FP TrendingJun 18, 2022 16:25:16 IST
The Central government has barred employees from using virtual private networks (VPN) as well as third-party non-government platforms such as Google Drive and Dropbox. The move comes just weeks after the Centre announced a policy that directed VPN service providers and data centre companies to store user data for up to five years.
As per an Economic Times report, the directive asked employees to not save ““any internal, restricted or confidential government data files on any non-government cloud service such as Google Drive or Dropbox.” The order passed by the National Informatics Centre (NIC) has been approved by the Ministry of Electronics and Information Technology (MeitY) for improving the “security posture” of the government.
The directive also asked employees to not use third-party anonymisation services and VPNs such as NordVPN, Tor, ExpressVPN, and proxies. It has also ordered them to refrain from using “unauthorised remote administration tools” such as AnyDesk, TeamViewer, and Ammyy Admin, among others.
Government employees have also been asked to not ‘jailbreak’ or ‘root’ their mobiles or make use of any external mobile app-based scanner services like CamScanner to scan “internal government documents”. CamScanner had come under government’s radar in 2020 as well, when it had banned the app as part of its move to restrict China-based mobile applications. However, some employees were still using the app, as a report in Gadegets360.
The directive has also asked employees to use complex passwords, update their passwords once in 45 days and keep their operating system and BIOS firmware installed with the latest updates.
This directive comes weeks after the country’s nodal cyber security agency CERT-In asked VPN service providers, virtual private server (VPS) providers, data centres and cloud service providers to maintain a log of user details, including addresses, names, and the purpose for which the VPN service was used. The rules come into effect from 28 June this year.
As a result of the order, VPN service companies like Surfshark, ExpressVPN and NordVPN had decided to remove their physical servers from India since they follow no-log policies and are not technically capable of storing logs.