State of Cloud Security 2024

Attackers have continued to adapt their techniques to an increasingly cloud-native landscape, with new threats targeting the different cloud platforms constantly emerging. As threats evolve, understanding the major sources of risk and patterns of attacker behavior in cloud environments is critical.

For the 2024 edition of our State of Cloud Security study, we analyzed security posture data from a sample of thousands of organizations that use AWS, Azure, or Google Cloud. Our findings suggest that adoption of secure configurations in cloud environments continues to improve, thanks to greater awareness and better enforcement of secure defaults. Still, risky or overly privileged credentials remain a major entry point for attackers. This risk can be heightened by common misconfigurations across elements of cloud infrastructure, including compute and storage instances, managed Kubernetes distributions, and third-party integrations with SaaS providers.