News

Centre Bans Third-Party VPNs And Cloud Services In Govt Offices

Centre Bans Third-Party VPNs And Cloud Services In Govt Offices
SUMMARY

The move has been taken days after NordVPN, ExpressVPN and Tor announced that they would not comply with the Centre’s new VPN guidelines and subsequently, leaving India

The Centre has also asked its employees to not save any internal, confidential government data on any cloud services that are not regulated by it

The NIC has further urged the government employees to not root their mobile devices and use any external mobile based-apps

Inc42 Daily Brief

Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy

The Centre has asked its employees to not use third-party virtual private networks (VPN) and anonymisation services offered by VPN companies including NordVPN, ExpressVPN and Tor. 

The move has been taken days after NordVPN, ExpressVPN and Tor announced that they would not comply with the Centre’s amended VPN guidelines thereby, terminating their VPN services in India.

According to an ET report, the Centre has also asked its employees to not save any internal, confidential government data on any cloud services that are not regulated by it. 

The National Informatics Centre (NIC), which is led by the Ministry of Electronics and Information Technology, said, “By following uniform cyber security guidelines in government offices across the country, the security posture of the government can be improved.” 

In an internal document, the NIC said, “In order to sensitize the government employees and contractual/outsourced resources and build awareness amongst them on what to do and what not to do from a cyber security perspective, these guidelines have been compiled.” 

The NIC has further urged the government employees to not root their mobile devices and use any external mobile based-apps. 

In the internal document, NIC commanded all government employees including temporary and outsourced ones to strictly comply with the Centre’s order. In case of non-compliance, actions will be taken against the respective department heads.

The Centre’s recent order to ban third-party VPN providers in government offices along with foreign VPN providers’ decision to leave India have been aggravated by the recently amended VPN guidelines. On April 28, CERT-In notified that all private VPNs, cloud service providers and other related organisations will have to collect as well as retain user data for five years or more with effect from June 27. 

Many VPN companies did not welcome this move and shared concerns regarding the users’ privacy, chances of mass surveillance and censorship. They called the Centre’s move counterproductive, which can impact the entire IT infrastructure of the country.

As per the Global VPN Usage Report 2020, India had the second-largest VPN market, with 45% of internet usage happening through VPN in 2020. While another report by Atlas VPN report states that VPN installs grew to a whopping 348.7 Mn in the first half of 2021, growing by 671% in 2020. 

With new VPN guidelines, the country’s VPN market is likely to reshape as many players are terminating their VPN servers and leaving India. Recently, NordVPN announced its plans to remove its physical servers in India by June 26. Prior to this, major VPN providers including ExpressVPN and Surfshark also shut their physical VPN servers in the country.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

Inc42 Daily Brief

Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy

Recommended Stories for You