ForumIAS announcing GS Foundation Program for UPSC CSE 2025-26 from 19 April. Click Here for more information.
ForumIAS Answer Writing Focus Group (AWFG) for Mains 2024 commencing from 24th June 2024. The Entrance Test for the program will be held on 28th April 2024 at 9 AM. To know more about the program visit: https://forumias.com/blog/awfg2024
Contents
Source: The post is based on the article “How gaps in cloud system configuration could expose sensitive user data” published in The Hindu on 17th July 2023
What is the News?
According to a 2023 survey by Thales Cloud Security, 35% of organizations in India note that their data was breached in cloud storage in 2022.
Moreover, 68% of businesses in India have said that more than 40% of data stored in the cloud is classified as sensitive.
What is cloud storage?
Cloud storage is a method through which digital data including files, business data, videos or images are stored on servers in off-site locations.
These servers may be maintained by the companies themselves or by third-party providers responsible for hosting, managing, and securing stored data.
These servers can be accessed either by the public or through private internet connections, depending on the nature of the data.
Why do companies use cloud storage?
Companies use cloud storage to store, access and maintain data so that they do not need to invest in operating and maintaining data centres.
An added advantage of cloud storage is its scalability — organizations can expand or reduce their data footprint depending on its needs.
What are the benefits and risks associated with Cloud Storage?
Benefits: Most cloud providers offer security features like physical security at data centers, in addition to zero-trust architecture, identity and access management and encryption to ensure the security of data on their servers.
Risks: Deployment of incompatible legacy IT systems and third-party data storage architecture.
– Use of weak authentication practices and easily guessable passwords can allow unauthorized individuals to access sensitive data.
– Data stored in the cloud also faces the risk of exposure due to insecure APIs, poorly designed or inadequate security controls, internal threats due to human error and inadequate encryption during transfer or storage.
Who is liable for data protection in the cloud?
The onus of ensuring data security lies with the companies even though they grant access to data to vendors and partners.
If the data is sensitive in nature, it is the company’s responsibility to make sure that a selected vendor has all the right checks in place and has conducted due diligence.
This includes checking cloud compliances like ensuring passwords have two-factor authentication, monitoring access to the database, ensuring it is encrypted and ensuring all firewall rules are set so that only access through certain places and certain departments is allowed.
