Imagine leaving your house keys in a public parking lot, your wallet on a restaurant table, and your passport in a library book. That’s what many organizations are doing with their cloud data right now.
The latest Tenable Cloud Security Risk Report for 2025 has unveiled some eye-opening truths about how companies are managing their cloud environments. While the digital transformation has brought incredible benefits, it has also created new vulnerabilities that many organizations haven’t yet fully grasped.
The Shocking Truth About Public Data
Here’s a statistic that should make every IT professional pause: 9% of publicly accessible cloud storage contains sensitive data. That means nearly 1 in 10 public storage resources analyzed held confidential or restricted information that anyone on the internet could access.
Even more alarming? Of that sensitive data found in public locations, 97% was classified as either restricted or confidential—the highest risk categories. This isn’t just about minor privacy concerns; we’re talking about data that could cause severe legal, financial, or reputational damage if it falls into the wrong hands.
Secrets Are Scattered Everywhere
The report reveals another troubling trend: secrets, such as passwords, API keys, and access tokens, are being stored in insecure locations. Over half of organizations using Amazon Web Services have at least one secret embedded in their container configurations, while 52% of Google Cloud users have similar issues.
Perhaps most concerning is that 3.5% of AWS EC2 instances—one of the most widely used cloud services—contain secrets in their user data. Given EC2’s popularity, this small percentage represents a massive security risk across the internet.
Some Good News on the Horizon
It’s not all doom and gloom. The report indicates that organizations are improving in certain areas. The number of “toxic cloud trilogies”—systems that are publicly exposed, critically vulnerable, and highly privileged—dropped from 38% to 29% of organizations.
Additionally, 83% of AWS users have configured identity providers, which is a best practice for managing access to cloud resources.
The Bottom Line
As artificial intelligence and cloud computing continue to expand, the stakes are getting higher. Organizations need to treat cloud security not as an afterthought, but as a fundamental business priority. The convenience of cloud computing shouldn’t come at the cost of security.
The message is clear: it’s time for organizations to audit their cloud environments, secure their secrets, and ensure sensitive data isn’t accidentally left in public view.
