NEW DELHI: Indian government has asked employees to not use virtual private networks (VPN) and disallowed them from using cloud-based services like Google Drive or Dropbox in a new directive that officials say is aimed at improving the country’s “security posturing”.
The directive has been issued through Indian Computer Emergency Response Team (Cert-In), the country’s nodal agency for responding to cyber security incidents, and National Informatics Centre (NIC), according to reports.
The directive talks about how VPN service providers should operate in India and how the employees can no longer save any “confidential government files” on cloud services like Google Drive and Dropbox.
Cloud services allow the users to store their data on the internet, and not on the internal memory of their devices. And this is where the concern of the Indian government lies.
India’s Ministry of Electronics and Information Technology (Meity) framed the rules for the directive which is aimed at improving the security posture of the government, according to the report.
“The Indian government has been of a point of view that VPN services threaten the security of the country as they can be used by terrorist organizations and it becomes impossible to track them,” the report stated.
What The Directive States:
• Employees should not use cloud services to store confidential government data.
• Prohibits the use of VPN services
• Employees not to use third-party applications to scan government documents like Camscanner.
• Employees should not ‘root’ or ‘jailbreak’ their devices.
• Uniform cyber security guidelines should be followed in government offices across India.
• Cert-In had earlier directed VPN companies to maintain a record of the customers who are using their services.
MeitY Minister Rajeev Chandrasekhar had earlier stated that the companies who do not wish to follow the guidelines are free to move out of India.