हिंदी वेबसाइट पर जाएँ

Download Our Learning App

Admission Open

हिंदी वेबसाइट पर जाएँ

Download Our Learning App

Admission Open

Daily Current Affairs

Whatsapp 93125-11015 For Details

Daily Current Affairs for UPSC Exam

17Jul
2023

How gaps in cloud system configuration could expose sensitive user data (GS Paper 3, Science and Technology)

How gaps in cloud system configuration could expose sensitive user data (GS Paper 3, Science and Technology)

Why in news?

  • According to a 2023 survey by Thales Cloud Security, which included responses from nearly 3,000 IT and security professionals across 18 countries, 35% of organisations in India note that their data was breached in a cloud environment in 2022.
  • Moreover, 68% of businesses in India, and 75% globally, say that more than 40% of data stored in the cloud is classified as sensitive.

 

Cloud storage & its applications:

  • Cloud storage is a method through which digital data, including files, business data, videos, or images, are stored on servers in off-site locations. These servers may be maintained by the companies themselves or by third-party providers responsible for hosting, managing, and securing stored data.
  • These servers can be accessed either by the public or through private internet connections, depending on the nature of the data. Companies use cloud storage to store, access and maintain data so that they do not need to invest in operating and maintaining data centres.
  • An added advantage of cloud storage is its scalability, organizations can expand or reduce their data footprint depending on its needs.
  • Most cloud providers offer security features like physical security at data centres, in addition to zero-trust architecture, identity and access management, and encryption to ensure the security of data on their servers.

 

What are the risks associated with cloud storage?

  • The risks arise from the deployment of incompatible legacy IT systems and third-party data storage architecture. Additionally, the use of weak authentication practices and easily guessable passwords can allow unauthorised individuals to access sensitive data.
  • Data stored in the cloud also faces the risk of exposure due to insecure APIs, poorly designed or inadequate security controls, internal threats due to human error and inadequate encryption during transfer or storage.

 

How do legacy systems weaken cloud storage setup?

  • Though cloud security may appear similar to legacy IT security, the difference in their architecture necessitates different strategies.
  • Due to the lack of support or upgrades, legacy IT security may have known vulnerabilities that are yet to be fixed. Such vulnerabilities make them an appealing target for hackers who may use the gaps to gain unauthorised access to cloud resources connected with these legacy systems.
  • Additionally, legacy systems may not be capable of supporting more advanced encryption techniques such as secure boot methods or hardware-based encryption, which increases the risks to cloud infrastructure. Therefore, updating and auditing legacy systems when used in tandem with cloud infrastructure is important.

 

What are system misconfigurations?

  • Cloud storage involves multiple systems, servers, and software working in tandem. The overall system is designed to ensure individuals within a company can access data stored on the cloud as and when required.
  • A system misconfiguration arises when there is a lack of thorough security configurations on the devices accessing the cloud data and the servers, or a weakness in the software used.
  • Misconfigurations can expose user data, making it accessible to unauthorised individuals, and compromising security.

 

Who is liable for data protection in the cloud?

  • The onus of ensuring data security lies with the companies even though they grant access to data to vendors and partners. If the data is sensitive in nature, it is the company’s responsibility to make sure that a selected vendor has all the right checks in place and has conducted due diligence.
  • This includes checking cloud compliances like ensuring passwords have two-factor authentication, monitoring access to the database, ensuring it is encrypted, and ensuring all firewall rules are set so that only access through certain places and certain departments is allowed.
  • Data encryption is seen as one of the most effective approaches for securing sensitive information in the cloud.
  • However, it comes with its own set of challenges which include encryption before data is stored, ensuring the security of encryption keys, and changing the encryption keys periodically to ensure continued safety.

 

What are the risks of data migration in the cloud?

  • There is risk involved when switching between vendors for cloud storage or when systems are upgraded. Without a proper migration plan and process based on thorough assessment of the cloud provider, data could get exposed.
  • Additionally, ensuring that data is encrypted whenever in transit, and making relevant backups are also key aspects of ensuring data security.

 

How can users keep their data safe?

  • When users get to know of possible data breaches, they are recommended to change passwords and the two-factor authentication setup, push security question answers, and monitor accounts for unauthorised transactions and SMSs for suspicious activity.
  • The lifespan of financial data exposed in a breach is short. It is used by threat actors within weeks. However, for personally identifiable data, the lifespan can be longer, with data sold on the dark web to target users for phishing scams and other illicit activities.

 

China event raises concern over India’s only ape

(GS Paper 2, International Relation)

Why in news?

  • The conservation status of India’s only ape was a cause for concern at a global event on gibbons held recently in China.
  • The Global Gibbon Network (GGN) held its first meeting at Haikou in China’s Hainan province.

Hoolock gibbon:

  • Gibbons, the smallest and fastest of all apes, live in tropical and subtropical forests in the southeastern part of Asia.
  • The hoolock gibbon, unique to India’s Northeast, is one of 20 species of gibbons on Earth.
  • The estimated population of hoolock gibbons is 12,000.
  • Like all apes, they are extremely intelligent, with distinct personalities and strong family bonds. Unfortunately, the current conservation status of gibbon species is alarming, all 20 species are at a high risk of extinction.
  • Since 1900, gibbon distribution and populations have declined dramatically, with only small populations in tropical rainforests.

 

Threat:

  • The hoolock gibbon faces threat primarily from the felling of trees for infrastructure projects.

 

Only species of ape in India:

  • American naturalist R. Harlan was the first to describe the hoolock gibbon, characterised by their vigorous vocal displays, from Assam in 1834.
  • Over the decades, zoologists thought the Northeast housed two species of the ape – the eastern hoolock gibbon (Hoolock leuconedys) found in a specific region of Arunachal Pradesh and the western hoolock gibbon(Hoolock hoolock)distributed elsewhere in the northeast.
  • A study led by Hyderabad-based Centre for Cellular and Molecular Biology (CCMB) in 2021 proved through genetic analysis that there is only one species of ape in India.
  • It debunked earlier research that the eastern hoolock gibbon was a separate species based on the colour of its coat.

 

About GGN:

  • The GGN was first initiated in 2020 (during the pandemic) and was organized by two institutions in China through Ecofoundation Global and the Hainan Institute of National Park.
  • GGN was founded with a vision to safeguard and conserve a key element of Asia’s unique natural heritage – the singing gibbon and their habitats, by promoting participatory conservation policies, legislations, and actions.
  • Aaranyak, an Assam-based non-profit conservation organisation is one of the 15 founding organisations of the GGN from seven countries.

 

Govt. sets up new panel to review all NSO data

(GS Paper 3, Economy)

Why in news?

  • The Union government has constituted a new internal oversight mechanism for official data, revamping a Standing Committee on Economic Statistics (SCES) set up in late 2019.
  • Thefindings from the last round of household surveys on consumption expenditure and employment were junked over “data quality issues”.

 

Standing Committee on Statistics (SCoS):

  • The SCES, which was tasked with examining economic indicators only, will now be replaced by a Standing Committee on Statistics (SCoS) which has a broader mandate to review the framework and results of all surveys conducted under the aegis of the National Statistical Office (NSO).

 

Composition:

  • Pronab Sen, former Chairman of the National Statistical Commission (NSC), has been named the chair of the new panel.
  • The SCoS with “enhanced terms of reference” vis-à-vis the SCES, “to ensure more coverage” has 10 official members, and four non-official members who are eminent academics.
  • It can have up to 16 members, as per the order issued by the Ministry of Statistics and Programme Implementation.

 

Terms of reference:

  • Apart from addressing issues raised from time to time on the subject, results and methodology for all surveys, the terms of reference of the SCoS include identification of data gaps that need to be filled by official statistics, along with a strategy to plug those gaps.
  • It has been mandated to explore the use of administrative statistics to improve data outcomes. While the panel will help finalise survey results, the NSC will have the ultimate authority to approve the publication of those results.