Cloud Data Security Snapshot: Current Exposure Trends

As cloud adoption accelerates, so do the risks of data exposure — and the stakes have never been higher.

Wiz Research analyzed hundreds of thousands of cloud accounts across organizations of all sizes to assess the current state of data security in the cloud. The findings point to real, solvable challenges that many teams face — from overly permissive storage buckets to vulnerable containers and service accounts. This report offers data-backed insights and practical steps to help cloud and security teams close gaps, strengthen posture, and build resilient environments. 

Fact 1

Sensitive data is often stored in exposed assets.

54% of cloud environments have exposed VMs and serverless instances containing sensitive information like PII or payment data. 35% of those are also vulnerable to high-severity threats. Identifying and remediating these exposures is key to reducing risk and staying ahead of compliance requirements.

Fact 2

Public doesn’t necessarily mean risky—unless it includes sensitive data.

Public assets are common in cloud architectures—but context matters. 72% of cloud environments have publicly exposed PaaS databases that lack sufficient access controls, creating a higher likelihood of sensitive data exposure. By identifying which public assets actually introduce risk, security teams can better prioritize what needs to be secured. 

Fact 3

Toxic combinations amplify impact.

It’s not just about whether an asset is exposed—it’s about what’s inside and how easily it can be exploited. 29% of cloud environments have exposed assets containing personal information, and 35% have compute assets that both expose sensitive data and are vulnerable to critical or high-severity threats. These combinations give attackers both the target and the means.

Fact 4

Containers and endpoints need ongoing attention.

12% of cloud environments have publicly exposed containers with high-severity vulnerabilities that have known exploits. As container adoption accelerates, continuous monitoring and configuration management are essential for minimizing risk.

Conclusions

Misconfigurations, exposure, and access issues remain a reality in cloud environments — but they’re not inevitable. This report outlines where today’s most common cloud data security gaps lie, and how teams can tackle them with the right visibility, context, and control. 

Download the full Cloud Data Security Snapshot to explore: 

  • Trends in cloud misconfigurations and access control failures 

  • Real-world breach examples that illustrate the impact 

  • How Wiz helps organizations discover, monitor, and protect sensitive data in the cloud