Central government personnel will be unable to utilize third party virtual private networks (VPNs) or cloud services such as Google Drive and Dropbox or the anonymization services provided by firms like Nord VPN, Express VPN, and Tor as per a recent rule issued by the Indian government.
According to the Economic Times report, the directive comes only days after ExpressVPN, Surfshark, and NordVPN announced their withdrawal from the nation in response to guideline issued by the Indian Computer Emergency Response Team (Cert-In) and the National Informatics Centre (NIC) that discusses how VPN service providers should function in India.
Employees are no longer permitted to save any classified government files on cloud services such as Google Drive or Dropbox, stated the directive. Cloud services allow customers to store data on the internet rather than on their devices' internal memory.
The rules established by the Ministry of Electronics and Information Technology (MeitY), aim at boosting the government's security posture as stated in the report. The government of India believes that VPN services endanger the country's security since they can be utilised by terrorist organisations, making it unfeasible to track them.
According to Economic Times, NIC in an internal document titled 'Cyber security Guidelines for Government Employees', wrote “In order to sensitize the government employees and contractual/outsourced resources and build awareness amongst them on what to do and what not from a cyber security perspective, these guidelines have been compiled."
The NIC has also advised government employees not to "jailbreak" or "root" their phones, or utilise external mobile app-based scanning services like CamScanner to scan "internal official papers."
CamScanner was one of the numerous Chinese apps banned by the government in July 2020, citing national security concerns in the wake of border clashes with its China, but it is still available in few versions.
"The government's security posture may be strengthened by following uniform cyber security principles at government offices across the country," according to the directive.
ET report mentioned that according to the internal memo, "The principles outlined in this paper must be followed by all government employees, including temporary, contractual and outsourced resources. Any non-compliance may be dealt with by the individual CISOs/Department heads.