Thursday, 31 March 2011

Cloud Computing Security In India

Cloud computing is the new buzz word in India these days. Cloud computing is a multi billion industry and every cloud computing vendors is interested in having a share of the same. Even governmental departments of India have been very enthusiastic about cloud computing even though they are paranoid about simple use of encryption in India.

The bigger question that still remains unanswered is should India use cloud computing? India has no legal framework for cloud computing and cloud computing regulations in India are missing. India has no dedicated privacy laws, data protection laws and data security laws. Even leading techno legal expert of India Praveen Dalal believes that India should not use SaaS and cloud computing for crucial governmental services in the absence of adequate legal framework and procedural safeguards.

So as far as legal framework and civil liberty safeguards are concerned, cloud computing is a new landmine for privacy in India. For instance, in order to safeguard its commercial interests in India, Research in Motion’s Blackberry has established a framework that would allow Indian intelligence agencies to monitor contents on its messenger service. Interestingly, this e-surveillance arrangement is cloud computing based and this shows how vulnerable cloud based systems can be for violating civil liberties.

Thus, from all angles cloud computing in India is risky. This is more so when we have no lawful interception law in India. Indian law enforcement agencies and intelligence agencies need no court warrant to indulge in e-surveillance and phone tapping. There is nothing that would restrict them to exploit cloud computing environment in India.

The truth is that India is not ready for cloud computing. We have no cloud computing laws and legal framework in India, we have no privacy laws and data protection laws in India, we have no data security laws and cyber security laws in India.

We have also a poorly drafted cyber law of India that requires immediate repeal. India is also facing sever cyber threats and this also mandates establishing a robust and resilient cyber security mechanism in India.

A special attention must also be given to cyber security of cloud computing in India. When sensitive and personal information is stored in a cloud based environment, its physical and cyber security becomes of prime importance.

There is no sign of cloud computing security in India. Even the basic cyber crime policy of India and cyber security policy of India are missing. Except promoting commercial interests and illegal e-surveillance powers, cloud computing is not meeting the civil liberties protection requirements in India.

For the time being, Indian consumers and customers should not shift to a cloud computing based environment though cloud computing companies and Indian intelligence agencies have a very good reason to impose the same upon us.