cloud. Eighty-three percent of organizations on AWS use identity providers (IdPs) to control access. However, Tenable warns that default configurations, excessive permissions, and persistent accesses continue to expose these organizations to identity-based threats.
Ari Eitan, director of cloud security research at Tenable, stated:
“Organizations continue to leave critical resources misconfigured and exposed, despite lessons learned from past incidents. An attacker’s path can be as simple as exploiting a public access point or stealing an embedded credential.”
Towards Continuous Exposure Management
Among the recommendations included in the report are:
- Audit the use of secrets in task definitions, workflows, and metadata.
- Remove unnecessary public access to storage resources.
- Implement automatic key and credential rotation.
- Apply strict least privilege policies.
- Adopt continuous visibility over identities, data, workloads, and AI resources.
The central message of the report is clear: cloud security must be proactive, continuous, and based on unified visibility. The complexity of the cloud environment cannot be managed with fragmented tools or reactive measures.
The Cloud Security Risk Report 2025 is available for free download on Tenable’s official website: Tenable Cloud Security Risk Report 2025