Amid the digital metamorphosis that is sweeping across India, a question looms large: Who guards the gates of the cloud in this ever-expanding frontier of technology and data?
A report by Research and Markets reveals that the cloud infrastructure market in India generated revenue of `345 billion in 2021 and is estimated to reach `1,227.08 billion by 2026, with a compound annual growth rate (CAGR) of 30.67% from 2022 to 2026. The growth of the market is driven by the demand for better infrastructure, the economic benefits of cloud computing, and the Indian government’s initiatives to promote digital India and IT infrastructure. The government has invested in projects such as the National Optical Fibre Network (NOFN), multiple e-governance portals, and initiatives like Digital India and Meghraj to encourage the adoption of cloud infrastructure. The seamless adoption of SaaS, IaaS, and PaaS offerings is also aided by advanced technologies such as AI, ML, advanced analytics, and immersive media in the IT ecosystem.
“Securing hybrid cloud environments is a top priority for businesses, especially with the Digital Personal Data Protection Act 2023 on the horizon.” - Pradeep Vasudevan, Country Head, Security Software, IBM India & South Asia
The accelerated adoption has resulted in a rapidly growing cloud security market. The global cloud security market is expected to reach US$12.6 billion by 2027, reflecting the increasing concern for data protection. The prevalence of cyberattacks is alarming, with incident rates skyrocketing. In fact, the IBM Security X-Force Threat Intelligence Index 2023 reported a shocking 94% reduction in the time it takes for cyberattacks to occur, emphasizing the need for swift and robust defenses. CrowdStrike’s data indicates that cloud exploitations surged by 95% in 2022, with adversaries increasingly targeting cloud environments. These statistics highlight the urgent need for CISOs and CXOs to prioritize cloud security and embrace best practices to fortify their digital fortresses against the relentless tide of cyber threats.
In today’s digital era, businesses in India face a continuous battle against an evolving army of cyber threats. As the country becomes a global technology hub, it faces a corresponding increase in cyberattacks. India’s digital transformation has created a vast attack surface that is drawing the attention of both cybercriminals and state-sponsored actors. To safeguard sensitive data and ensure operational continuity, the role of cloud security has never been more crucial.
The growth of “cloud-conscious” adversaries has elevated the risks faced by organizations. As per CrowdStrike’s data, cloud exploitations grew by 95% from 2022, with adversaries increasingly targeting cloud environments, marking the cloud as the new battleground for stopping breaches. The need for a proactive stance in cloud security cannot be overstated. - Fabio Fratucello, Field CTO, International, CrowdStrike
Thales’ “2023 Cloud Security Study” found that 35% of Indian respondents experienced a cloud data breach last year, compared to 37% in 2022. Human error caused over half of the breaches (52% in India, 55% globally). The report also reveals that more sensitive data is being stored in the cloud, with 68% of Indian and 75% of global businesses reporting that over 40% of cloud data is sensitive. SaaS applications are the leading target for hackers, according to 38% of global respondents, followed by cloud-based storage at 36%.
The Changing Face of Cloud Cyber Threats in India
According to Fabio Fratucello, Field CTO, International, CrowdStrike, the growth of “cloud-conscious” adversaries has elevated the risks faced by organizations. As per CrowdStrike’s data, cloud exploitations grew by 95% from 2022, with adversaries increasingly targeting cloud environments, marking the cloud as the new battleground for stopping breaches. The need for a proactive stance in cloud security cannot be overstated.
Emphasizes the importance of adopting the Zero Trust architecture during technology transformations. This approach covers application security, container security, data security, transport security, and network security. - Karthikeyan Girijanandan, Senior Director, Platform Engineering, Ascendion
In the words of Pradeep Vasudevan, IBM, understanding the data lifecycle and defining clear mechanisms to safeguard customer data are immediate priorities for Indian businesses, especially with the impending Digital Personal Data Protection Act 2023. The urgency to integrate security solutions becomes evident when considering the 94% reduction in the time it takes for cyberattacks to occur, as highlighted by the IBM Security X-Force Threat Intelligence Index 2023.
The Role of Automation and AI
To address the challenges presented by these evolving threats, organizations are turning to automation and AI. Security operation teams are grappling with safeguarding vast volumes of data and assets, and manual threat investigation is impeding efficiency. IBM’s study revealed that 81% of Security Operation Center (SOC) professionals face such issues. This is where the integration of Security AI and Automation can make a substantial impact, enabling defenders to bridge the speed gap with attackers. Embedding AI and automation throughout security toolsets can empower analysts to do more with less.
Cloud Security Best Practices
To help CISOs and CXOs create a robust cloud security strategy, we have gathered insights and recommendations from leading experts in the field. Some of the key practices:
- Prioritize Cloud Identity Protection: As highlighted by CrowdStrike, adversaries often exploit cloud identities and permissions to access sensitive data. Implementing the principle of least privilege is crucial to ensure that users and entities have only the necessary access.
- Gain Visibility into Security Gaps: With the increasing complexity of cloud infrastructures, continuous monitoring to identify misconfigurations and vulnerabilities is imperative. This helps in preventing potential exploits.
- Real-time Monitoring and Visibility: Continuous monitoring across cloud and endpoint systems can help detect and prevent security threats. This visibility is essential to align the monitoring profile with organizational and technical constraints.
- Timely Patching: Regularly updating software and promptly patching vulnerabilities is a fundamental practice in cloud security.
- Watch for Unusual Behavior: Monitoring for suspicious activities such as unauthorized access, changes in credentials, and indicators of intruders is crucial in a cloud environment.
Embracing the Zero Trust Architecture
Karthikeyan Girijanandan, Senior Director, Platform Engineering, Ascendion, emphasizes the importance of adopting the Zero Trust architecture during technology transformations. This approach covers application security, container security, data security, transport security, and network security. Maintaining a strong security posture begins with a comprehensive understanding of the utilized cloud services, followed by tailored security measures for authentication and authorization.
Unified, Cloud-Native Security Solutions
According to Samir Kumar Mishra, Director, of Security Business, Cisco India & SAARC, organizations should seek simplified, unified, and multi-layered security solutions, including a Zero-Trust framework. Cisco offers an integrated, cloud-native security solution that can protect customers even in multi-cloud and private data center environments.
“Organizations should seek simplified, unified, and multi-layered security solutions, including a Zero-Trust framework. Cisco offers an integrated, cloud-native security solution that can protect customers even in multi-cloud and private data center environments.” - Samir Kumar Mishra, Director, Security Business, Cisco India & SAARC
In conclusion, India’s digital transformation presents immense opportunities, but with these come increased cyber threats. By prioritizing cloud security and adopting the best practices and technologies highlighted in this feature, Indian businesses can navigate the cloud security frontier effectively, ensuring data protection and operational continuity in this dynamic digital landscape.