Organisations in India are grappling with a hidden crisis related to vulnerabilities in cloud computing, as revealed in the 2025 Cloud Security Risk Report released by Tenable, a company specialising in Exposure Management. The report exposes significant security gaps in cloud environments, ranging from misconfigured storage that compromises sensitive data to embedded secrets in workloads, which can lead to data breaches, financial losses, and severe regulatory repercussions.

Research findings indicate a substantial and pervasive risk, with 9% of all analysed cloud storage resources containing restricted or confidential information. Although this percentage may seem small, it translates to millions of sensitive records potentially being exposed in environments that house vast volumes of data. Furthermore, nearly one in ten publicly accessible storage locations holds sensitive data, driven by common misconfigurations, weak access controls, and limited visibility, thereby exposing organisations across various industries to serious security and compliance threats.

The risks extend beyond this. Tenable’s findings show that 54% of organisations with AWS ECS task definitions have embedded secrets, leaving businesses vulnerable to the threat of full cloud environment takeovers or exploitation activities like unauthorised crypto mining. Moreover, within AWS EC2 instances, 3.5% contain credentials embedded in user data, providing attackers with a clear pathway to escalate privileges and compromise environments.

“Secrets are the keys to the kingdom, yet many organisations are unknowingly leaving them unguarded across their cloud infrastructures,” stated Ari Eitan, Director of Cloud Security Research at Tenable. “In today’s threat landscape, complacency is costly. Organisations must treat secrets with the highest level of security hygiene to prevent attackers from gaining footholds that can spiral into full-blown breaches.”

As Indian enterprises and government agencies continue to scale up cloud adoption, the report highlights the urgent need for a proactive, risk-driven security strategy. Regulatory frameworks issued by India’s Securities Exchange Board of India and the Reserve Bank of India outline risk management and cybersecurity practices that organisations must follow to adopt cloud computing. Given the rising cyberattacks in the cloud, organisations must proactively prioritise cloud security to protect business-critical data and assets.

“The cloud offers incredible agility, but without strong controls and continuous monitoring, it also opens the door to significant exposures,” Eitan added. “Understanding where your sensitive data and credentials are and who can access them must now be a board-level priority.”

The report reflects findings by the Tenable Cloud Research team based on telemetry from workloads across diverse public cloud and enterprise environments, analysed from October 2024 through March 2025. To download the report, please visit: 2025 Cloud Risk Security Report

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!