India's Cloud Boom Hides a Growing Security Crisis "If you want to beat the Hacker who is looking at all of your assets all the time, you got to do your testing much more frequently and that too covering all your digital footprint including the cloud," says Somshubhro Pal Choudhury, Co-Founder and Partner at Bharat Innovation Fund

By Shivani Tiwari

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Freepik

India's cloud computing market is booming. It has generated USD 17.88 billion in 2024 alone and is projected to grow to USD 76.38 billion by 2030, at a CAGR of 26.5 per cent from 2025 to 2030.

But, what is cloud computing? This technology enables the on-demand use of data storage, servers, networking, and software over the internet, and is important for businesses due to its cost-efficiency and flexibility. By using cloud services, companies can reduce upfront investment in hardware and software.

However, a recent report from Tenable, '2025 Cloud Security Risk Report', reveals that Indian organisations are facing serious hidden risks in their cloud setups.

A hidden crisis

The report uncovers major security gaps in cloud environments from misconfigured storage that exposes sensitive data to embedded secrets in workloads. These vulnerabilities can lead to data breaches, financial losses, and regulatory penalties.

"Cloud misconfigurations remain common in Indian companies as digital adoption often outpaces security readiness. Under tight deadlines, teams may unintentionally skip vital security steps, leading to exposed systems. The issue isn't a lack of tools but a lack of standardisation, awareness, and accountability," said Aditya Joshi, COO, SA Technologies.

Somshubhro Pal Choudhury, Co-Founder and Partner at Bharat Innovation Fund, added that hackers now use AI and automation at scale, cutting down the time needed to exploit a vulnerability from months to hours. They constantly scan digital assets, whereas companies often test their systems only once or twice a year.

"This creates a dangerous security gap. The problem is compounded by rampant use of third-party and fourth-party vendors, contractors, and partners, whose security postures vary widely and are often poorly monitored. Limited security awareness among employees, contractors, and partners further contributes to misconfigurations and risky practices like Shadow IT and unvetted open-source usage…"

"…You swipe your credit card and open up a cloud bucket," said Choudhury. He also believes that for startups especially, the pressure to move fast often pushes security to the background leaving systems wide open. This becomes even more concerning given that India is now the world's second most hacked nation.

Sensitive data at risk

The report found that nine per cent of all analysed cloud storage resources contain restricted or confidential data. Even though this percentage seems small, it means millions of sensitive records are exposed in high-volume environments.

Worse, nearly one in ten publicly accessible storage locations store sensitive data, often due to basic misconfigurations, weak access controls, and lack of visibility. This leaves organisations open to serious security and compliance risks.

The report also reveals that 54 per cent of organisations using AWS ECS task definitions have secrets embedded in them, which can lead to full cloud takeovers or misuse like crypto mining. Furthermore, 3.5 per cent of AWS EC2 instances have credentials exposed in user data, giving hackers a clear way to access and escalate attacks.

"Secrets are the keys to the kingdom, yet many organisations are unknowingly leaving them unguarded across their cloud infrastructures," explained Ari Eitan, Director of Cloud Security Research, Tenable. "In today's threat landscape, complacency is costly. Organisations must treat secrets with the highest level of security hygiene to prevent attackers from gaining footholds that can spiral into full-blown breaches."

Call for a proactive security approach

With Indian businesses and government agencies accelerating cloud adoption, the report stresses the urgent need for a risk-based, proactive approach to cloud security.

"Most organisations rely on traditional, periodic penetration testing or audits that occur infrequently and cover only some assets. While these tests uncover many vulnerabilities and overwhelm the Cybersecurity teams and create "Alert Fatigue", not all vulnerabilities are exploitable by attackers. The key challenge is identifying which vulnerabilities form actual attack paths that hackers can leverage," explained Pal Choudhury.

Still, there is some progress. Joshi shared that companies are increasingly adopting protective measures like multi-factor authentication, access controls, regular audits, and backups. But human error and misconfigurations still cause accidental data exposure. He added that the way forward is to strengthen both technical controls and user awareness.

Regulators like the Securities Exchange Board of India (SEBI) and the Reserve Bank of India (RBI) have already laid down cloud risk management frameworks. However, readiness varies.

Joshi noted, "Readiness for SEBI and RBI's cloud risk regulations varies widely. While larger enterprises are better equipped to comply, smaller firms often struggle with interpreting and implementing the guidelines. To bridge this gap, regulatory frameworks must be translated into practical, manageable security actions focused on long-term resilience not just compliance."

Eitan warned that the agility of the cloud also comes with risk. "The cloud offers incredible agility, but without strong controls and continuous monitoring, it also opens the door to significant exposures," Eitan added. "Understanding where your sensitive data and credentials are and who can access them must now be a board-level priority."

Choudhury concluded, "If you want to beat the Hacker who is looking at All of your Assets all the time, you got to do your testing much more frequently and that too covering all your Digital Footprint including the cloud."
Shivani Tiwari

Junior Writer

Shivani is a tech writer covering the dynamic world of startups, artificial intelligence, cybersecurity, and emerging technologies. With a sharp eye for innovation and a passion for storytelling, she brings insightful coverage and in-depth features that spotlight the people and ideas shaping the future. 

Most Popular

See all
Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

By Eve Gumpel
Growing a Business

How Building Tech With No Tech Background Taught Me the Most Valuable Skill in Business

The most valuable skill in business today is translation — the power to bridge vision and execution, clarity and complexity, strategy and reality.

By Tristan Thompson
Science & Technology

How AI Is Turning High School Students Into the Next Generation of Entrepreneurs

As AI reshapes education, students are turning school problems into products and building the future economy.

By Alex Goryachev
News and Trends

How Lab-Grown Diamonds are Reshaping Jewellery Market

As sustainability takes the centre stage shaping the luxury market, lab grown diamonds (LGDs) are leading the way and not merely following the latest trends, says Ishendra Agarwal, Founder, Giva

By Ishendra Agarwal
Business News

Anthropic Is Now One of the Most Valuable Startups of All Time: 'Exponential Growth'

In a new funding round earlier this week, AI startup Anthropic raised $13 billion at a $183 billion valuation.

By Sherin Shibu
Starting a Business

My Husband and I Have Built Multiple Businesses Together — Here's How We Make It Work in Business and in Life

Working with your spouse can be an incredible experience, especially when you share the same goals and values. Here's how to do it successfully.

By Tonia Ryan