UPSC Article

Back
APP Users: If unable to download, please re-install our APP.
Only logged in User can create notes
Only logged in User can create notes

General Studies 3 >> Security Issues

audio may take few seconds to load

DATA BREACH

CLOUD STORAGE-DATA BREACH

 
 
1. Context
According to a 2023 survey by Thales Cloud Security, which included responses from nearly 3,000 IT and security professionals from across 18 Countries, 35% of organisations in India note that their data was breached in a cloud environment last year.
Moreover, 68% of businesses in India, and  75% globally, say that more than 40%of data stored in the cloud are classified as sensitive.
2. What is a data breach?
  • A data breach in cloud storage refers to a security incident where unauthorized individuals or entities gain access to sensitive or confidential information stored in a cloud computing environment.
  • Cloud storage typically involves storing data on remote servers operated by a third-party provider, and a breach can occur if there is a vulnerability in the cloud infrastructure, misconfiguration of security settings, or compromised user credentials
  • When a data breach occurs, it means that an attacker or unauthorized party has successfully bypassed the security measures protecting the cloud storage system and gained access to the stored data.
  • The extent of the breach can vary, ranging from accessing a single user's account to compromising the entire cloud infrastructure and affecting multiple users.
3. Instances of data breaches
There have been many instances of data breaches in the past, some of which have been very large and have affected millions of people. Here are a few examples:

3.1.Equifax (2017): Equifax, one of the largest credit reporting agencies, experienced a data breach that exposed the personal information of approximately 147 million people. The breach included names, Social Security numbers, birth dates, addresses, and in some cases, driver's license numbers.

3.2.Yahoo (2013-2014): Yahoo suffered two significant data breaches. The first breach, which occurred in 2013, affected over 1 billion user accounts and involved the theft of names, email addresses, hashed passwords, and more. The second breach, revealed in 2016 but dating back to 2014, affected approximately 500 million accounts.

3.3.Marriott International (2014-2018): Marriott, a renowned hotel chain, experienced a data breach that compromised the personal information of around 500 million guests. The breach involved unauthorized access to the Starwood guest reservation database, including names, contact information, passport numbers, and payment card details.

3.4.Facebook-Cambridge Analytica (2018): This incident involved the unauthorized collection of personal data from tens of millions of Facebook users by the political consulting firm Cambridge Analytica. The data was obtained through a third-party application and was used for targeted political advertising.

3.5.Capital One (2019): Capital One, a major financial institution, experienced a data breach that exposed the personal information of approximately 100 million individuals in the United States and 6 million in Canada. The breach involved unauthorized access to credit card applications and included names, addresses, credit scores, and Social Security numbers.

3.6. CoWIN:In June 2022, there were allegations that a data breach had occurred on the COWIN data portal, which is the government's platform for registering and tracking COVID-19 vaccinations in India. The allegations were made after a Telegram bot was found that was allegedly able to access personal data of vaccinated citizens, including their names, Aadhaar numbers, and vaccination status.

The government denied the allegations, stating that the COWIN portal had not been directly breached. However, they acknowledged that the Telegram bot may have been able to access data that had been previously stolen from other sources.

The Indian Computer Emergency Response Team (CERT-In) investigated the allegations and found that the Telegram bot was not directly accessing the COWIN database. However, they also found that the bot was using data that had been previously stolen from other sources.

The government has taken steps to address the issue, including strengthening the security of the COWIN portal and blocking the Telegram bot. However, the allegations have raised concerns about the security of the COWIN portal and the privacy of the data of vaccinated citizens.

4. Risk associated with Cloud storages

Cloud storage is a convenient and cost-effective way to store data, but it is not without risks. Here are some of the risks associated with cloud storage:

  • Data breaches: Cloud storage providers are constantly under attack from hackers. If a cloud storage provider is breached, your data could be exposed.
  • Data loss: Cloud storage providers can experience outages or other problems that could lead to data loss.
  • Data privacy: Cloud storage providers have access to your data. If you are not careful, your data could be used for unauthorized purposes.
  • Data security: Cloud storage providers use a variety of security measures to protect your data, but no security system is perfect. There is always a risk that your data could be compromised.
  • Government intrusion: In some cases, governments may be able to access data stored in the cloud. This is a risk to consider if you are storing sensitive data in the cloud.
  • Vendor lock-in: If you become too reliant on a particular cloud storage provider, you may be locked in to their platform. This could make it difficult or expensive to switch to a different provider if you are not happy with their service.
  • Compliance issues: If you are storing data in the cloud, you need to make sure that you are complying with all applicable regulations. This can be a complex and time-consuming process.
5. Data migration in the Cloud

Data migration is the process of moving data from one location to another. When data is migrated to the cloud, there are a number of risks that need to be considered.

Here are some of the most common risks of data migration in the cloud:

  • Data loss: During the migration process, there is always a risk of data loss. This can happen due to human error, technical problems, or natural disasters.
  • Data corruption: Data corruption can also occur during the migration process. This can be caused by a number of factors, such as incompatible file formats, incorrect data mapping, or corrupt data sources.
  • Security breaches: Cloud migration can also increase the risk of security breaches. This is because cloud providers have access to your data, and if their security is compromised, your data could be exposed.
  • Compliance issues: If you are migrating data that is subject to compliance regulations, you need to make sure that the migration process complies with those regulations. This can be a complex and time-consuming process.
 
 
For Prelims: Right to privacy, Article 21, Fundamental rights
For Mains: 1.Discuss the challenges and importance of data privacy in the digital age. How can governments ensure the protection of citizens' data while promoting technological advancements and innovation? Illustrate with suitable examples.
 
Previous year Questions
1.Right to privacy is protected as an intrinsic part of Right to Life and personal liberty. Which of the following in the Constitution of India correctly and appropriately imply the above statement (UPSC CSE 2018)
A.Artilce 14 and Provisions under the 42nd Amendment to the Constitution
B.Article 17 and the Directive principles of state policy in Part IV
C. Article 21 and freedoms guaranteed in part III
D. ARticle 24 and the provisions under the 44th amendment of the Constitution
Answer (C)

 
 
 
Source: The Hindu
Share to Social

Related Articles

PROBIOTICS...

04-Apr-2023
Read more

WEB 3...

20-Apr-2023
Read more

G-20...

11-Aug-2022
Read more

NATIONAL COMMISSION FOR MINORITIES...

19-Jan-2023
Read more