- The new directive was created by NIC.
- It prohibits employees from using NordVPN or ExpressVPN.
- VPN companies have recently been subjected to a government order.
Google Drive UPdates: Employees are prohibited from using non-government cloud platforms such as Google Drive and Dropbox, as well as virtual private network (VPN) services such as NordVPN and ExpressVPN, under a new government order. According to Gadgets 360, the order issued by the National Informatics Centre (NIC) has been distributed to all ministries and departments, and all government personnel are obligated to follow the direction.
THE GOVERNMENT’S LATEST MEASURE COMES ONLY WEEKS AFTER ORDERING VPN PROVIDERS AND DATA CENTRE OPERATORS TO KEEP CUSTOMER DATA FOR UP TO FIVE YEARS.
The 10-page paper obtained by Gadgets 360 stated that staff should “not upload or save any internal, restricted, confidential government data or files on any non-government cloud service (ex: Google Drive, Dropbox, etc.)” due to a rise in cyberattacks and threat perception. “Cyber Security Guidelines for Government Employees” is the title of the document.
In addition to prohibiting employees from utilising popular cloud services, the government told employees not to use any third-party anonymisation services or VPNs, such as NordVPN, ExpressVPN, Tor, or proxies, according to the decree. It also advised employees to avoid using “unauthorised remote administration programmes” including TeamViewer, AnyDesk, and Ammyy Admin, among others.
Employees are also told not to utilise “external email services for official communication” or use “unauthorised third-party video conferencing or collaboration technologies” for “critical internal meetings and discussions.” Employees were also told not to “use any external websites or cloud-based services for converting/ compressing a government document,” according to the ministry.
IT ALSO TOLD EMPLOYEES NOT TO SCAN INTERNAL GOVERNMENT PAPERS WITH “ANY EXTERNAL MOBILE APP-BASED SCANNER SERVICES,” SUCH AS CAMSCANNER. Google Drive
CamScanner was prohibited in 2020 as part of the government’s initial move to block China-based apps in the country. However, some government workers have been seen using the app to scan real copies of official documents. The government’s decree also forbade staff from ‘jailbreaking’ or ‘rooting’ their phones, in addition to prohibiting the use of certain apps.
Employees were also told to use complicated passwords, update passwords every 45 days, and keep their operating systems and BIOS firmware up to date with the latest upgrades and security patches, according to the directive. The CERT-In issued an order in late April requiring VPN service providers, data centres, virtual private server (VPS) providers, and cloud service providers to retain user data for at least five years.
The order will take effect on June 28. As a result of the decision, VPN service providers such as NordVPN, ExpressVPN, and Surfshark have decided to decommission their physical servers in the country, citing no-log rules and the technological inability to store data.
The major VPN companies, as well as certain digital rights organisations, have expressed privacy concerns about how their data is stored. Facebook and Google, among other tech businesses, have warned that CERT-restrictions In’s could create a scary environment.