And The Cloud Goes Wild: Looking at Vulnerabilities in Cloud Assets

27% of assets hosted by Azure were vulnerable to at least one security issue or misconfiguration.

Assets hosted by Azure showed 0.07% with critical vulnerabilities.

Assets with both critical and easily exploitable issues were found across all cloud providers.

AWS showed the lowest rate for assets with both critical and easily exploitable issues at 0.02%.

Assets hosted by cloud providers other than AWS, Google, and Azure showed approximately 10 times higher rates of critical vulnerabilities compared to AWS, Google Cloud, and Azure.

Alternative cloud and hosting providers showed rates ten times higher than AWS for assets with both critical and easily exploitable issues

Assets hosted by AWS and Google Cloud showed 0.04% with critical vulnerabilities.

38% of assets hosted by Google Cloud were vulnerable to at least one security issue or misconfiguration. This rate for Google Cloud was over 2.5x more than assets hosted by AWS.

Critical vulnerabilities (CVSS 9.0 or higher) were detected on assets hosted by all cloud providers, though uncommon.

10% of assets on hosting providers other than AWS, Google, and Azure had easily exploitable vulnerabilities. This compares to 5 percent hosted on Google Cloud with easily exploitable vulnerabilities and just 2 percent on AWS and Azure with easily exploitable vulnerabilities.

15% of assets hosted by AWS were vulnerable to at least one security issue or misconfiguration.