Stored data continues to expose sensitive information despite enhanced cloud storage security measures.
A new report published by cybersecurity firm Tenable has revealed a decline in the number of organizations facing serious security risks associated with cloud storage. The report, based on scans conducted between October 2024 and March 2025, focuses on the security of cloud storage across three major providers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
The report finds that AWS hosts the highest percentage of sensitive data among the three major cloud providers, with 16.7% of data being classified as confidential or restricted. Microsoft Azure, on the other hand, hosts the lowest percentage, with only 3.2% of sensitive data. Google Cloud Platform falls in between, with 6.5% of sensitive data.
One of the key concerns raised by the report is the presence of secrets in user data on AWS EC2 instances. Tenable considers this particularly concerning, as attackers can use these secrets to trigger a cascade of exploitative activity. The report finds that 3.5% of AWS EC2 instances contained secrets in user data, and more than a quarter of AWS users were storing sensitive information in their user data.
Similarly, sensitive information was found in 52% of Google CloudRun environment variables and 54% of AWS users' Elastic Container Service task definitions.
The report also identifies some promising security trends in the cloud storage sector. For instance, more than eight in 10 organizations using Amazon Web Services have enabled an important identity-checking service, according to the report. This is a significant improvement from previous years.
The report also notes a decline in the number of organizations with toxic cloud trilogies, which are publicly exposed, critically vulnerable, and highly privileged cloud instances. The number of organizations with toxic cloud trilogies has decreased significantly, from 38% between January and June 2024 to 29% between October 2024 and March 2025. The decline is even more pronounced for organizations with 10 or more toxic cloud trilogies, with the number dropping from 15% to 7%.
Despite these declines, Tenable warns that toxic cloud trilogies continue to pose an urgent problem for organizations. The report suggests that users' confidence in AWS security measures or AWS's longevity as a cloud provider may contribute to the high percentage of sensitive data on AWS.
The report also highlights serious risks facing cloud storage users. Configuration settings of cloud buckets may be leaking secret data, according to Tenable. The report found that nearly one in 10 publicly accessible cloud-storage buckets contained sensitive data.
In conclusion, while the report shows a decline in the number of organizations with toxic cloud trilogies on AWS or GCP, it underscores the need for continued vigilance in ensuring cloud storage security. Organizations are urged to regularly scan their cloud environments for vulnerabilities and take steps to secure their sensitive data.
Read also:
- Understanding Hemorrhagic Gastroenteritis: Key Facts
- Expanded Community Health Involvement by CK Birla Hospitals, Jaipur, Maintained Through Consistent Outreach Programs Across Rajasthan
- Abdominal Fat Accumulation: Causes and Strategies for Reduction
- Deepwater Horizon Oil Spill of 2010 Declared Cleansed in 2024?
