%22%3E%0A%3Cpath%20d%3D%22M412%20101.2H393.7C393.1%20101.2%20392.3%20100.9%20391.8%20100.5C377.3%2087.6004%20362.9%2074.6004%20348.4%2061.6004C344.8%2058.4004%20341.3%2055.2004%20337.7%2052.0004C337.1%2051.5004%20336.2%2051.1004%20335.5%2051.0004C334.2%2050.8004%20333%2051.0004%20331.5%2051.0004V101.1H316.7V0.100391H331.4V44.3004C331.9%2044.3004%20332.2%2044.4004%20332.5%2044.4004C334.9%2044.4004%20337.2%2044.5004%20339.6%2044.4004C340.4%2044.4004%20341.3%2044.0004%20341.8%2043.5004C351.6%2034.4004%20361.4%2025.2004%20371.1%2016.0004C376.5%2010.9004%20381.9%205.90039%20387.3%200.800391C387.9%200.200391%20388.5%200.000390626%20389.3%200.000390626H400.9C384.2%2015.8004%20367.8%2031.3004%20351.2%2047.0004C371.5%2065.0004%20391.8%2082.9004%20412.1%20100.9C412.1%20101%20412.1%20101.1%20412%20101.2ZM180.9%20101.2C184.1%2094.9004%20187.2%2088.9004%20190.3%2082.8004C198.3%2067.3004%20206.2%2051.8004%20214.2%2036.2004C220.3%2024.4004%20226.4%2012.5004%20232.4%200.700391C232.7%200.100391%20233%20-0.0996094%20233.7%20-0.0996094H248.1C248.8%20-0.0996094%20249.2%200.100391%20249.6%200.800391C256%2013.3004%20262.4%2025.7004%20268.8%2038.2004C279.3%2058.6004%20289.8%2079.0004%20300.3%2099.5004C300.5%20100%20300.8%20100.4%20301.1%20101.1C300.5%20101.1%20300.1%20101.2%20299.7%20101.2H286.5C285.6%20101.2%20285.1%20100.9%20284.7%20100.2C280.1%2091.3004%20275.4%2082.4004%20270.8%2073.4004C270.1%2072.1004%20269.3%2071.6004%20267.8%2071.6004H209.9C208.7%2071.6004%20208.1%2072.0004%20207.5%2073.1004C202.9%2082.1004%20198.2%2091.0004%20193.6%20100C193.1%20101%20192.6%20101.3%20191.5%20101.3C188.4%20101.2%20185.3%20101.3%20182.3%20101.3C182%20101.2%20181.6%20101.2%20180.9%20101.2ZM239.1%2011.4004C230%2029.2004%20221.1%2046.7004%20212.1%2064.3004H266.4C257.2%2046.7004%20248.2%2029.2004%20239.1%2011.4004ZM0%200.000390626H43.4C51.2%200.000390626%2058.7%201.20039%2065.7%204.80039C75.9%2010.0004%2078.9%2018.0004%2078.6%2027.4004C78.3%2034.3004%2076%2040.5004%2071.2%2045.5004C67.3%2049.6004%2062.4%2052.3004%2057.1%2054.3004C50.6%2056.7004%2043.9%2058.0004%2037.1%2058.6004C30.1%2059.2004%2023.1%2059.4004%2016.2%2059.7004C15.8%2059.7004%2015.3%2059.8004%2014.8%2059.8004V101.1H0.1C0%2067.4004%200%2033.8004%200%200.000390626ZM14.8%207.10039V52.2004C23.7%2052.4004%2032.6%2052.3004%2041.2%2050.1004C44.4%2049.3004%2047.6%2048.2004%2050.6%2046.7004C58.4%2043.0004%2062.3%2036.7004%2062.7%2028.0004C63%2019.9004%2059.5%2014.1004%2052.4%2010.5004C47.6%208.00039%2042.5%207.10039%2037.2%207.10039H14.8ZM95.9%20101.1V0.100391H167.3V7.20039H110.7V44.7004H158.1V51.9004H110.8V93.9004H171.1V101C146.1%20101.1%20121%20101.1%2095.9%20101.1Z%22%20fill%3D%22black%22%2F%3E%0A%3Cpath%20d%3D%22M35.0004%2025.7996H42.5004V20.6996H44.8004V33.1996H42.6004V27.5996H34.9004V33.2996H32.7004V20.7996H35.0004V25.7996ZM54.4004%2025.8996V27.2996H48.9004V31.6996H55.9004C55.9004%2032.1996%2056.0004%2032.5996%2056.0004%2033.0996H46.5004V20.5996H55.5004V21.8996H49.0004V25.7996C50.7004%2025.8996%2052.5004%2025.8996%2054.4004%2025.8996ZM25.9004%2033.0996H23.5004V21.9996H17.9004V20.6996H31.6004V22.0996H27.1004C26.2004%2022.0996%2025.9004%2022.2996%2025.9004%2023.1996C26.0004%2026.0996%2025.9004%2028.9996%2025.9004%2031.7996V33.0996Z%22%20fill%3D%22black%22%2F%3E%0A%3C%2Fg%3E%0A%3Cdefs%3E%0A%3CclipPath%20id%3D%22clip0_388_462%22%3E%0A%3Crect%20width%3D%22411%22%20height%3D%22101.2%22%20fill%3D%22white%22%2F%3E%0A%3C%2FclipPath%3E%0A%3C%2Fdefs%3E%0A%3C%2Fsvg%3E%0A)
Tenable’s 2025 risk report exposes critical security risks in companies using cloud services
Taken together with the exposure management company’s previous study on cloud AI risks, this report sounds a warning on companies’ hasty rush to store their data in cloud services.
By Clarissa Ryanputri /
Tenable, an exposure management company that focuses on closing cybersecurity gaps in businesses, recently released a report detailing critical vulnerabilities and risks in the usage of cloud services to store data.
The Tenable Cloud Security Risk Report 2025, compiled from telemetry scanned through Tenable Cloud Services from October 2024 through March 2025, also presents detailed explanations and suggested mitigation strategies for companies interested in minimising cloud vulnerabilities in their systems.
Overall results
Alarmingly, the report found that businesses across Southeast Asia are increasingly working with cloud vulnerabilities that go unnoticed, putting them and their data at risk. At least 9% of all cloud repositories analysed for the study included restricted or confidential information. Though the number is deceptively small, the large volumes of data processed on a daily basis by cloud service providers means that it actually corresponds to a staggering amount of sensitive information being exposed.
One in ten publicly accessible storage locations also holds sensitive data — in addition to the inherent security risks these breaches hold for organisations, this also puts many multinational corporations at risk of violating stringent data security protections and regulations in Southeast Asia.
With Singapore’s strict data protection laws, including the Cybersecurity Act, Personal Data Protection Act (PDPA), and Monetary Authority of Singapore (MAS) Technology Risk Management Guidelines, companies in regulated sectors are at high risk of running afoul of the law if they fail to secure important data on their servers. This also stretches to companies that operate in the Southeast Asian region, as other countries like Indonesia, Philippines, Thailand and Malaysia have similar regulations that impose stringent requirements on data protection, cross-border transfers and data security.
Not all is lost, though. At least 83% of organisations using Amazon Web Services (AWS) were found to have configured identity provider services (IdPs). They help prevent impersonation by acting as a central authentication service, managing and verifying the identities of those who can access sensitive information. However, the report also warned that IdPs are not a guarantee of security, and that they can still be exploited through other cloud weaknesses such as overly permissive defaults.
The risks of AI
Information from the Tenable Cloud AI Risk Report 2025 was also cited in the article as an example of how AI developer tools and services, which are fast gaining popularity amongst companies, can also pose their own security risks and challenges. Though many companies rely on AI to process large amounts of data, the report found that 77% of the organisations utilising GCP’s Vertex AI Workbench had misconfigured defaults, which created high-risk exposure paths that could lead to compliance violations.
Another problem found was that AI cloud workloads across Azure, AWS and GCP had higher rates of critical vulnerabilities, with 70% having at least one unremediated critical vulnerability, higher compared to the ‘preferable’ rate of 50% in non-AI workloads. These critical vulnerabilities raise the chances of successful cyberattacks and data leaks by bad agents.
As the massive quantity of AI data means that a large percentage of it is likely to be sensitive, the report recommends that organisations take proactive steps to integrate special AI security measures and failsafes into their cybersecurity protocols, especially when integrating AI into company systems.
Ari Eitan, Director of Cloud Security Research at Tenable, said on the report results, “In today’s threat landscape, complacency is costly. Organisations must treat secrets with the highest level of security hygiene to prevent attackers from gaining footholds that can spiral into full-blown breaches.”
“The cloud offers incredible agility, but without strong controls and continuous monitoring, it also opens the door to significant exposures,” Eitan added. “Understanding where your sensitive data and credentials are and who can access them must now be a board-level priority.”