54% of companies using the cloud expose "secrets" due to a lack of cybersecurity

According to the study, which analyzed “millions of cloud assets,” 9% of publicly accessible storage resources contained sensitive data.

For his part, Tenable's senior vice president for Latin America and the Caribbean, Francisco Ramírez de Arellano, told EFE that the "most critical" finding is not the previous indicator, but rather that 97% of the exposed data "was classified as restricted or confidential."

The above indicates that almost all of this information is not only sensitive, but also represents "immediate and high-impact" risks for organizations using the cloud.

This vulnerability can lead to customer data breaches, theft of confidentiality, and potential financial losses, including fines for regulatory noncompliance.

Oracle's general manager for Colombia and Ecuador, Germán Borromei, told EFE that this high exposure of confidential data "reflects that there are still gaps in access control, continuous monitoring, and data governance policies in many organizations."

According to Tenable, 29% of organizations have at least one “toxic trilogy” in the cloud. This refers to a workload that is publicly exposed, highly vulnerable, and highly privileged, creating a high-risk attack path and a prime target for bad actors.

According to Ramírez de Arellano, these points make up “the perfect storm” in the cloud.

“A publicly exposed payload is a door that leads to the street. A critical vulnerability is that the lock on that door is broken, and high privilege means that the door doesn't lead to a massive hallway, but rather gives direct access to the control room,” he explained.

On the other hand, Borromei stated that, in modern enterprise cloud architectures, each company's data "is completely isolated."

"However, when companies don't properly configure their resources or use platforms with less robust security systems, there's a risk of collateral incidents," said the executive from Oracle, a company specializing in the development of cloud solutions.

The solution proposed by Ramírez de Arellano aims to "adopt a proactive and unified management" of the exhibition.

“Effective exposure management relies on gaining complete, end-to-end visibility, from code to cloud, to understand the entire attack surface,” he said.

The goal is to implement preventative measures, such as protecting identities, eliminating excessive permissions, and treating "secrets" as high-value assets by securing them in vaults or removing them from unsafe locations.

For his part, Diego Marín, president of the Colombian technology company Heinsohn, told EFE that "there's already talk of post-quantum cryptography," which he described as the next "big wave" after artificial intelligence. This is because, without this type of cryptography, cyber protection will be practically impossible.

Given this scenario, Marín emphasized the importance of each cloud organization taking the necessary measures to protect its data, as cyberattacks can spread to other companies.

"Here, the recommendation is always two things: have monitoring structures between providers and between those nodes, to detect those early warnings," added the executive from Heinsohn, which specializes in technological solutions for companies.

Tenable's report also revealed that 75% of leading information technology (IT) organizations in Mexico and Brazil, the largest economies in Latin America, find their "greatest source of exposure" in cloud infrastructure security.

“Companies in the region face enormous pressure to innovate and adopt cloud technologies to remain competitive. However, this accelerated adoption often occurs without security practices evolving at the same pace,” said Ramírez de Arellano.

Furthermore, the Tenable vice president suggested that the solution for the economies of the aforementioned countries must be twofold: companies must adopt a "proactive exposure management" model, and governments must "accelerate" the creation of "robust and coherent" regulatory frameworks.

Tenable, headquartered in Columbia, South Carolina, is dedicated to vulnerability and cyber exposure management. The company was founded in 2002 and has more than 44,000 customers globally.

Author: Christian Lozano López