Compromised credentials leading to attack on cloud environments – Centrify

According to a new report from Centrify, who are a leader in Privileged Access Management (PAM), an overwhelming percentage (90%) of cyberattacks on cloud environments in the last 12 months involved compromised privileged credentials. The new study, which surveyed IT decision makers, found that 65% of respondents saw attempted attacks on their cloud environments, and 80% of those participants’ cloud environments were successfully compromised. 


To identify how reliance on the cloud and resulting risks around this attack surface have progressed a year into the work-from-home era, Centrify partnered with CensusWide to survey these experts. It quickly became evident that the reliability, availability, and scalability afforded by the cloud have become critical to keep organizations up and running, and cybercriminals are taking notice.


While the majority (63%) of respondents had the foresight to make the move to cloud 3-5 years ago, one-quarter (25%) of respondents just began their cloud transition in the last two years. Nearly a third (31%) utilize hybrid and multi-cloud environments, while 45% take a private cloud-only approach, and 23% rely on public cloud. Availability was resoundingly the top cloud benefit amongst respondents (46%), followed by collaboration (28%), cost savings (15%), and scalability (9%). 


Despite the prevalence of cyberattacks targeting the cloud, managing multi-cloud environments was identified as the greatest cloud transition challenge (36%), followed by cybersecurity risks and cloud migration (both 22%). In addition, 19% cited maintaining compliance in the cloud as an ongoing issue.


“Cybercriminals are capitalizing on our reliance on the cloud, and they’re no longer just hacking in. They’re logging in,” said Art Gilliland, CEO, Centrify. “With almost all of the attacks on the cloud caused by stolen privileged credentials, the security stack must include a centralized PAM solution architected in the cloud, for the cloud. This approach will minimize the attack surface and control privileged access to hybrid environments, even as it evolves post-COVID-19.”



Complete results of the survey are available at To join Centrify, the Identity Defined Security Alliance (IDSA), National Cyber Security Alliance (NCSA), and dozens of other organizations in celebrating the inaugural Identity Management Day on April 13, 2021, visit:


For more information about Centrify solutions for managing privileged access to cloud workloads, visit


*The survey of 150 IT decision makers across the U.S. was conducted by CensusWide in March 2021.