Modern business is migrating en masse to the public cloud, often citing enhanced security as one of the key arguments for this transformation. However, behind the facade of this digital revolution, a quiet and disastrous crisis is unfolding. It stems not from the inherent flaws of cloud platforms, but from the way they are being used. This brings us to a fundamental question: for the average company today, is the cloud a digital safe or rather a leaky colander?
The response brought by the latest Tenable 2025 Cloud Security Risk Report is alarming. The analysis found that while 9% of publicly accessible cloud resources contain sensitive data, up to 97% of this exposed information is classified as proprietary or confidential. This is not random, irrelevant data. These are strategic assets, intellectual property and customer data that become easy targets for cybercriminals.
Quantifying the “colander effect” in financial and operational terms
Understanding the scale of the problem is crucial. Data from a range of independent, reputable sources paints a picture of risk that no business decision-maker can ignore. This is not a theoretical threat; it is a measurable, growing and extremely costly reality. The starting point of our analysis is the shocking data from the Tenable report. The key finding that 9% of publicly available cloud storage contains sensitive data is in itself alarming. But the real alarm rings out when we realise that 97% of this data is sensitive information. This means that configuration errors do not lead to the leakage of insignificant files, but to the exposure of a company’s most guarded secrets. The reliability of this data is unquestionable. The report is based on an analysis of actual telemetry from the Tenable Cloud Security platform, collected from a variety of public and enterprise cloud environments between October 2024 and March 2025. This is not survey data, but hard evidence from production systems in operation.
Data exposure is not just a technical problem – it is, above all, a huge financial risk. To translate these risks into concrete figures, let’s look at the IBM Cost of a Data Breach Report 2024. According to this study, the average global cost of a data breach reached a record $4.88 million, a 10% increase on the previous year. IBM’s analysis goes a step further, however, providing data that is key from the perspective of this article. Breaches where data was stored in the public cloud proved to be the most costly type of incident, generating an average cost of US$5.17 million. This directly links the location of the problem (the cloud) to its financial penalty. Furthermore, the report introduces the concept of ‘shadow data’ – information stored in unmanaged and often unknown to IT departments. As many as 35% of breaches involved such data, and the cost was 16% higher, reaching US$5.27 million, with almost 25% more time required to detect and contain it.
The problem is not static; it is escalating at an alarming rate. Data from other leading reports confirms this dangerous trend. The CrowdStrike 2024 Global Threat Report indicates a 75% year-on-year increase in cloud intrusions.
Palo Alto Networks 2024 State of Cloud-Native Security Report reports that 64% of organisations have seen an increase in data breaches in the last 12 months. The Verizon 2024 Data Breach Investigations Report (DBIR), on the other hand, reveals that the number of breaches resulting from the exploitation of vulnerabilities has almost tripled (by 180%) in one year. This surge has been driven primarily by zero-day attacks on internet-accessible systems, demonstrating that attackers are actively and effectively exploiting vulnerabilities.
The combination of this data reveals a phenomenon that can be described as a ‘digital perfect storm’. On the one hand, there is the exponential increase in the cost of a single incident, especially in the cloud, as the IBM report confirms. This is the ‘impact’ variable in the risk equation. On the other hand, reports from CrowdStrike, Verizon and Palo Alto Networks clearly show that the frequency and speed of attacks on cloud environments is increasing dramatically. This, in turn, is a ‘probability’ variable. In basic risk calculus, Risk = Probability x Impact. When both of these variables increase simultaneously and in such an exponential manner, the overall business risk does not increase linearly, but exponentially. For the IT sales channel, the lesson is clear: cloud security is not just another problem to add to the list. It’s probably the fastest growing area of critical risk for their customers, which justifies positioning services in this area as an absolute priority, not just an add-on. This is a conversation about business continuity, not just IT hygiene.
Anatomy of a spill: Deconstructing the four horsemen of the cloud apocalypse
Having understood the scale of the problem (‘what’), it is now time to diagnose its causes (‘why’). This section looks at the fundamental errors that lead to massive data exposure. As the reports show, we are not dealing with sophisticated, unavoidable attacks, but with failures in the area of basic security hygiene.
The first and main culprit is misconfigurations. They can be likened to leaving a bank vault door open. The problem lies not in the quality of the lock, i.e. the cloud provider’s infrastructure, but in the failure to use it. The Palo Alto Networks report provides a key reason for this: 71% of organisations have vulnerabilities resulting from rushed deployments. The ‘just get it up and running faster’ mentality , prevalent in many development teams, leads directly to leaving unsafe defaults and configurations open to the world. This phenomenon compounds complexity. Gartner analysts point out that the “relentless growth of cloud adoption” is leading to sprawling, difficult-to-manage digital ecosystems. It is in such a complex environment that configuration errors develop most easily. The IBM report confirms that cloud misconfiguration is a common attack vector, accounting for 15% of breaches.
The second horseman is the secrets exposed. In security jargon, ‘secrets’ are passwords, API keys, certificates and authentication tokens. These are digital keys that give direct access to systems and data. The Tenable report provides devastating statistics showing how widespread the problem of their improper storage is. For example, 54% of organisations using job definitions in AWS ECS store at least one secret in them, as do 52% of companies using GCP Cloud Run and 31% using workflows in Microsoft Azure Logic Apps. The epidemic of exposed secrets is the main fuel for the rising tide of ‘malware-less’ and identity-based attacks. Attackers no longer need to bother creating malware when they can simply find the keys left in publicly available code. The CrowdStrike report indicates that 79% of intrusions are now malware-free, and Verizon DBIR confirms that the use of stolen credentials is the most common initial action in breaches.
The third element is a phenomenon that Tenable illustratively calls the ‘toxic cloud trilogy’. It describes a single cloud resource that is simultaneously publicly accessible from the internet, critically vulnerable to attack due to unpatched vulnerabilities and highly privileged due to excessive IAM privileges. Although the percentage of companies with at least one such trilogy has fallen, it still affects an alarmingly high 29% of organisations. This configuration is a ready recipe for disaster, giving an attacker a direct attack vector on a vulnerable system that, once compromised, provides powerful privileges for further action.
The fourth and final horseman is identity and access management (IAM) failures. Many organisations live under the misconception that implementing a modern identity provider (IdP) solves the problem. The Tenable report debunks this myth, showing that 83% of organisations on AWS are using IdP services, but are still at risk from overly permissive defaults and excessive permissions. This fits perfectly with the trends identified by Gartner, which identifies ‘managing machine identities’ as one of the key challenges. Palo Alto Networks’ data of a 116% increase in ‘impossible journey’ alerts shows that identity abuse is the order of the day. Excessive privileges are a force multiplier for any successful intrusion.
How to turn customer risk into a service revenue strategy
This section is the strategic heart of the article. It translates the diagnosed problems into concrete, practical service portfolios for the IT sales channel. A perfect starting point is a comment from Ari Eitan, director of cloud security research at Tenable: “Despite the security incidents we have witnessed … organisations continue to leave critical cloud resources…. vulnerable to attacks through avoidable configuration errors”. This quote perfectly frames the market opportunity: customers cannot manage these risks on their own and urgently need expert help. This need is compounded by the skills gap. An IBM report indicates that 53% of organisations report staff shortages in security teams, which directly translates into higher breach costs. This is the ultimate argument for clients to outsource these tasks to a competent managed service provider (MSP).
Sales channel partners can build a modern security portfolio that directly addresses the problems of the ‘four horsemen’. In response to misconfigurations, a natural solution is to offer managed cloud security level management (Managed CSPM). This service consists of continuous, automated monitoring of cloud environments against security benchmarks to detect and fix errors, such as publicly available S3 buckets. It is a direct answer to a major problem, and its market rationale is found in a Palo Alto Networks report, which indicates that 92% of security professionals want better, ready-to-use visibility and risk prioritisation.
To address the problem of exposed secrets and the ‘toxic trilogy’, the sales channel should offer a managed cloud-native application protection platform (Managed CNAPP). This is a unified platform that combines CSPM, cloud resource protection and other functions to identify the ‘toxic trilogy’ by correlating network exposure data, vulnerabilities and IAM permissions – something point tools cannot do. The investment in CNAPP’s expertise is in line with the direction of the market, as confirmed by Forrester, identifying a trend of security platform convergence.
In the face of IAM governance failures, partners can provide IAM health auditing and Zero Trust consulting services. This includes auditing IAM roles for excessive privileges, implementing the principle of least privilege and implementing modern access control mechanisms such as just-in-time (JIT) on-demand access, recommended by Tenable. This service directly addresses the ‘excessive privileges’ problem and the ‘malware-free’ attack vector identified by CrowdStrike.
Finally, to address the lack of data visibility, the channel can offer data security level management (DSPM as a Service). This newer discipline focuses on discovering, classifying and tracking sensitive data across the cloud ecosystem, including ‘shadow data’. It is a direct response to a key finding of the Tenable report (97% of exposed data is sensitive) and the high cost of breaches involving ‘shadow data’ identified by IBM.
The most successful sales channel partners will not offer these services as separate products. Instead, they will combine them into a holistic ‘Cloud Resilience’ offering. Such a move allows them to move up the value chain – from tactical tool reseller to strategic security partner. The problems identified are inextricably linked. Selling separate point solutions reproduces the problem the customer is trying to solve – as the Palo Alto Networks report points out, 91% of organisations say point tools create visibility blind spots. Gartner also highlights the paradigm shift from prevention to cyber resilience , which requires an integrated rather than fragmented approach.
From reactive patching to proactive partnerships
In summary, the picture emerging from the analysis of leading industry reports is clear: data exposure in the cloud is widespread, costly and rapidly growing. Most importantly, it is not a technology problem, but a problem of processes, competence and operational hygiene. Its origins lie in avoidable configuration errors, careless management of secrets and negligence in the area of identity and access.
The current state of affairs is a direct result of a skills gap that the IT sales channel is uniquely predisposed to fill. This is a historic opportunity to evolve from the role of technology resellers to that of indispensable security partners who deliver proactive, continuous risk management rather than, as the expert Tenable put it, ‘reactive patching’.
The choice facing sales channel partners is clear. They can continue to sell point solutions to their customers’ increasingly fragmented and inefficient technology stacks. Alternatively, they can use this moment to build a strategic, high-margin managed services practice around cloud security. The ultimate message, then, is a call to action: the data and tools are available. The opportunity is here and now. Seizing it will not only generate significant revenue, but also fundamentally strengthen customer resilience in an era of digital transformation.
