What 50 Companies Got Wrong About Cloud Identity Security
HelpNet Security, Friday, July 25th, 2025
Most organizations still miss basic identity security controls in the cloud, leaving them exposed to breaches, audit failures, and compliance violations. A new midyear benchmark from Unosecur found that nearly every company scanned had at least one high-risk issue, with an average of 40 control failures per organization.
The report analyzed diagnostic scan data from 50 enterprises across industries and regions between January and June 2025. Unlike survey-based studies, the findings are based on direct control checks aligned with standards like ISO 27001/27002, PCI DSS, and SOC 2. The goal: provide a reproducible view of where cloud identity practices fall short and how to fix them.
'The changing percentage share may partly reflect less scanning coverage. What the data tells us is simple: if your company runs on any of these three platforms, you have a ready reckoner of the most common compliance violations. For multi-cloud businesses, this data reinforces that not all environments carry the same risk. Assuming they do could leave serious gaps unaddressed,' said Santhosh Jayaprakash, CEO at Unosecur.