Skip to content

Centrify Research Reveals 90% of Cyberattacks on Cloud Environments Involve Compromised Privileged Credentials

SANTA CLARA, Calif. ― March 17, 2021 ― An overwhelming percentage (90%) of cyberattacks on cloud environments in the last 12 months involved compromised privileged credentials, according to new research from Centrify, a leading provider of modern Privileged Access Management (PAM) solutions. The new study, which surveyed 150 IT decision-makers across the U.S., found that 65% of respondents saw attempted attacks on their cloud environments, and 80% of those participants’ cloud environments were successfully compromised.

To identify how reliance on the cloud and resulting risks around this attack surface have progressed a year into the work-from-home era, Centrify partnered with Censuswide to survey these experts. It quickly became evident that the reliability, availability, and scalability afforded by the cloud have become critical to keeping organizations up and running, and cybercriminals are taking notice.

While the majority (63%) of respondents had the foresight to make the move to cloud 3-5 years ago, one-quarter (25%) of respondents had just begun their cloud transition in the last two years. Nearly a third (31%) utilize hybrid and multi-cloud environments, while 45% take a private cloud-only approach, and 23% rely on the public cloud. Availability was resoundingly the top cloud benefit amongst respondents (46%), followed by collaboration (28%), cost savings (15%), and scalability (9%).

Despite the prevalence of cyberattacks targeting the cloud, managing multi-cloud environments were identified as the greatest cloud transition challenge (36%), followed by cybersecurity risks and cloud migration (both 22%). In addition, 19% cited maintaining compliance in the cloud as an ongoing issue.

“Cybercriminals are capitalizing on our reliance on the cloud, and they’re no longer just hacking in. They’re logging in,” said Art Gilliland, CEO, of Centrify. “With almost all of the attacks on the cloud caused by stolen privileged credentials, the security stack must include a centralized PAM solution architected in the cloud, for the cloud. This approach will minimize the attack surface and control privileged access to hybrid environments, even as it evolves post-COVID-19.”

Complete results of the survey are available at To join Centrify, the Identity Defined Security Alliance (IDSA), National Cyber Security Alliance (NCSA), and dozens of other organizations in celebrating the inaugural Identity Management Day on April 13, 2021, visit

For more information about Centrify solutions for managing privileged access to cloud workloads, visit

*The survey of 150 IT decision-makers across the U.S. was conducted by CensusWide in March 2021.


About Centrify
Centrify delivers modern Privileged Access Management (PAM) solutions based on Zero Trust principles to enable digital transformation at scale. Centrify empowers least privilege access for human and machine identities based on verifying who is requesting access, the context of the request, and the risk of the access environment. Centrify centralizes and orchestrates fragmented identities, improves audit and compliance visibility, and reduces risk, complexity, and costs for the modern, hybrid enterprise. Over half of the Fortune 100 trust Centrify, including the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies. Human or machine, in the cloud or on-premise, privileged access is secure with Centrify.

©Centrify 2021. ®Centrify is a registered trademark of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.