Core Insights - The 2025 Cloud Security Risk Report by Tenable highlights the urgent need for unified cloud exposure management due to widespread risks from insecure cloud configurations [1][2] Cloud Security Risks - 9% of publicly accessible cloud storage contains sensitive data, with 97% classified as restricted or confidential, increasing the risk of exploitation [1][2] - Exposed sensitive data, misconfigurations, and poorly stored secrets such as passwords and API keys significantly heighten cloud environment risks [2][5] Organizational Vulnerabilities - Over half of organizations (54%) store at least one secret directly in AWS Elastic Container Service (ECS) task definitions, creating direct attack paths [7] - Similar vulnerabilities are found in Google Cloud Platform (GCP) Cloud Run (52%) and Microsoft Azure Logic Apps workflows (31%) [7] - 3.5% of all AWS Elastic Compute Cloud (EC2) instances contain secrets in user data, posing major risks given EC2's widespread use [7] Toxic Cloud Combinations - The percentage of organizations with a "toxic cloud trilogy" (publicly exposed, critically vulnerable, and highly privileged workloads) has decreased from 38% to 29%, but this remains a significant risk [7] Identity Management Challenges - While 83% of AWS organizations follow best practices in using Identity Providers (IdPs) for cloud identity management, risks persist due to overly-permissive defaults and excessive entitlements [7]