Editorial 1: Evolution is the right of all life forms – even synthetic ones
Context
- In 2016, researchers created a genome that had the absolute minimum number of genes to be compatible with life. It was widely believed that the resulting organism was unlikely to evolve because it had little freedom to adapt to environmental conditions. But a recent report suggests this conclusion was mistaken.
Synthetic Biology
- Our ability to sequence genomes and genomic research more broadly has significantly enriched our understanding of the genome of humans and the many life forms around us.
- Concurrent advancements in not just reading the genome sequence (sequencing) but also our ability to write (synthesise) genome sequences has sparked the human imagination, and has provided impetus to a new field of research called synthetic biology.
What we can build
- An early attempt in this direction was attempted to synthesise a small bacterial genome, but at the time were unable to put it back into the cell and give it a spark of life.
- Finally, in 2010, researchers were able to synthesise a complete genome of around 1 million base-pairs of a modified genome of a free-living organism called Mycoplasma mycoides. They named it JCVI-syn1.0.
- This genome could be introduced into a cell and could replicate, thus becoming one of the first synthetic life-forms.
- This was a culmination of efforts spanning over 15 years.
- This was also why this effort was seen as humankind’s baby steps towards engineering life-forms based on evidence, technologies, and an understanding of the fundamental rules of the molecular mechanisms that govern life.
Meet syn3.B
- Attempts to modify genomes continued by researchers attempting to create a minimal genome by further systematically deleting parts of the genome of Mycoplasma mycoides, publishing the results in Science.
- The researchers’ idea was to create a ‘bare-minimum’ genome and cell that was compatible with life as well as with the possibility that the genome could be used as a bare-bones framework for synthetic biology.
- They succeeded in creating a minimal cell deleting around 45% of the genes in the genome of the organism.
- Specifically, the edited genome had 5,31,000 base pairs and just 473 genes. This newer modified synthetic version was named JCVI-syn3.0.
- Additional modifications to the genome resulted in two more versions, dubbed JCVI-syn3.A and JCVI-syn3.B.
- JCVI-syn3.B in particular had an additional genomic locus (a location on the genome) where the researchers could insert new gene fragments and antigens.
- This is required to allow the genome to bind to a lineage of human cells called the HeLa cell lines, which researchers use widely in laboratory studies.
- As a result, JCVI-syn3.B could be cultured with human cells.
- At the same time, it was widely believed that the resulting organism would be constrained and unlikely to evolve because it had very little wiggle room to adapt to environmental conditions.
- But a recent report in Nature suggested that this conclusion could be mistaken.
A minimal genome evolves
- Researchers attempted to understand how a synthetic life-form would adapt or evolve over time, especially in situations where the raw materials required to do so could be limited, forcing the genome to die or adapt through evolution.
- To understand this, the researchers cultured a bacterial organism in the laboratory and established that this life-form’s synthetic genome – which was also minimal – had a robust potential to develop genetic variations.
- As the team expected, the minimal genome was inferior in its ability to compete with the native, non-synthetic Mycoplasma.
- However, to their surprise, the researchers found that the synthetic bacteria that had evolved through 300 days could significantly out-compete the non-evolved minimal version of the organism.
Its own path
- The study suggested that synthetic life-forms could evolve through natural processes of evolution and adapt themselves to the environment.
- The minimisation of the genome didn’t constraint natural adaptation.
- Additionally, using genome-sequencing, the researchers were able to identify specific genes and regions on the genome that had accumulated genetic variants associated with the adaptation.
- They also found that the adaptation of the minimal genome took distinctly different steps and paths from that of the native/non-adapted organism, as evidenced by the different genomic regions and genes where the genetic variants accumulated during the process of adaptation.
Way forward
- The findings have enormous implications – not just for our ability to understand the natural evolutionary processes of synthetic life but also for the practical applications of synthetic genomes for the industrial-scale production of chemicals and biologicals.
- Insights into the evolutionary processes of organisms also open big windows into understanding how antimicrobial resistance emerges, how pathogens evade immune systems, and, possibly, new opportunities to prevent them or be prepared for them.
Editorial 2: How gaps in cloud system configuration could expose sensitive user data
Context
- According to a 2023 survey by Thales Cloud Security, which included responses from nearly 3,000 IT and security professionals across 18 countries, 35% of organisations in India note that their data was breached in a cloud environment last year. Moreover, 68% of businesses in India, and 75% globally, say that more than 40% of data stored in the cloud is classified as sensitive.
Cloud storage and it’s uses
- Cloud storage is a method through which digital data, including files, business data, videos, or images, are stored on servers in off-site locations.
- These servers may be maintained by the companies themselves or by third-party providers responsible for hosting, managing, and securing stored data.
- These servers can be accessed either by the public or through private internet connections, depending on the nature of the data.
- Companies use cloud storage to store, access and maintain data so that they do not need to invest in operating and maintaining data centres.
- An added advantage of cloud storage is its scalability — organisations can expand or reduce their data footprint depending on its needs.
- Most cloud providers offer security features like physical security at data centres, in addition to zero-trust architecture, identity and access management, and encryption to ensure the security of data on their servers.
Risk associated with Cloud storage
- The risks arise from the deployment of incompatible legacy IT systems and third-party data storage architecture.
- Additionally, the use of weak authentication practices and easily guessable passwords can allow unauthorised individuals to access sensitive data.
- Data stored in the cloud also faces the risk of exposure due to insecure APIs, poorly designed or inadequate security controls, internal threats due to human error and inadequate encryption during transfer or storage.
Legacy systems weakens storage setup
- Though cloud security may appear similar to legacy IT security, the difference in their architecture necessitates different strategies.
- Due to the lack of support or upgrades, legacy IT security may have known vulnerabilities that are yet to be fixed.
- Such vulnerabilities make them an appealing target for hackers who may use the gaps to gain unauthorised access to cloud resources connected with these legacy systems.
- Additionally, legacy systems may not be capable of supporting more advanced encryption techniques such as secure boot methods or hardware-based encryption, which increases the risks to cloud infrastructure.
- Therefore, updating and auditing legacy systems when used in tandem with cloud infrastructure is important.
System misconfigurations
- A system misconfiguration arises when there is a lack of thorough security configurations on the devices accessing the cloud data and the servers, or a weakness in the software used.
- Misconfigurations can expose user data, making it accessible to unauthorised individuals, and compromising security.
- Many times, companies using cloud storage leave security configuration to the cloud vendor, but the cloud vendor is just a vendor and the plans companies opt for may not include access encryption or firewall rules on the cloud.
Data protection
- The onus of ensuring data security lies with the companies even though they grant access to data to vendors and partners.
- If the data is sensitive in nature, it is the company’s responsibility to make sure that a selected vendor has all the right checks in place and has conducted due diligence.
- This includes checking cloud compliances like ensuring passwords have two-factor authentication, monitoring access to the database, ensuring it is encrypted, and ensuring all firewall rules are set so that only access through certain places and certain departments is allowed.
- Data encryption is seen as one of the most effective approaches for securing sensitive information in the cloud.
- However, it comes with its own set of challenges which include encryption before data is stored, ensuring the security of encryption keys, and changing the encryption keys periodically to ensure continued safety.
Risks of data migration in cloud
- There is risk involved when switching between vendors for cloud storage or when systems are upgraded.
- Without a proper migration plan and process based on thorough assessment of the cloud provider, data could get exposed.
- Additionally, ensuring that data is encrypted whenever in transit, and making relevant backups are also key aspects of ensuring data security, he added.
Users safety
- When users get to know of possible data breaches, they are recommended to change passwords and the two-factor authentication setup, push security question answers, and monitor accounts for unauthorised transactions and SMSs for suspicious activity.
- The lifespan of financial data exposed in a breach is short. It is used by threat actors within weeks.
- However, for personally identifiable data, the lifespan can be longer, with data sold on the dark web to target users for phishing scams and other illicit activities.
Way forward
- Data breaches and data exposure incidents in the cloud should be treated identically.
- While in a data breach, confidential or protected information is exposed to unauthorised individuals, data exposure is often depicted as the unintentional disclosure or accidental disclosure of data, resulting from misconfiguration or human error.
- Both data breaches and data exposure incidents require close monitoring to ensure the confidentiality and availability of sensitive information housed in the cloud.