Rahul Bhatia
Managing Director, The Science and Information (SAI) Organization Ltd
Cloud computing offers scalability and flexibility but also introduces security risks. With evolving threats, including quantum computing, businesses must adopt best practices to ensure data security and compliance.
Cloud agility and shared security
Cloud computing has changed the way companies think about data and technology, providing flexibility and on-demand use of resources that enable innovation and collaboration. Services like Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) have enabled business organisations of any size to reduce costs and become agile, scalable and cost-efficient.
While major cloud providers offer strong security and regulatory compliance, relying solely on them isn’t enough. To fully safeguard your data, implement their security features and reinforce them with your own protective measures.
Why data security in the cloud?
According to the lBM’s 2024 Cost of Data Breach report, an average data breach globally costs $4.88 million in 2024. Breach costs were 10% higher than in the previous year, the highest year-over-year rise since the pandemic outbreak, and 70% of the breached organisations stated that the breach led to significant or very significant disruption.
This growth in breaches and cyber threats is fuelled by increased mobile device usage, remote work and IoT. This complexity exposes websites and applications to internal and external threats, where attackers exploit vulnerabilities to access sensitive data.
This has serious financial implications, with direct costs including breach remediation costs, legal fees resulting from the violation of compliance, lost revenues due to damage to reputation and potential fines from regulatory bodies.
Employee training is the very first step
that will protect sensitive information.
Best practices for data security in the cloud
Employee training is the very first step that will protect sensitive information. It empowers employees to know the threats posed by phishing attacks and ensures safe handling of data. Organisations also need to have strong security practices, including encrypting data at rest and in transit, enforcing access controls (including MFA and strong password policies) and implementing data classification and retention policies to manage the lifecycle of sensitive data.
Regularly updating software patches is a very important step in preventing vulnerabilities and adhering to the security-by-design framework ensures the protective protocols are implemented in the design or development phases from day one to make for a strong, proactive defence against cyber threats.
The future of cloud security
The future of cloud security will be shaped by cutting-edge technologies designed to counter evolving threats. AI and ML will be at the centre of the automation of threat detection and response, which will make systems smarter and more adaptive. Blockchain is poised to strengthen security through decentralised and immutable transaction records, guaranteeing data integrity. Zero Trust Architecture is gaining a lot of attention, where, by default, no user or device is trusted and hence verified continuously.
This threat posed by quantum computing to traditional encryption methods calls for the development of quantum-resistant encryption solutions, such as Post-Quantum Cryptography (PQC) algorithms. These novel algorithms are particularly designed to withstand the power of quantum computers that can break traditional encryption frameworks like RSA and ECC. Migration plans need to be drafted now in order to make it a smooth transition to quantum-safe encryption as part of a fuller security strategy.
When quantum technology becomes more advanced, organisations must begin their preparation for the transition to PQC algorithms. Compatibility with existing systems can be checked; new PQC algorithms can be incorporated into existing infrastructure; and extensive testing would be conducted. Starting early would be a good step in reducing risks from future vulnerabilities and maintaining the security of data in the post-quantum world.
Edge computing and shared responsibility
As organisations embrace edge computing, processing data closer to its source, new security strategies will be required to safeguard data across more dispersed networks, mitigating risks from decentralised data centres. Cloud data security is not the sole responsibility of your service provider — it’s on you.
Enterprises migrating towards the cloud must adopt a proactive, multi-layered security approach. Staying informed, debunking myths and implementing strong measures are crucial to protecting data in an evolving cyber threat landscape.
