Cloud always has a bad reputation when it comes to security and privacy. The advantages such as flexibility, scalability and lower costs tend to come to the rescue and make up for these security shortcomings. With security and privacy getting top of business agendas, these advantages will no longer be enough.

The laid back approach businesses take towards cloud security makes the matters even worse. That is exactly what Tenable found in their latest report. Interested in learning more about the key findings from the report? You are in the right place.

In this article, HOSTNOC will share seven eye opening statistics regarding the current state of cloud security that will force you to rethink your cloud strategy for 2025.

7 Shocking Statistics About The Current State of Cloud Security

Here are seven eye popping statistics about the current state of cloud security that will blow you away.

1. 84% of organization have unused access keys with high severity excessive permissions

Did you know that a vast majority of organizations have unused or long standing access keys with excessive permissions? Yes, you read that right. Tenable study also showed the key role these unused access keys played in identity based attacks. In addition to this, these keys have also led to data compromises and data breaches. Microsoft email hack and MGM resort data breach is the best example of these unused access key exploitation.

To minimize the risk businesses must regularly rotate credentials, avoid using long-lasting access keys and implement Just-in-Time access mechanisms. Regularly audit and adjust permissions for human and non-human identities to adhere to the principle of least privilege.

1. 78% of organization have publicly accessible Kubernetes API Servers

The situation is not much different when it comes to Kubernetes. The report also shows that 78% of organizations have publicly accessible Kubernetes API servers. With Kubernetes playing a key role in managing containerized applications, its public exposure leaves sensitive workloads vulnerable. The configuration mistakes behind these exposures are a major issue, making organizations easy targets for malicious actors.

1. 74% of organization have publicly exposed storage

Cloud misconfigurations continue to be a top vulnerability. Publicly exposed storage can leak confidential information, increasing the risk of data breaches and compliance violations. As organizations ramp up their use of cloud-native applications, so, too, does the amount of sensitive data they store there increase — including customer and employee information and business IP. Hackers are motivated to get at such cloud-stored data.

1. 39% of organizations have public bucket

With the vast majority of businesses using cloud storage to store critical data, it becomes a prime target for threat actors. With cloud providers and businesses taking little to no steps to protect your data in the cloud, it can easily be stolen by cybercriminals. To make matters worse, businesses don’t use the security features provided by cloud service providers and leave their storage bucket publicly accessible. Public cloud storage buckets allow anyone on the internet to access the data they contain. Even with awareness growing around this issue, a significant portion of companies still leave buckets exposed, creating serious security risks.

1. 29% of organizations have public or private buckets with over privileged access

Even businesses who have set their cloud storage bucket to private end up making the mistake of providing over privileged access. Malicious threat actors can take advantage of it and gain access to your sensitive business data. Whether public or private, over-privileged access to cloud storage buckets is a common vulnerability. This excessive access opens the door to insider threats and unauthorized external access, leading to potential data theft or corruption.

1. 23% of cloud identities on the Hyperscalers have critical of high severity excessive permissions

Managing cloud identities is essential, but nearly a quarter of organizations fail to restrict permissions adequately. These over-privileged identities create dangerous opportunities for attackers to escalate privileges and compromise systems.

According to Scott Young, who is Principal Advisory Director at Info Tech Research Group said, “The high percentage of critical permissions granted to human accounts reflects the natural human inclination towards the path of least resistance; unfortunately, the resistance is meant to be there for a reason. The desire for less friction while working on systems leads to large potential consequences when an account is compromised.”

1. 6% of organizations have public buckets with over privileged access

While 6% may seem small, the combination of public exposure and over-privileged access multiplies the risks, making those organizations particularly vulnerable to malicious exploitation.

Scott Young shed light on the importance of governance, risk and compliance highlighted in Tenable report by saying, “Tenable report shows that in aggregate we are slow to secure our entry points and protect and control accounts to limit lateral movement, while the cloud makes us easy to find. Without a marked increase in maturing security practices, well defined processes, and thorough auditing, all coupled with automation and orchestration for speed and consistency, these numbers won’t significantly decrease. In short, this report is a strong argument for a well-run Governance, Risk, and Compliance practice.”

Conclusion

These statistics highlight the urgent need for stronger cloud security practices, including better access management, misconfiguration detection and constant monitoring. With threats evolving and cloud environments expanding, addressing these vulnerabilities is more important than ever.

Did this article help you in understanding the current state of cloud security? Which of these statistics regarding current state of cloud security shocked you the most? What did you learn from state of cloud security report? Share it with us in the comments section below.