How gaps in cloud system configuration could expose sensitive user data
Red Book
Red Book

Interview Guidance Program (IGP) for UPSC CSE 2024, Registrations Open Click Here to know more and registration

Source: The post is based on the article “How gaps in cloud system configuration could expose sensitive user data”  published in The Hindu on 17th July 2023

What is the News?

According to a 2023 survey by Thales Cloud Security, 35% of organizations in India note that their data was breached in cloud storage in 2022.

Moreover, 68% of businesses in India have said that more than 40% of data stored in the cloud is classified as sensitive.

What is cloud storage?

Cloud storage is a method through which digital data including files, business data, videos or images are stored on servers in off-site locations. 

These servers may be maintained by the companies themselves or by third-party providers responsible for hosting, managing, and securing stored data. 

These servers can be accessed either by the public or through private internet connections, depending on the nature of the data. 

Why do companies use cloud storage?

Companies use cloud storage to store, access and maintain data so that they do not need to invest in operating and maintaining data centres. 

An added advantage of cloud storage is its scalability — organizations can expand or reduce their data footprint depending on its needs.

What are the benefits and risks associated with Cloud Storage?

Benefits: Most cloud providers offer security features like physical security at data centers, in addition to zero-trust architecture, identity and access management and encryption to ensure the security of data on their servers.

Risks: Deployment of incompatible legacy IT systems and third-party data storage architecture. 

– Use of weak authentication practices and easily guessable passwords can allow unauthorized individuals to access sensitive data.

– Data stored in the cloud also faces the risk of exposure due to insecure APIs, poorly designed or inadequate security controls, internal threats due to human error and inadequate encryption during transfer or storage.

Who is liable for data protection in the cloud?

The onus of ensuring data security lies with the companies even though they grant access to data to vendors and partners. 

If the data is sensitive in nature, it is the company’s responsibility to make sure that a selected vendor has all the right checks in place and has conducted due diligence. 

This includes checking cloud compliances like ensuring passwords have two-factor authentication, monitoring access to the database, ensuring it is encrypted and ensuring all firewall rules are set so that only access through certain places and certain departments is allowed.


Discover more from Free UPSC IAS Preparation Syllabus and Materials For Aspirants

Subscribe to get the latest posts sent to your email.

Print Friendly and PDF
Blog
Academy
Community