Tenable Report Highlights Persistent Cloud Security Risks Despite Improvements
A recent report by Tenable reveals both progress and ongoing vulnerabilities in cloud security, particularly around "toxic cloud trilogies"—publicly exposed, critically vulnerable, and highly privileged cloud instances. Between October 2024 and March 2025, the number of organizations with at least one such instance on AWS or Google Cloud Platform (GCP) dropped from 38% to 29%, while those with five or more declined from 27% to 13%. Despite these improvements, Tenable warns that such exposures remain a pressing concern.
The report also uncovered widespread exposure of sensitive data in cloud configurations. Researchers found that 54% of AWS Elastic Container Service (ECS) task definitions and 52% of Google CloudRun environment variables contained confidential information. Additionally, over a quarter of AWS users stored sensitive data in user data fields, with 3.5% of AWS EC2 instances holding secrets—posing a significant risk if exploited. AWS hosted the highest proportion of sensitive data (16.7% of its buckets), compared to 6.5% for GCP and 3.2% for Microsoft Azure.
While nearly 80% of AWS users have enabled critical identity-checking services, the findings underscore persistent misconfigurations and overconfidence in cloud security measures. The report, released at AWS re:Invent 2024 in Las Vegas, highlights the need for continued vigilance in securing cloud environments.
Source: https://www.cybersecuritydive.com/news/cloud-security-amazon-google-microsoft-tenable-report/751047/
Fortinet cybersecurity rating report: https://www.rankiteo.com/company/fortinet
Cisco cybersecurity rating report: https://www.rankiteo.com/company/cisco
Amazon Web Services (AWS) cybersecurity rating report: https://www.rankiteo.com/company/amazon-web-services
JPMorganChase cybersecurity rating report: https://www.rankiteo.com/company/jpmorganchase
"id": "FORCISAMAJPM1767748297",
"linkid": "fortinet, cisco, amazon-web-services, jpmorganchase",
"type": "Vulnerability",
"date": "12/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Various',
'location': 'Global',
'name': 'AWS Users',
'type': 'Cloud Service Provider Customers'},
{'industry': 'Various',
'location': 'Global',
'name': 'GCP Users',
'type': 'Cloud Service Provider Customers'},
{'industry': 'Various',
'location': 'Global',
'name': 'Microsoft Azure Users',
'type': 'Cloud Service Provider Customers'}],
'attack_vector': 'Misconfigured Cloud Storage',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (confidential/restricted)',
'type_of_data_compromised': ['Secrets',
'Confidential data',
'Restricted data',
'Personally identifiable '
'information']},
'date_publicly_disclosed': '2025-03-05',
'description': 'Tenable’s report highlights serious risks facing cloud '
'storage users, including publicly exposed, critically '
'vulnerable, and highly privileged cloud buckets (termed '
"'toxic cloud trilogies'). Researchers found sensitive data "
'leaks in AWS and GCP cloud buckets, including Elastic '
'Container Service task definitions, CloudRun environment '
'variables, and user data. Despite improvements, 29% of '
'organizations still had at least one toxic cloud trilogy, '
'with 7% having 10 or more. AWS hosted more sensitive data '
'(16.7%) than GCP (6.5%) or Azure (3.2%).',
'impact': {'brand_reputation_impact': 'High (due to sensitive data exposure)',
'data_compromised': 'Sensitive data, including confidential and '
'restricted information',
'identity_theft_risk': 'High (due to exposure of personally '
'identifiable information)',
'operational_impact': 'Potential cascade of exploitative activity '
'by attackers accessing exposed secrets',
'systems_affected': ['AWS S3 Buckets',
'GCP Cloud Storage',
'AWS Elastic Container Service',
'Google CloudRun',
'AWS EC2 User Data']},
'investigation_status': 'Ongoing (based on scans conducted between October '
'2024 and March 2025)',
'lessons_learned': 'Organizations must prioritize secure cloud '
'configurations, regularly audit cloud storage settings, '
'and avoid storing sensitive data in publicly accessible '
'or misconfigured buckets. AWS, GCP, and Azure users '
'should enable identity-checking services and monitor for '
'exposed secrets.',
'post_incident_analysis': {'corrective_actions': ['Enable identity-checking '
'services',
'Regularly audit cloud '
'configurations',
'Remove sensitive data from '
'user data/environment '
'variables',
'Implement enhanced '
'monitoring'],
'root_causes': ['Misconfigured cloud storage '
'buckets',
'Public exposure of sensitive data',
'Lack of identity-checking '
'services in some cases',
'Overconfidence in cloud provider '
'security measures']},
'recommendations': ['Conduct regular audits of cloud storage configurations',
'Enable identity-checking services (e.g., AWS IAM)',
'Avoid storing sensitive data in user data or environment '
'variables',
'Implement network segmentation and enhanced monitoring',
'Adopt secure development practices to prevent '
'misconfigurations'],
'references': [{'date_accessed': '2025-03-05',
'source': 'Tenable Report on Toxic Cloud Trilogies'},
{'date_accessed': '2025-03-05',
'source': 'Cybersecurity Dive'}],
'response': {'enhanced_monitoring': 'Enabled identity-checking service (80%+ '
'of AWS users)'},
'title': 'Toxic Cloud Trilogies: Publicly Exposed, Critically Vulnerable, and '
'Highly Privileged Cloud Buckets',
'type': 'Data Exposure',
'vulnerability_exploited': 'Publicly exposed cloud buckets with critical '
'vulnerabilities and highly privileged data'}