India's Cloud Boom Hides a Growing Security Crisis

"If you want to beat the Hacker who is looking at all of your assets all the time, you got to do your testing much more frequently and that too covering all your digital footprint including the cloud," says Somshubhro Pal Choudhury, Co-Founder and Partner at Bharat Innovation Fund
Opinions expressed by Entrepreneur contributors are their own.
You're reading Entrepreneur India, an international franchise of Entrepreneur Media.
India's cloud computing market is booming. It has generated USD 17.88 billion in 2024 alone and is projected to grow to USD 76.38 billion by 2030, at a CAGR of 26.5 per cent from 2025 to 2030.
But, what is cloud computing? This technology enables the on-demand use of data storage, servers, networking, and software over the internet, and is important for businesses due to its cost-efficiency and flexibility. By using cloud services, companies can reduce upfront investment in hardware and software.
However, a recent report from Tenable, '2025 Cloud Security Risk Report', reveals that Indian organisations are facing serious hidden risks in their cloud setups.
A hidden crisis
The report uncovers major security gaps in cloud environments from misconfigured storage that exposes sensitive data to embedded secrets in workloads. These vulnerabilities can lead to data breaches, financial losses, and regulatory penalties.
"Cloud misconfigurations remain common in Indian companies as digital adoption often outpaces security readiness. Under tight deadlines, teams may unintentionally skip vital security steps, leading to exposed systems. The issue isn't a lack of tools but a lack of standardisation, awareness, and accountability," said Aditya Joshi, COO, SA Technologies.
Somshubhro Pal Choudhury, Co-Founder and Partner at Bharat Innovation Fund, added that hackers now use AI and automation at scale, cutting down the time needed to exploit a vulnerability from months to hours. They constantly scan digital assets, whereas companies often test their systems only once or twice a year.
"This creates a dangerous security gap. The problem is compounded by rampant use of third-party and fourth-party vendors, contractors, and partners, whose security postures vary widely and are often poorly monitored. Limited security awareness among employees, contractors, and partners further contributes to misconfigurations and risky practices like Shadow IT and unvetted open-source usage…"
"…You swipe your credit card and open up a cloud bucket," said Choudhury. For startups especially, the pressure to move fast often pushes security to the background — leaving systems wide open. This becomes even more concerning given that India is now the world's second most hacked nation.
Sensitive data at risk
The report found that nine per cent of all analysed cloud storage resources contain restricted or confidential data. Even though this percentage seems small, it means millions of sensitive records are exposed in high-volume environments.
Worse, nearly one in ten publicly accessible storage locations store sensitive data, often due to basic misconfigurations, weak access controls, and lack of visibility. This leaves organisations open to serious security and compliance risks.
The report also reveals that 54 per cent of organisations using AWS ECS task definitions have secrets embedded in them, which can lead to full cloud takeovers or misuse like crypto mining. Furthermore, 3.5 per cent of AWS EC2 instances have credentials exposed in user data, giving hackers a clear way to access and escalate attacks.
"Secrets are the keys to the kingdom, yet many organisations are unknowingly leaving them unguarded across their cloud infrastructures," explained Ari Eitan, Director of Cloud Security Research, Tenable. "In today's threat landscape, complacency is costly. Organisations must treat secrets with the highest level of security hygiene to prevent attackers from gaining footholds that can spiral into full-blown breaches."
Call for a proactive security approach
With Indian businesses and government agencies accelerating cloud adoption, the report stresses the urgent need for a risk-based, proactive approach to cloud security.
"Most organisations rely on traditional, periodic penetration testing or audits that occur infrequently and cover only some assets. While these tests uncover many vulnerabilities and overwhelm the Cybersecurity teams and create "Alert Fatigue", not all vulnerabilities are exploitable by attackers. The key challenge is identifying which vulnerabilities form actual attack paths that hackers can leverage," explained Pal Choudhury.
Still, there is some progress. Joshi shared that companies are increasingly adopting protective measures like multi-factor authentication, access controls, regular audits, and backups. But human error and misconfigurations still cause accidental data exposure. He added that the way forward is to strengthen both technical controls and user awareness.
Regulators like the Securities Exchange Board of India (SEBI) and the Reserve Bank of India (RBI) have already laid down cloud risk management frameworks. However, readiness varies.
Joshi noted, "Readiness for SEBI and RBI's cloud risk regulations varies widely. While larger enterprises are better equipped to comply, smaller firms often struggle with interpreting and implementing the guidelines. To bridge this gap, regulatory frameworks must be translated into practical, manageable security actions focused on long-term resilience not just compliance."
Eitan warned that the agility of the cloud also comes with risk. "The cloud offers incredible agility, but without strong controls and continuous monitoring, it also opens the door to significant exposures," Eitan added. "Understanding where your sensitive data and credentials are and who can access them must now be a board-level priority."
Choudhury concluded, "If you want to beat the Hacker who is looking at All of your Assets all the time, you got to do your testing much more frequently and that too covering all your Digital Footprint including the cloud."

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Forbes

an hour ago

• Forbes

Why Using Airport Wi-Fi May Be More Dangerous Than Ever

Your Wi-Fi connection may not be safe. Here's what to do about it. getty Is the public Wi-Fi network at JFK International Airport safe? That's what one of Vivian Au's customers wanted to know recently. The network in question was called JFK-Free-WiFi, and it did a peculiar thing when her client tried to log on: It asked for her birthdate. It was not safe, says Au, a consultant who specializes in corporate technology and security. "Real airport networks never do that," she says. But at a time when it feels like it should be safe to use a public Wi-Fi network at the airport, it's getting harder to tell safe from dangerous. Experts say airports have upgraded the security on their public networks. At the same time, scammers have gotten smarter about stealing personal information from unsuspecting users. "Airport Wi-Fi can be convenient for accessing apps and services to pass the time before a flight," says Gary Orenstein, chief customer officer of Bitwarden, a password management service. "At the same time, these networks are also known to be a honeypot for bad actors. If a network is compromised, cybercriminals can exploit the risk to extract sensitive information from connected devices." The most high-profile case happened last year in Western Australia, where a man was arrested for allegedly establishing fake free Wi-Fi access points, which mimicked legitimate networks. These access points, which operated a lot like the bogus JFK-Free-WiFi access point, captured personal data from unsuspecting victims who mistakenly connected to them, according to police. How hackers steal your information through a public Wi-Fi network What do the bad guys do with the data they steal? It's more like, what don't they do, according to Orenstein. Cybercriminals may intercept credit card or banking data shared over unencrypted networks and connections. Attackers may use unsecured public networks to plant ads on legitimate websites, redirecting users to malicious sites and exploiting trackers embedded on previously visited pages. Hackers might encourage users to download malware-infected files or fraudulent apps disguised as helpful tools for connecting to airport Wi-Fi. Criminals can also steal personal data and other private details, potentially aiding entry into critical consumer accounts. Police alleged the Australian hacker used a portable wireless access device to create "evil twin" free Wi-Fi networks, which he used at multiple locations to lure unsuspecting users into believing they were legitimate services. In other words, while it may feel safe to use an airport Wi-Fi network, it's still fraught with danger. 'Airports are prime targets for cybercriminals looking to steal information, identities, and money," says Tomas Stamulis, chief security officer at Surfshark. "Unfortunately, information security isn't a top priority for many organizations, airports included. Despite advances in Wi-Fi technology, adoption of stronger security systems is slow, leaving travelers exposed to data breaches and fraud." Why do people think airport Wi-Fi networks are safe now? Early airport Wi-Fi networks were open and lacked even basic security, say experts. Today, airports have advanced WPA3 encryption, a series of security protocols that protect your password and the devices on the network. And, apart from the incident in Australia, there have been few recent reports of network breaches that have resulted in a loss of data. So is it safe to use an airport Wi-Fi network with your computer or phone? "Airports have indeed improved their Wi-Fi security," says Rafay Baloch, CEO of REDSECLABS, a cybersecurity company specializing in security consulting, training, and other cybersecurity services. "But the system is still not foolproof." Baloch says it's convenient to be able to connect to the internet while you're transiting through an airport terminal. "But all public networks are insecure," he warns. "There are many hackers who set up fake Wi-Fi networks with names that are very similar to the real ones to catch people's attention. Once connected, the attackers can launch different attacks to sniff out important information from the users." How do you know if an airport Wi-Fi network is safe? There are a few ways you can find out if an airport Wi-Fi network is safe — or at least safer . Is the name suspicious? Hackers are not grammarians. So some networks will have telltale signs that they're bogus, like typos. Never connect to a network called "DULLES_Offficial_Free_Wfi," for example. You're just asking for trouble. Does it use encryption? After connecting, make sure the website you're visiting uses "https" in the URL and has a padlock symbol. "This means the connection is encrypted and your data is protected," says Gyan Chawdhary, CEO of Kontra, a security training platform. Does it ask for private information? Remember, hackers are trying to harvest personal information, so they'll ask for things like your birthday or your email credentials. They may even brazenly ask for your credit card information. A truly free airport Wi-Fi network will not ask for any of that information. Did the airport advertise it? Often, airports will display the name of the official access point on the screens. "You can also double-check the network name with the airport personnel," says Marcelo Barros, the global director of Hacker Rangers, a security awareness training firm. But ultimately, none of these strategies is foolproof, according to experts. "If you need to get online at the airport, it's safer and more reliable to use your cell phone's data plan," says Craig Steele, director of Digital Skills Education, a company that offers courses that help regular people stay safe online. "That way, you're connecting directly to your carrier instead of relying on public Wi-Fi. When I'm traveling I'd always use that first, rather than connecting to a public Wi-Fi network." So will you use the airport Wi-Fi network this summer? Bottom line: Airport wireless networks aren't entirely safe, even the official ones. But will that stop you from using them? Nah. A recent report by Norton suggests 60 percent of users have logged on to a public network in the past year, and that trend shows no sign of abating. Matthew Hicks, an associate professor of computer science at Virginia Tech, says it depends what you do on the network. "At one extreme, it is safe enough to check the latest sports scores, weather, or stock market on an updated device," he says. "At the other extreme, it is risky to perform financial transactions, or work with other sensitive data in the cloud, using a device that hasn't been updated in years, for an eight-hour layover." The thing is, even if you stay off the airport network, can you guarantee that your kids will? And who knows what kind of malware they'll download or what kind of data they'll give up between watching videos and texting their friends? Fact is, even though airport Wi-Fi looks safe and feels safe, it might not be. But that probably won't stop you from using it.

Yahoo

an hour ago

• Yahoo

Northland Sees Potential in BitFuFu's Cloud Mining Model

BitFuFu Inc. (NASDAQ:FUFU) is among the best small company stocks to invest in. On Wednesday, Northland initiated coverage on BitFuFu Inc. (NASDAQ:FUFU) with a Market Perform rating and a price target of $5.50, implying an upside of 72.69%. According to the firm, the company's cloud mining solutions assist in eliminating the common barriers associated with cryptocurrency mining, especially high initial costs and technical challenges. BitFuFu Inc. (NASDAQ:FUFU) recently secured initial funding from Bitmain, a prominent player in the cryptocurrency mining hardware business. As long as the company effectively maintains the strategic partnership with Bitmain, particularly in the cloud mining segment, we have good reason to believe that FUFU will be driven beyond its current market average multiple. The cloud mining business is a growth catalyst for BitFuFu Inc. (NASDAQ:FUFU), with registered users nearly doubling YoY to over 607,000, pointing towards growing retail demand. This rise was reported at a time when the total hash rate and power capacity steeply declined. Despite the infrastructure lag, the company posted impressive results that speak volumes about the small-cap company's business model and market position. BitFuFu Inc. (NASDAQ:FUFU) is a Singapore-based provider of digital asset mining solutions in Singapore, North America, Asia, and Europe. The company's core offerings include cloud-mining services and miner hosting services for both individual and institutional digital asset enthusiasts. Incorporated in 2020, the company aims to make Bitcoin accessible to all. While we acknowledge the potential of FUFU as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: The Best and Worst Dow Stocks for the Next 12 Months and 10 Unstoppable Stocks That Could Double Your Money. Disclosure: None. Error while retrieving data Sign in to access your portfolio Error while retrieving data Error while retrieving data Error while retrieving data Error while retrieving data

Yahoo

an hour ago

• Yahoo

Northland Sees Potential in BitFuFu's Cloud Mining Model

BitFuFu Inc. (NASDAQ:FUFU) is among the best small company stocks to invest in. On Wednesday, Northland initiated coverage on BitFuFu Inc. (NASDAQ:FUFU) with a Market Perform rating and a price target of $5.50, implying an upside of 72.69%. According to the firm, the company's cloud mining solutions assist in eliminating the common barriers associated with cryptocurrency mining, especially high initial costs and technical challenges. BitFuFu Inc. (NASDAQ:FUFU) recently secured initial funding from Bitmain, a prominent player in the cryptocurrency mining hardware business. As long as the company effectively maintains the strategic partnership with Bitmain, particularly in the cloud mining segment, we have good reason to believe that FUFU will be driven beyond its current market average multiple. The cloud mining business is a growth catalyst for BitFuFu Inc. (NASDAQ:FUFU), with registered users nearly doubling YoY to over 607,000, pointing towards growing retail demand. This rise was reported at a time when the total hash rate and power capacity steeply declined. Despite the infrastructure lag, the company posted impressive results that speak volumes about the small-cap company's business model and market position. BitFuFu Inc. (NASDAQ:FUFU) is a Singapore-based provider of digital asset mining solutions in Singapore, North America, Asia, and Europe. The company's core offerings include cloud-mining services and miner hosting services for both individual and institutional digital asset enthusiasts. Incorporated in 2020, the company aims to make Bitcoin accessible to all. While we acknowledge the potential of FUFU as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: The Best and Worst Dow Stocks for the Next 12 Months and 10 Unstoppable Stocks That Could Double Your Money. Disclosure: None.