Indian organisations face alarming cloud vulnerabilities, new tenable report reveals

A new report by Tenable, a leading player in exposure management, has revealed a hidden crisis in cloud security within Indian organisations. The 2025 Cloud Security Risk Report outlines concerning gaps in the protection of cloud environments, exposing businesses to major risks such as data breaches, financial losses, and regulatory violations.

The research points to a disturbing trend of misconfigured cloud storage, with 9% of all analysed cloud storage resources containing restricted or confidential information. While this percentage may seem small, in environments that store vast amounts of data, it equates to millions of sensitive records being exposed. Even more troubling, the report finds that nearly one in ten publicly accessible cloud storage locations holds sensitive data, a situation largely attributed to common misconfigurations, weak access controls, and limited visibility.

Secrets at Risk in the Cloud

The risks do not stop at exposed data. Tenable’s findings indicate that many organisations are leaving vital credentials unprotected across their cloud infrastructures. For instance, 54% of organisations using AWS ECS task definitions have embedded secrets within them, opening the door to full cloud environment takeovers or malicious activities such as unauthorised crypto mining. Additionally, 3.5% of AWS EC2 instances were found to contain credentials embedded within user data, providing attackers with an easy route to escalate privileges and compromise systems.

Ari Eitan, Director of Cloud Security Research at Tenable, stressed the gravity of the situation, stating, “Secrets are the keys to the kingdom, yet many organisations are unknowingly leaving them unguarded across their cloud infrastructures. In today’s threat landscape, complacency is costly. Organisations must treat secrets with the highest level of security hygiene to prevent attackers from gaining footholds that can spiral into full-blown breaches.”

Proactive Cloud Security is Essential

As Indian enterprises and government agencies continue to accelerate their cloud adoption, the report underscores the critical need for a proactive, risk-driven approach to cloud security. Regulatory bodies such as the Securities Exchange Board of India (SEBI) and the Reserve Bank of India (RBI) have already issued frameworks outlining the cybersecurity and risk management practices that organisations must adhere to when adopting cloud computing. With cyberattacks targeting cloud infrastructures on the rise, it has become even more essential for organisations to prioritise cloud security to protect sensitive data and business-critical assets.

“The cloud offers incredible agility, but without strong controls and continuous monitoring, it also opens the door to significant exposures,” added Eitan. “Understanding where your sensitive data and credentials are, and who can access them, must now be a board-level priority.”

A Call to Action for Indian Organisations

The 2025 Cloud Security Risk Report from Tenable highlights the importance of not only deploying cloud technologies but also managing them with robust security strategies. As cyber threats evolve and become more sophisticated, Indian businesses must reassess their cloud security measures and ensure that appropriate safeguards are in place to mitigate the risk of data exposure and breaches.

The report is based on telemetry data from workloads across public cloud and enterprise environments, analysed between October 2024 and March 2025. To download the full report and gain further insights into the current state of cloud security in India, visit Tenable’s website.

Read more :

Fortinet expands cloud security Arsenal with recent updates

Kingston revamps XS Series SSDs with new look

Epson launches Monna Lisa ML-18000 to accelerate textile printing