Secureframe finds 37% of organizations reuse passwords for cloud service providers

May 8, 2023—San Francisco—Secureframe, a leading provider of compliance automation software, has released new research revealing common security failures in organizations worldwide. These new findings were released in conjunction with the announcement of Secureframe Trust, which helps organizations build customer confidence by enabling them to demonstrate their security, compliance, and privacy posture.

According to the study, three common security failures are prevalent in cloud-first organizations:

  • Access key rotation for cloud service providers had the highest failure rate at 41%.
  • 40% of IAM accounts and 21% of root accounts did not have multi-factor authentication set up for cloud service providers.
  • 37% of organizations reused passwords for cloud service provider logins.

The failure rates for these common security configurations shed light on why account takeover is still one of the top threat vectors leveraged by bad actors. Top cloud platforms such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform all provide capabilities around multi-factor authentication, access key rotation, password reuse prevention natively within their platforms. 

Secureframe’s compliance platform helps organizations in achieving security compliance and enhancing their security posture through critical security controls and continuous monitoring of their cloud resources like the ones named above. Once an organization has reached compliance with Secureframe’s platform, they can use Secureframe Trust – a powerful package consisting of a new Trust Center offering combined with Secureframe’s Knowledge Base and ML-powered Questionnaires solutions – to showcase their security posture and build trust with prospects and customers.

 With Secureframe Trust, organizations can:

  • Turn their security posture into a competitive advantage by proactively showcasing the measures they have taken around security, compliance, and privacy.
  • Enable prospects to self-serve or request any security documents they need,
  • Streamline security reviews by allowing administrators to review, approve, and deny resource requests from their dashboard.
  • Respond to RFPs and security questionnaires up to 10 times faster with ML-powered questionnaires automation.
  • Maintain a single source of truth on answers to security questions, accessible to anyone in the organization from the comfort of their browser with the Secureframe Knowledge Base Chrome extension.

Secureframe Trust, together with Secureframe’s core compliance platform, will help organizations to prevent cloud security failures, achieve compliance, accelerate security questionnaire responses, and build customer confidence.

"Nametag is the world’s first identity verification platform designed to protect accounts from impersonators and AI-generated deep fakes. Thanks to Secureframe Trust, we can now confidently showcase our security and compliance standards in a way that's crystal-clear, concise, and comprehensive for our valued customers," says Andy Caird of

To learn more about Secureframe Trust, please visit the website or schedule a demo here.


Secureframe empowers businesses to build trust with customers by automating information security and compliance. Thousands of fast-growing businesses such as AngelList, Ramp, Remote, and Coda, trust Secureframe to simplify and expedite their compliance journey for global security and privacy standards such as SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, and more. Backed by top-tier investors and corporations such as Google, Kleiner Perkins, and Accomplice Ventures, the company is amongst the Forbes list of Top 100 Startup Employers for 2023.