Tenable®’s 2025 Cloud Security Risk Report reveals a significant security crisis in Singapore and Southeast Asia, with security gaps in cloud environments exposing sensitive data to embedded secrets. This could lead to data breaches, financial losses, and regulatory repercussions. The report is particularly relevant for organizations operating in regulated sectors or managing cross-border data flows. Singapore’s Cybersecurity Act, Personal Data Protection Act, and MAS Technology Risk Management Guidelines highlight the need for organizations to prioritize strong cloud governance and security to meet evolving compliance and cybersecurity demands.
The research reveals a significant and widespread risk, finding that 9% of all analyzed cloud storage resources contain restricted or confidential information. This seemingly small percentage translates to millions of sensitive records potentially exposed in environments housing vast volumes of data. Even more alarming, nearly one in ten publicly accessible storage locations hold sensitive data, driven by common misconfigurations, weak access controls, and limited visibility, exposing organizations across industries to serious security and compliance threats in line with local/regional data residency expectations.
The risks do not end there. Tenable’s findings show that 54% of organizations with AWS ECS task definitions have a secret embedded within them, exposing businesses to the threat of full cloud environment takeovers or exploitation activities like unauthorized crypto mining. Even within AWS EC2 instances, 3.5% contain credentials embedded in user data, giving attackers a clear pathway to escalate privileges and compromise environments.
“Secrets are the keys to the kingdom, yet many organizations are unknowingly leaving them unguarded across their cloud infrastructures,” said Ari Eitan, Director of Cloud Security Research at Tenable. “In today’s threat landscape, complacency is costly. Organizations must treat secrets with the highest level of security hygiene to prevent attackers from gaining footholds that can spiral into full-blown breaches.”
With Singapore continuing to scale up cloud adoption, supported by national initiatives like IMDA’s Cloud Outage Incident Response (COIR) framework and regional efforts to enable secure digital economies, the report highlights the urgent need for a proactive, risk-driven security strategy. “The cloud offers incredible agility, but without strong controls and continuous monitoring, it also opens the door to significant exposures,” Eitan added. “Understanding where your sensitive data and credentials are and who can access them must now be a board-level priority.”
The report reflects findings by the Tenable Cloud Research team based on telemetry from workloads across diverse public cloud and enterprise environments, analyzed from October 2024 through March 2025. To download the report today, please visit: https://www.tenable.com/cyber-exposure/tenable-cloud-security-risk-report-2025
