Businesses in Singapore and Southeast Asia are facing critical cloud security vulnerabilities, according to the 2025 Cloud Security Risk Report released by Tenable. The report highlights alarming gaps in cloud environments, revealing that 9% of cloud storage resources contain sensitive data, whilst 54% of organisations have secrets embedded in workloads. These misconfigurations could lead to data breaches, financial losses, and regulatory repercussions.
The report’s findings are particularly concerning for organisations in regulated sectors or those managing cross-border data flows. In Singapore, frameworks such as the Cybersecurity Act and Personal Data Protection Act (PDPA) impose stringent data protection requirements. Similar regulations exist across the region, including Indonesia’s Personal Data Protection Law and Malaysia’s PDPA, underscoring the need for robust cloud governance.
Tenable’s research found that nearly one in ten publicly accessible storage locations holds sensitive data due to common misconfigurations and weak access controls. Additionally, 54% of organisations using AWS ECS task definitions have secrets embedded, exposing them to potential cloud environment takeovers. Furthermore, 3.5% of AWS EC2 instances contain credentials in user data, providing attackers with pathways to escalate privileges.
Ari Eitan, Director of Cloud Security Research at Tenable, emphasised the importance of securing secrets within cloud infrastructures. “Secrets are the keys to the kingdom, yet many organisations are unknowingly leaving them unguarded,” he stated. Eitan urged organisations to prioritise security hygiene to prevent potential breaches.
As Singapore continues to expand cloud adoption, supported by initiatives like IMDA’s Cloud Outage Incident Response framework, the report stresses the need for a proactive, risk-driven security strategy. Understanding data access and implementing strong controls must become a priority at the board level to mitigate these risks.
“`
