Tenable Research에서 광범위한 클라우드 구성 오류가 중요한 데이터 및 암호를 위험에 노출하는 것을 발견

Tenable®, the exposure management company, today released its 2025 Cloud Security Risk Report. The research revealed that 9% of publicly accessible cloud storage contains sensitive data, 97% of which is classified as restricted or confidential. These exposures increase the risk of exploitation, particularly when paired with misconfigurations or embedded secrets. 

Cloud environments face dramatically increased risk due to exposed sensitive data, misconfigurations, underlying vulnerabilities and poorly stored secrets – such as passwords, API keys and credentials. The 2025 Cloud Security Risk Report provides a deep dive into the most prominent cloud security issues impacting data, identity, workload and AI resources and offers practical mitigation strategies to help organizations proactively reduce risk and close critical gaps.

Key findings from the report include: 

• Secrets found in diverse cloud resources are putting organizations at risk: Over half of organizations (54%) store at least one secret directly in Amazon Web Services (AWS) Elastic Container Service (ECS) task definitions — creating a direct attack path. Similar issues were found among organizations using Google Cloud Platform (GCP) Cloud Run (52%) and Microsoft Azure Logic Apps workflows (31%). Alarmingly, 3.5% of all AWS Elastic Compute Cloud (EC2) instances contain secrets in user data — major risk given how widely EC2 is used.
• Cloud workload security is improving, but toxic combinations persist: While the number of organizations with a “toxic cloud trilogy” – a workload that is publicly exposed, critically vulnerable, and highly privileged – has decreased from 38% to 29%, this dangerous combination still represents a significant and common risk.
• Using Identity Providers (IdPs) alone doesn’t eliminate risk: While 83% of AWS organizations are exercising best practices in using IdP services to manage their cloud identities, overly-permissive defaults, excessive entitlements, and standing permissions still expose them to identity-based threats.

“Despite the security incidents we have witnessed over the past few years, organizations continue to leave critical cloud assets, from sensitive data to secrets, exposed through avoidable misconfigurations,” said Ari Eitan, Director of Cloud Security Research, Tenable. 

“The path for attackers is often simple: exploit public access, steal embedded secrets or abuse overprivileged identities. To close these gaps, security teams need full visibility across their environments and the ability to prioritize and automate remediation before threats escalate. The cloud demands continuous, proactive risk management, and not reactive patchwork.”

The report reflects findings by the Tenable Cloud Research team based on telemetry from workloads across diverse public cloud and enterprise environments, analyzed from October 2024 through March 2025. To download the report today, please visit: https://www.tenable.com/cyber-exposure/tenable-cloud-security-risk-report-2025

More information on Tenable Cloud Security is available at: https://www.tenable.com/cloud-security 

Tenable 소개

Tenable®은 위험 노출 관리 회사로서 비즈니스의 가치, 평판 및 신뢰를 위협하는 사이버 보안의 공백을 식별하여 채웁니다. Tenable의 AI 기반 위험 노출 관리 플랫폼은 공격 표면 전체에서 보안 가시성, 통찰 및 작업을 혁신적으로 통합하여 최신 조직들을 IT 인프라부터 클라우드 환경 및 중요 인프라와 이외의 다양한 환경에 공격에 대해 보호합니다. 엔터프라이즈를 보안 위험 노출에서 보호하여 Tenable은 전 세계에 44,000곳 이상의 고객사에서 비즈니스 위험을 줄입니다. tenable.com에서 자세히 알아보십시오.

###

미디어 연락처:

Tenable

[email protected]