VPN services restricted for govt. employees; Google Drive, Dropbox also barred

Update: 2022-06-18 12:55 IST

VPN services restricted for govt. employees; Google Drive, Dropbox also barred

Urging employees not to store "any internal, restricted or confidential government data files on any non-government cloud service like Google Drive or Dropbox," the Center issued a directive prohibiting its employees from using virtual private networks (VPNs). from third parties. They were also banned from using any anonymization services offered by companies like Nord VPN, ExpressVPN, and Tor.

ADVERTISEMENT

The government notice came a few days after VPN service providers such as ExpressVPN, Surfshark, and NordVPN announced that they would no longer offer their services in the country. Their announcement followed a directive from the Indian Computer Emergency Response Team (Cert-In) on how VPN companies should operate in India.

The National Informatics Center (NIC), which reports to the Ministry of Electronics and Information Technology, said the guidelines have been published to improve the government's "security posture."

"In order to sensitize the government employees and contractual/outsourced resources and build awareness amongst them on what to do and what not to do from a cyber security perspective, these guidelines have been compiled," according to NIC's internal document entitled Guidelines Cyber Security Guide for Government Employees, reviewed by the Economic Times.

In addition, the department has also asked government employees not to "jailbreak" or "root" their mobile phones or use external mobile app-based scanner services such as CamScanner to scan "internal documents." It is worth recalling here that CamScanner was among several Chinese apps banned by the Indian government in July 2020, citing national security concerns.

"By following uniform cyber security guidelines in government offices across the country, the security posture of the government can be improved. All government employees, including temporary, contractual/outsourced resources, are required to strictly adhere to the guidelines mentioned in this document. Any non-compliance may be acted upon by the respective CISOs/Department heads," the internal document stated.

India's nodal cyber security agency, Cert-In, mandated on April 28 that VPN providers in India must keep a record of their customer's details, including names, addresses, and the purpose for which the VPN service is used.  

Tags:    

Similar News