Tenable Cloud Risk Report Sounds the Alarm on Toxic Cloud Exposures Threatening Indian Organisations
Almost four in 10 organisations have a cloud workload that is publicly exposed, critically vulnerable and highly privileged
Tenable®, the exposure management company, today released the Tenable Cloud Risk Report 2024, highlighting that organisations globally and in India are unknowingly exposed to the “toxic cloud triad,” a trifecta of cloud security risks that could lead to severe data breaches and financial losses.
The report is based on extensive analysis of billions of cloud assets across data gathered from billions of cloud assets across multiple public cloud environments. The data collected during the first half of 2024 (Jan – Jun) includes a comprehensive set of cloud workload and configuration information from real-world cloud assets in active production.
The Toxic Cloud Triad
With the rapid adoption of cloud technology across industries in APAC, the report underscores the challenges posed by misconfigurations, excessive permissions, and critical vulnerabilities that open doors to threat actors. The findings reveal that 38% of organisations have at least one publicly exposed, critically vulnerable, and highly privileged cloud workload, forming the toxic cloud triad.
Many breaches reported worldwide in 2024 resulted from 1-day vulnerabilities exploited on exposed workloads. Of these, some of the most dangerous breaches involved lateral movement by using the privileges of the compromised workloads.
“With cyber risks spreading across every corner of the business, the threat level has become unsustainable,” said Rajnish Gupta, Country Manager, Tenable India. “To tackle the biggest vulnerabilities, organisations need to understand toxic cloud triads and other risky combinations—and know exactly what data is exposed. Attackers exploit the gaps, slipping through outdated defences that can’t keep up or react fast enough.”
Additional key findings from Tenable’s Cloud Research team include:
84% of organisations have risky access keys to cloud resources: The majority of organisations (84.2%) possess unused or longstanding access keys with critical or high severity excessive permissions, a significant security gap that poses a substantial risk.
23% of cloud identities have critical or high severity excessive permissions: Analysis of Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure reveals that 23% of cloud identities, both human and non-human, have critical or high severity excessive permissions.
Critical vulnerabilities persist: Notably, CVE-2024-21626, a severe container escape vulnerability that could lead to the server host compromise, remained unremediated in over 80% of workloads even 40 days after its publishing.
74% of organisations have publicly exposed storage: 74% of organisations have publicly exposed storage assets, including those in which sensitive data resides. This exposure, often due to unnecessary or excessive permissions, has been linked to increased ransomware attacks.
78% of organisations have publicly accessible Kubernetes API servers: Of these, 41% also allow inbound internet access. Additionally, 58% of organisations have cluster-admin role bindings — which means that certain users have unrestricted control over all the Kubernetes environments.
About Tenable
Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com.
About Tenable Cloud Research
Tenable Cloud Research is the cloud research arm of Tenable Research. It conducts ongoing research into new attack vectors, uncovers and discloses cloud provider vulnerabilities, and applies its expertise to innovatively fortify the Tenable cloud product against emerging risks. Recent discoveries include:
Tenable Cloud Risk Report 2024 Methodology
The Tenable Cloud Risk Report 2024 findings are based on a comprehensive analysis of data gathered from billions of cloud assets across multiple public cloud environments, all scanned using the Tenable Cloud Security platform. The dataset, collected during the first half of 2024, includes cloud workload and configuration information from real-world assets in active production. It covers cloud environments from leading providers, including Amazon Web Services, Microsoft Azure, and Google Cloud Platform (GCP). The analysis focused on identifying critical security risks, such as public exposure, vulnerabilities, and excessive permissions, to provide actionable insights for organisations looking to strengthen their cloud security posture.