Beware the toxic cloud triad, Tenable warns

Tenable, the exposure management company, has released the Tenable Cloud Risk Report 2024*, highlighting that organisations globally, including in the Asia-Pacific (APAC) region, are unknowingly exposed to the “toxic cloud triad,” three cloud security risks that could lead to severe data breaches and financial losses.  

The report underscores the challenges posed by misconfigurations, excessive permissions, and critical vulnerabilities that open doors to threat actors. The findings reveal that 38% of organisations have at least one publicly exposed, critically vulnerable, and highly-privileged cloud workload, forming the toxic cloud triad.

“Any organisation that collects, maintains, and processes data regardless of size or industry, is at risk of a breach if data is not secured properly,” said Nigel Ng, Senior VP, Tenable APJ. 

“The toxic cloud triad is the perfect storm for cyberthreats. Public exposure opens the door to unauthorised access, while critical vulnerabilities give attackers a way in. Once inside, excessive privileges allow them to escalate their control and potentially take over key systems.”

Additional findings from Tenable’s Cloud Research team include:

The majority of organisations have risky access keys to cloud resources: 84.2% possess unused or longstanding access keys with critical or high severity excessive permissions, a significant security gap that poses substantial risk. 

Almost a quarter of cloud identities have critical or high severity excessive permissions: analysis of Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure reveals that 23% of cloud identities, both human and non-human, have critical or high severity excessive permissions. 

Critical vulnerabilities persist: Notably, CVE-2024-21626, a severe container escape vulnerability that could lead to the server host compromise, remained unremediated in over 80% of workloads even 40 days after it was published. 

Nearly three quarters of organisations have publicly-exposed storage: 74% of organisations have publicly exposed storage assets, including those in which sensitive data resides. This exposure, often due to unnecessary or excessive permissions, has been linked to increased ransomware attacks.
 

Close to eight in 10 (78%) organisations have publicly-accessible Kubernetes API servers: Of these, 41% also allow inbound Internet access. Additionally, 58% of organisations have cluster-admin role bindings—which means that certain users have unrestricted control over all the Kubernetes environments.

To combat these cloud risks, Tenable suggests that companies: 

Enhance cloud visibility

Utilise cloud security platforms that provide unified visibility across all workloads. Identifying and prioritising toxic combinations of risks such as public exposure combined with critical vulnerabilities and excessive permissions is crucial.

Implement least-privilege access

Regularly audit and limit access to cloud resources based on the principle of least privilege. Rotate access keys frequently and remove those that are no longer in use to reduce the likelihood of credential misuse.

Patch critical vulnerabilities

Prioritise the remediation of high-risk vulnerabilities, such as CVE-2024-21626, and ensure that critical workloads are regularly updated to minimise exposure.

Close public exposure gaps

Review and correct misconfigurations that lead to the unintentional exposure of public cloud assets. Ensure that only the essential assets are exposed to external networks.  

Ng said: "The toxic cloud triad is preventable, but firms need to take proactive steps. By improving visibility, limiting privileges, and patching vulnerabilities, businesses in APAC can significantly reduce their cloud security risks. Failing to address these issues has historically resulted in catastrophic breaches, in the past and should not be ignored."  

*The Tenable Cloud Risk Report 2024 findings are based on a comprehensive analysis of data gathered from billions of cloud assets across multiple public cloud environments, all scanned using the Tenable Cloud Security platform.

The dataset, collected during the first half of 2024, includes cloud workload and configuration information from real-world assets in active production. It covers cloud environments from leading providers, including Amazon Web Services, Microsoft Azure, and GCP. 

 The analysis focused on identifying critical security risks, such as public exposure, vulnerabilities, and excessive permissions, to provide actionable insights for organisations looking to strengthen their cloud security posture.

Comments

Post a Comment

Popular posts from this blog

Fortinet enhances FortiRecon to align with CTEM framework

Fortinet, the global cybersecurity provider driving the convergence of networking and security, has turned the FortiRecon platform into a comprehensive solution aligned with the continuous threat exposure management (CTEM) framework. The latest release introduces expanded internal attack surface monitoring, adversary-centric dark web intelligence, and security orchestration, all in a unified platform. These enhancements help organisations proactively identify and prioritise real-world exposures, validate risks like an attacker would, and accelerate response. “CISOs and security teams are overwhelmed by growing attack surfaces and an endless stream of unprioritised alerts,” said Nirav Shah, Senior VP of Products and Solutions at Fortinet. “With the latest enhancements to FortiRecon , we’re giving organisations an attacker’s eye view of their internal and external exposures, backed by AI-powered threat intelligence from FortiGuard Labs, real-world validation, and automated response...
Read more

SentinelOne recognised as a 2025 Gartner Peer Insights Customers’ Choice for XDR

SentinelOne, a global provider of AI-powered security, has been named a Customers’ Choice in the 2025 Gartner Peer Insights ‘Voice of the Customer’ for Extended Detection and Response (XDR) report* – one of only two companies with this distinction. A hundred and forty-four users reviewed SentinelOne's Singularity Platform, and 97% said they would recommend the solution to respond to threats across endpoints with AI-powered security, while 97% rated the solution four stars or better.** “With the growing complexity of cyberthreats, organisations need more than siloed security—they need AI-powered, autonomous protection that delivers real-time detection and response across their entire attack surface. Customers have made it clear that SentinelOne’s XDR provides the intelligence, automation, and efficiency they need to stay ahead of threats and secure their environments with confidence,” said Ely Kahn, VP, Product Management, SentinelOne. Gartner defines extended detection and ...
Read more

AWS: AI adoption grows 20% in Singapore

Image
Amazon Web Services (AWS), an Amazon.com company, has found* that AI adoption continues to accelerate in Singapore. In the past year alone, 27,000 1 Singapore businesses adopted AI for the first time—equivalent to over three new adopters every hour. In sum, nearly 170,000 (48%) of businesses in Singapore have adopted AI 2 , up from approximately 143,000 (40%) a year ago. This represents a 20% year-over-year growth rate, AWS said. AI adoption is the strongest in the financial services industry (71%), followed by the technology sector ( software developers, data analytics firms, cloud service providers, and digital startups) at 70%, and healthcare at 63%. Among Singapore’s businesses that have adopted AI, 82% reported an increase in revenue, at an average increase of 19%, while 90% report significant productivity improvements. A large majority (85%) of those who have adopted AI say the technology is likely to increase their growth in the next year, and 89% expect an average of 17%...
Read more