New Delhi: While the world is witnessing cloud data breach incidents more often — micro-blogging website Twitter being the latest one — and governments the world over are looking for ways to ensure data security, India has also joined the chorus for a safe, secured cloud experience.
The Telecom Regulatory Authority of India (TRAI) this month issued a consultation paper on cloud computing, inviting the stakeholders to join the debate on how to implement a secured cloud service. The fact is: Practically no work has been done in India till date on having an adequate legal framework to deal with cyber security and data security on the Cloud.
“India’s concerns on data security when it comes to cloud services are distinctly real and topical. A lot more work needs to be done in terms of protecting and preserving security of cloud data for the businesses and companies whose data is being stored on cloud servers in foreign shores,” says Pavan Duggal, one of the nation’s top cyber law experts.
The TRAI paper, whose deadline to feed comments online is July 8, comes after Twitter co-founder Evan Williams’s account was compromised and hackers may have used malware to collect credentials of more than 32 million logins of Twitter users.
“The current legislations in India are not able to address the present and future issues arising in cloud computing services comprehensively. This is because the Information Technology Act, 2000, is completely silent on issues of cloud computing. Further, cloud security-related issues are completely missing in the said legislation,” Duggal, also a Supreme Court advocate, told IANS.
The Indian Telegraph Act, 1885, is completely silent in the context of cloud computing. The Information Technology Act, 2000, has not addressed issues pertaining to cloud computing. According to the cloud service providers, cyber security is now a boardroom discussion and has emerged to be a key concern for IT and business managers alike.
“While there are concerns around data security in India, a lot of the technologists in the country are quite skilled and are aware of what needs to be done. By following practices such as segregation of duties, on-disk encryption, data redaction and robust identity management, India can tackle security constraints well,” explains Shailender Kumar, Managing Director, Oracle India, one of the global leaders in providing cloud services across the spectrum.
The real security issue is when customers take older products that were not built for the Internet, rack them and put them on the Internet. “This makes those products vulnerable. But sometimes security is also used as a reason to avoid change because shifting to the cloud involves change. Though worrying, companies that adopt the cloud can emerge as winners,” Kumar states.