SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Data Protection
#
Network Security
#
Cloud Security

Tenable report warns of cloud security gaps in Singapore & SEA

Today
Author image
By Kaleah Salmon, Journalist

A recent report from Tenable has revealed major gaps in cloud security across Singapore and Southeast Asia, underscoring exposure risks that may impact data protection and regulatory compliance.

The Tenable Cloud Security Risk Report 2025 highlights that businesses in the region are increasingly exposed due to misconfigured cloud environments, limited visibility into cloud assets, and inadequate protection against embedded secrets and credentials.

Key report findings

According to the report, 9% of cloud storage resources analysed contained restricted or sensitive data. While this percentage may appear small, the scale of cloud deployments means that millions of sensitive records could be at risk of exposure. The report also warns that nearly one in ten publicly accessible storage locations holds sensitive information, a situation primarily attributed to widespread misconfigurations, inadequate access controls, and the lack of comprehensive visibility.

Another area of significant concern is the management of secrets and credentials within cloud workloads. Tenable's research found that 54% of organisations using AWS ECS task definitions had secrets embedded within them, presenting the risk of potential full environment takeovers or exploitation methods such as unauthorised crypto mining. For AWS EC2 instances, 3.5% were found to contain embedded credentials in user data, providing attackers with an opportunity to escalate their privileges and compromise critical resources.

"Secrets are the keys to the kingdom, yet many organisations are unknowingly leaving them unguarded across their cloud infrastructures," said Ari Eitan, Director of Cloud Security Research at Tenable. "In today's threat landscape, complacency is costly. Organisations must treat secrets with the highest level of security hygiene to prevent attackers from gaining footholds that can spiral into full-blown breaches."

Regulatory context and potential impacts

The implications of the report's findings are particularly significant for sectors that are highly regulated or manage cross-border data flows. In Singapore, regulations such as the Cybersecurity Act, the Personal Data Protection Act (PDPA), and the Monetary Authority of Singapore (MAS) Technology Risk Management Guidelines place strict requirements on data protection and cloud security.

Elsewhere in Southeast Asia, laws like Indonesia's Personal Data Protection Law (PDP Law), Thailand's Personal Data Protection Act (PDPA), Malaysia's Personal Data Protection Act (PDPA), and the Philippines' Data Privacy Act also impose robust controls over how sensitive information is managed in cloud settings.

The report states that poor visibility and frequent misconfigurations among organisations could result in breaches that carry not only financial consequences but also the risk of sanctions for non-compliance with national and regional regulations.

Tenable's findings highlight that these vulnerabilities are not only theoretical but have practical implications for real-world attacks and incidents. Exposure due to relaxed controls or a lack of secrets management can provide attackers with direct access to sensitive organisational data that is subject to legal protections and compliance obligations.

Priority for management

With the accelerating adoption of cloud technologies in Singapore and the wider Southeast Asian region, the report underlines the importance for enterprises to implement continuous monitoring and robust security controls. National efforts, such as Singapore's Infocomm Media Development Authority (IMDA) Cloud Outage Incident Response (COIR) framework, are cited as steps towards better managing cloud risks.

"The cloud offers incredible agility, but without strong controls and continuous monitoring, it also opens the door to significant exposures," Eitan added. "Understanding where your sensitive data and credentials are and who can access them must now be a board-level priority."

The Tenable Cloud Security Risk Report draws on telemetry and data collected between October 2024 and March 2025 from a range of cloud environments, including both public and enterprise-focused ones. These findings are intended to prompt organisations in Singapore and throughout Southeast Asia to reassess their cloud governance and take necessary actions to protect against compliance breaches, financial loss, and reputational damage.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Most firms overestimate AI governance as privacy risks surge
Poor cloud security leaves secrets & data at risk, report finds
IDC’s Chris Marshall reveals why tech needs to scale smart
Netskope expands Microsoft partnership to boost AI data security
Azul & Chainguard partner on zero-CVE Java containers
Top stories
Cyber experts urge SMEs to adopt risk tools amid rising threats
Sumsub unveils 'The Beast 2.0' to combat digital fraud in APAC
AI adoption surges in Asia Pacific manufacturing for quality, efficiency
Hornetsecurity launches AI cyber assistant for Microsoft 365
Cloudflare thwarts record 7.3 Tbps DDoS attack with automation