CFOtech Australia - Technology news for CFOs & financial decision-makers
Australia
Guides
#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
healthtech
Search
Story image
#
Data Protection
#
Cloud Security
#
Cloud adoption

Australian cloud data risk rises as report finds widespread flaws

Today
Author image
By Melvin Hipolito, Editor

Australian organisations are exposed to widespread cloud security risks, according to new research from Tenable.

The 2025 Cloud Security Risk Report, released by Tenable, details how significant vulnerabilities in cloud environments are putting sensitive data at risk. The report identifies persistent issues, including misconfigured cloud storage and secrets embedded in workloads, which elevate the risk of data breaches and non-compliance with national regulations such as Australia's Privacy Act and the Notifiable Data Breaches (NDB) scheme.

The report states that 9% of all analysed cloud storage resources contain restricted or confidential information. Although this percentage might appear relatively low, in cloud environments responsible for storing vast amounts of data, it equates to millions of sensitive records that could be exposed if compromised. Of notable concern is the finding that nearly one in ten publicly accessible cloud storage locations holds sensitive data. The exposure is primarily attributed to common misconfigurations, inadequate access controls, and restricted organisational visibility into these resources.

In addition to storage risks, the report highlights the dangers posed by embedded secrets in cloud workloads. According to the findings, 54% of organisations using AWS ECS (Elastic Container Service) task definitions were found to have a secret embedded within them. This situation considerably heightens the risk of attackers taking over entire cloud environments or conducting unauthorised activities, such as crypto mining, within affected systems.

The research also found that within AWS EC2 (Elastic Compute Cloud) instances, 3.5% contain credentials embedded in user data. This configuration provides potential attackers with a straightforward path to escalate privileges, move laterally within cloud infrastructure, and compromise critical systems or data.

"Secrets are the keys to the kingdom, yet many organisations are unknowingly leaving them unguarded across their cloud infrastructures," said Ari Eitan, Director of Cloud Security Research at Tenable. "In today's threat landscape, complacency is costly. Organisations must treat secrets with the highest level of security hygiene to prevent attackers from gaining footholds that can spiral into full-blown breaches."

The report notes that the risks associated with cloud storage and embedded secrets are made more serious by evolving regulatory requirements in Australia. Provisions under the Security of Critical Infrastructure (SOCI) Act now require that essential service providers implement robust risk management frameworks and promptly report cyber incidents. At the same time, updates to the Australian Signals Directorate's Essential Eight maturity model advocate for enhanced baseline security controls across businesses managing sensitive or critical data in the cloud. There is also continuing enforcement by the Office of the Australian Information Commissioner (OAIC) of the Privacy Act and NDB scheme. Failure to comply with these regulations can lead to significant financial penalties and reputational damage for affected organisations.

The tightening regulatory landscape is prompting organisations to review and strengthen their cloud security postures, particularly as cloud adoption increases across the country.

Ari Eitan commented on the need for enhanced security strategies in the current context. "As Australian organisations adopt more cloud, a proactive, risk-driven security strategy aligned with Australian Cyber Security Centre's Essential Eight and zero trust principles is urgently needed. The cloud offers agility, but without strong controls and continuous monitoring, it creates significant exposures. Understanding sensitive data, credentials, and access must be a board-level priority," Eitan added.

The 2025 Cloud Security Risk Report is based on analysis by the Tenable Cloud Research team, which examined telemetry data from a broad range of public cloud and enterprise environments. The data was collected between October 2024 and March 2025.

The report underlines the importance for Australian organisations to improve visibility, tighten controls, and prioritise cloud security as part of their overall risk management, particularly in the context of ongoing regulatory change.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
TCS & Council of Europe Development Bank automate reconciliation
Thai organisations face surge in cyberattacks after border clash
Adairs saves AUD $5 million by bringing supply chain in-house
Puma & Adyen unify payments to enhance Asia Pacific retail
Chris Petzoldt departs Simon-Kucher after twenty five years
Top stories
Nicola Gerber appointed Fastly Vice President for APJ growth drive
IDC’s Chris Marshall reveals why tech needs to scale smart
Ingram Micro Experience 2025 to gather 1,000 tech leaders in Sydney
Securonix & Prophecy join forces to streamline SIEM security data
Ecommpay shortlisted for best eCommerce payment solution award