- The central government has recently directed that government employees avoid using third-party VPNs and cloud storage options.
- The new order must be followed strictly, or else they could be penalised by the “respective CISOs/department heads”.
- However, the orders are solely designed for government employees and not regular internet users in the country.
The central government has recently directed that government employees must avoid using third-party VPN services like Nord VPN and Express VPN and cloud storage options like Google Drive or Dropbox. In the document titled, ‘Cyber Security Guidelines for Government Employees’ by the National Informatics Centre (NIC), the government says the new guidelines are to be followed strictly, or else they could be penalised by the “respective CISOs/department heads”.
However, it should be noted the orders are solely designed for government employees and not regular internet users in the country. This is probably a move to safeguard the sensitive data present at the government offices.
What does the new order say?
The government of India has asked government employees must avoid using third-party VPN services and cloud storage options. The new ‘restricted’ document highlights good and bad cybersecurity practices for government employees. Besides restricting access to cloud storage and CC(virtual private network) services, the order notes that employees should avoid third-party toolbars (weather toolbar, download manager, askme toolbar) on the internet browser.
Furthermore, government workers are also advised to stop downloading pirated software. They’re also asked not to use any “external email services for official communication” and conduct “sensitive internal meetings and discussions” using “unauthorised third-party video conferencing or collaboration tools”.
Why the restriction on VPN and third-party storage?
In the previous order, CERT-IN, a department with the Ministry of Electronics and Information Technology has mandated that VPNs operating in the country are required to store users’ records for five years. For those unaware, VPN allows users to mask their online identity and access banned websites anonymously. The government of India probably wants to end this anonymity and keep track of online activities, mainly illegal ones.
However, experts believe this order on VPN will curb freedom on the internet. Hence, for this reason, services like Nord VPN has decided to remove servers from India to continue keeping users’ data safe. The same isn’t the case for cloud storage services as they are very much legal. Neither NIC nor CERT-IN advises regular users to stop using platforms.
However, the reason for asking government employees to stop using cloud storage services could be seen as a move to promote native services like DigiLocker, which offers similar services like Google Drive or Dropbox. Storing files on third-party platforms could lead to a leak of sensitive data if the account is compromised.
