What's Happening?
A recent report by ReliaQuest has highlighted identity-related weaknesses as the primary source of cloud security risks. The report indicates that 44% of true-positive alerts in the third quarter of 2025
were linked to issues such as excessive permissions, misconfigured roles, and credential abuse. These vulnerabilities are often exploited by threat actors who target the identity layer due to insecure storage of cloud keys and credentials, which can be purchased on cybercrime markets for as little as $2. The report also notes that 99% of cloud identities are over-privileged, allowing attackers to escalate access without detection. Additionally, poor DevOps practices contribute to security risks by perpetuating legacy vulnerabilities in new software deployments.
Why It's Important?
The findings underscore the critical need for organizations to address identity-related vulnerabilities to protect their cloud environments. As businesses increasingly rely on cloud services, the potential attack surface grows, making it imperative to secure identity management processes. Failure to do so can lead to significant security breaches, financial losses, and reputational damage. The report's emphasis on excessive permissions and misconfigured roles highlights the importance of implementing robust access controls and regular audits to prevent unauthorized access. Organizations that prioritize these measures can better safeguard their data and maintain trust with stakeholders.
What's Next?
The report calls for organizations to enhance their security posture by addressing identity-related vulnerabilities and improving DevOps practices. This includes implementing stricter access controls, conducting regular security audits, and ensuring clear ownership of risk remediation processes. As the cloud infrastructure continues to evolve, businesses must stay vigilant and adapt their security strategies to mitigate emerging threats. Collaboration between security teams and DevOps professionals will be crucial in identifying and resolving vulnerabilities promptly.
Beyond the Headlines
The report highlights the systemic risks associated with rapid cloud infrastructure deployments, which can inadvertently replicate vulnerabilities across environments. This points to a broader issue of balancing speed and security in cloud operations. Organizations must consider the long-term implications of their deployment strategies and invest in automated security solutions that can keep pace with the rapid creation of new assets. Additionally, fostering a culture of security awareness among employees can help prevent credential abuse and reduce the risk of identity-related attacks.
