Skip to content
The Central government has barred employees from using virtual private networks (VPN) and third-party non-government platforms such as Google Drive and Dropbox. The move comes just weeks after the Centre announced a policy that directed VPN service providers and data center companies to store user data for up to five years.
As per an Economic Times report, the directive asked employees not to save “any internal, restricted or confidential government data files on any non-government cloud service such as Google Drive or Dropbox.” The order passed by the National Informatics Centre (NIC) has been approved by the Ministry of Electronics and Information Technology (MeitY) for improving the “security posture” of the government.
The directive also asked employees not to use third-party anonymization services and VPNs such as NordVPN, Tor, ExpressVPN, and proxies. It has also ordered them to refrain from using “unauthorized remote administration tools” such as AnyDesk, TeamViewer, and Ammyy Admin, among others.
Government employees have also been asked to not ‘jailbreak’ or ‘root’ their mobiles or use external mobile app-based scanner services like CamScanner to scan “internal government documents.” CamScanner had come under the government’s radar in 2020 as well when it had banned the app as part of its move to restrict China-based mobile applications. However, some employees were still using the app, as a report in Gadegets360.
The directive has also asked employees to use complex passwords, update their passwords once in 45 days and keep their operating system and BIOS firmware installed with the latest updates.
This directive comes weeks after the country’s nodal cyber security agency CERT-In asked VPN service providers, virtual private server (VPS) providers, data centers, and cloud service providers to maintain a log of user details, including addresses, names, and the purpose for which the VPN service was used. The rules come into effect on 28 June this year.
As a result of the order, VPN service companies like Surfshark, ExpressVPN, and NordVPN had decided to remove their physical servers from India since they follow no-log policies and are not technically capable of storing logs.
