In an internal order by the Department of Telecommunications (DoT) all employees are instructed to stop storing data on a cloud platform and if they do it will invite penal action in case of a data breach.
The circular of DoT assumes significance as India is going ahead with its plan to tighten its regulatory mechanism to stop cybercrime and data privacy.
It seems the cloud has busted before the time, at the same time the technology giants including Amazon-AWS, Microsoft- Azure, Google Cloud, and others are pitching to sell the solutions. A question comes on can we trust Cloud storage or not?
The growing incidents of cyber attacks on the government’s official email ids and websites is on continuously rise, the DoT has issued fresh instructions to its employees asking them not to store any official and classified information on private cloud services such as Google Drive, Dropbox, iCloud, and others.
If any such information is stored on these private cloud services, the employee storing such data may be liable for penal action in case of a data breach, the DoT said in a communication to all its staff. Further, any kind of classified work must be “strictly be carried out only in a standalone computer which is not connected to the internet”.
Employees have also been asked to avoid when on officials tours, any mobile or internet-based service that requires their location, “unless it is necessary for the discharge of official duties”.
According to Arvian Research, it seems that the older system of Offline storing of data was much better and secured. These instructions are a part of the DoT’s instructions on best information security practices.
“Last year in July, the telecom department had written to all web portals and websites within its ambit to conduct a security audit and submit a compliance certificate as soon as possible,” states Arvian Research.
At the same time, the Telecom Ministry had then also written to all the ministries and departments requesting them to migrate their websites and web-portals to the ‘gov.in’ domain by August 31, 2020 if they had not done so far. A similar letter was sent by DoT to all web portals and websites yielded no results.
In that letter, dated October 7, the DoT had said that a security audit was necessary for the “robustness of information systems and associated networks”.