The Indian government has prohibited its employees from using non-government cloud platforms such as Google Drive and Dropbox. Employees of the government are also prohibited from using virtual private network (VPN) services. Some of the most popular VPN service providers, including NordVPN and ExpressVPN, recently announced the removal of networks in India. The move comes after the country’s new VPN policy was announced.
According to multiple media reports, the order was issued by the National Informatics Centre (NIC) and distributed to all ministries and departments. The authorities have ordered that all government employees follow the directive. The Ministry of Electronics and Information Technology is said to have approved the order (MeitY).
The move comes into effect just a few weeks after the government announced the new VPN policy that requires VPN service providers and data centre companies to store user data for up to five years. The new policy goes against the core idea of VPNs.
In addition to VPNs and cloud services, the Indian government has also directed employees from using “unauthorised remote administration tools” like TeamViewer, AnyDesk, and Ammyy Admin, and others, Gadgets360 reported.
Government employees are also asked not to use any “external email services for official communication” and conduct “sensitive internal meetings and discussions” using “unauthorised third-party video conferencing or collaboration tools.” Additionally, the Indian government has directed its employees to not use “any external mobile app-based scanner services” for “scanning internal government documents. To recall, one of the most popular document scanner apps, CamScanner, was banned in India alongside TikTok and PUBG Mobile in 2020.
The publication revealed that the government of India has also directed employees to not “jailbreak” or “root” their mobile phones. Employees are also asked to use complex passwords for their accounts as well as update passwords once in 45 days.
“All government employees, including temporary, contractual/ outsourced resources are required to strictly adhere to the guidelines mentioned in this document,” the order stated. “Any non-compliance may be acted upon by the respective CISOs/ department heads,” it also noted.