Government of India on Insecure Cloud

Government of India (GoI) is really good at rolling out new policies, massive infrastructure projects and legislative bills. The question of whether such initiatives will be implemented is imaginary. Department of Electronics & Information Technology (DeitY), Government of India is one ministry, whose sole purpose till date has been introduction of policies targeting Indian tech community.

Few policies/plans initiated by DeitY:

and the list goes on. Please be patient with any government link in this blog, as NIC servers are incredibly slow.

The one policy which has caught my attention is MeghRaj; under which DeitY wants to harness the benefits of cloud computing in providing government services. Using MeghRaj (as it was initiated by previous government), Narendra Modi government wants to built infra that will act as digital wallet, where all your data right from birth certificates will be stored and can be retrieved anytime. This when implemented will create yet another massive database similar to Aadhaar.

gicloud

(Image Courtesy: GI Cloud Initiative)

Whenever GoI talks about such digital services, I foresee security issues. Digital services of any scale can be built easily, but the issue occurs when hackers get hold of that one loophole that could potentially put crucial data in wrong hand. Recently, Google spotted security issues with digital certificates issued by National Informatics Center (NIC), the same center that is responsible for maintaining all government websites, and servers which store all government data.

We have just taken first step towards National Cyber Coordination Centre (NCCC), and if Ravi Shankar Prasad is really geared up to implement such massive digital India program, then he should really think about bringing people who will implement secured infrastructure rather than going nostalgic about Make In India.

Suchakra Sharma has written an interesting blog on Sad State of Sarkari Sites, which expresses similar feelings towards insecure and ugly systems being developed by NIC.

Hi, I’m Chetan Arvind Patil, I write this blog