Secureframe Finds 37% of Organizations Reuse Passwords for Cloud Service Providers

Secureframe, a leading provider of compliance automation software, has released new research revealing common security failures in organizations worldwide. These new findings were released in conjunction with the announcement of Secureframe Trust, which helps organizations build customer confidence by enabling them to demonstrate their security, compliance, and privacy posture.

According to the study, three common security failures are prevalent in cloud-first organizations:

  • Access key rotation for cloud service providers had the highest failure rate at 41%.
  • 40% of IAM accounts and 21% of root accounts did not have multi-factor authentication set up for cloud service providers.
  • 37% of organizations reused passwords for cloud service provider logins.

The failure rates for these common security configurations shed light on why account takeover is still one of the top threat vectors leveraged by bad actors. Top cloud platforms such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform all provide capabilities around multi-factor authentication, access key rotation, password reuse prevention natively within their platforms.

Secureframe’s compliance platform helps organizations in achieving security compliance and enhancing their security posture through critical security controls and continuous monitoring of their cloud resources like the ones named above. Once an organization has reached compliance with Secureframe’s platform, they can use Secureframe Trust – a powerful package consisting of a new Trust Center offering combined with Secureframe’s Knowledge Base and ML-powered Questionnaires solutions – to showcase their security posture and build trust with prospects and customers.

With Secureframe Trust, organizations can:

  • Turn their security posture into a competitive advantage by proactively showcasing the measures they have taken around security, compliance, and privacy.
  • Enable prospects to self-serve or request any security documents they need.
  • Streamline security reviews by allowing administrators to review, approve, and deny resource requests from their dashboard.
  • Respond to RFPs and security questionnaires up to 10 times faster with ML-powered questionnaires automation.
  • Maintain a single source of truth on answers to security questions, accessible to anyone in the organization from the comfort of their browser with the Secureframe Knowledge Base Chrome extension.

Secureframe Trust, together with Secureframe’s core compliance platform, will help organizations to prevent cloud security failures, achieve compliance, accelerate security questionnaire responses, and build customer confidence.

“Data security is a top priority for us, and building customer trust is a critical component of our business as an AI company. With Secureframe Trust, it is easier than ever to build a Trust Center that showcases our high compliance standards in a way that is clear, concise, and comprehensive.” – Autumn Moulder, Cohere

To learn more about Secureframe Trust, please visit the website or schedule a demo.


Secureframe empowers businesses to build trust with customers by automating information security and compliance. Thousands of fast-growing businesses such as AngelList, Ramp, Remote, and Coda, trust Secureframe to simplify and expedite their compliance journey for global security and privacy standards such as SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, and more. Backed by top-tier investors and corporations such as Google, Kleiner Perkins, and Accomplice Ventures, the company is amongst the Forbes list of Top 100 Startup Employers for 2023.

Pull Quote

“With Secureframe Trust, it is easier than ever to build a Trust Center that showcases our high compliance standards in a way that is clear, concise, and comprehensive.” Autumn Moulder, Cohere

CellFE announces launch of novel microfluidic cellular engineering platform at ASGCT 2023 Annual Meeting

Kia America Makes EV Ownership More Accessible Through New Education Efforts