Making the cloud industry-friendly

The telecom regulator may soon propose a simple regulatory framework for cloud computing

pratap

Pratap Vikram Singh | August 8, 2017 | NEW DELHI


#cloud computing   #national telecom policy   #DoT   #TRAI   #MeitY  
(Illustration: Ashish Asthana)
(Illustration: Ashish Asthana)

India may not take a heavy-handed approach in regulating cloud computing. The telecom regulatory authority of India (TRAI) is expected to submit its recommendations on cloud computing to the department of telecommunications (DoT) in the next couple of months, says an official aware of the matter. In its submission, the regulator is considering industry-friendly rules governing cloud technology – in line with the goals of the national telecom policy (NTP), 2012, which envisions India as “a global leader in the development and provision of cloud services”.

The TRAI and the ministry of electronics and information technology (MeitY) are the two government bodies that have been working in parallel to create an enabling environment for cloud computing for the last five years. But the two have not been working in tandem. Both are working separately on cloud computing framework, each with little or very less communication with the other, creating confusion in the industry and among users.
As per the 2012 telecom policy, the government proposes to take “new policy initiatives to ensure rapid expansion of new services and technologies at globally competitive prices by addressing the concerns of cloud users and other stakeholders”. 
 
In 2012, the DoT had written to TRAI seeking its views on issues around cloud computing such as interoperability, security, quality of service and industry incentive. Four years later, in June last year, the regulator issued a consultation paper on cloud computing, requesting feedback on a set of 21 questions. Various industry associations, including Nasscom and the Cellular Operators Association of India (COAI), had appealed against heavy-handed regulation in their submissions to the TRAI.
 

Major concerns related to cloud computing

Interoperability: It is essentially the ability to communicate across different systems. For the cloud, it means software and applications should be portable, able to run across different service providers. Each cloud service provider creates its own processes for a user, leading to issues such as vendor lock-in, portability and inflexibility to use multiple vendors.

Data security: Deletion of records without back-up of original content poses a threat to data security. Lack of proper data protection techniques and legal laws are major factors that deter organisations or users from using the cloud.

Data privacy: Data on cloud is usually distributed, raising concerns around jurisdiction, data exposure and privacy.

Data ownership: Terms and conditions of CSPs may sometimes suggest some medium of ownership rights, even without legal transfer. It leads to data security threats emerging from the possibility of misuse of data by CSP. It leads to several challenges, including vendor lock-in.

Lawful interception: With numerous developments in cloud computing, previous methods of lawful intercept are no longer valid; it needs new thinking. As there is an issue of multi jurisdiction, there should be an alternate way to impose restriction on cross-border movement of some critical information like tax returns, financial transactions and health records.



Source: TRAI consultation paper on cloud computing, 2016

 
Keeping in mind the concerns raised by the industry, TRAI is planning to mandate registration of cloud service providers (CSPs). For this, companies based abroad may have to set up an office in India. TRAI, however, may not propose licensing of CSPs – an option stated in the consultation paper.
According to TRAI’s consultation paper, the CSPs come under the Telegraph Act, which defines cloud as “a means to send and receive data operating by way of a closed network or the internet”. Hence, it could be subjected to licensing provisions, which involves stringent legal and security compliances, keeping licencees on their toes.
 
The regulator, the official says, would not mandate interoperability standards; it would leave it to the market forces. In order to protect the interests of small and medium enterprises that may not understand technology, TRAI would formulate a model service level agreement (SLA), which will incorporate factors such as redundancy, latency, 24x7 availability, security and privacy.
 
“It is not much of a challenge for informed consumers, especially the large corporations. They sign SLAs, which take care of most of the issues around security, data protection and vendor lock-in, among others. For the uninformed customers, the regulator believes that interoperability should be part of SLAs, as information asymmetry is high between the buyer and seller,” the official says.
 
The regulator doesn’t recommend data localisation, that is, hosting of data centres within the country. Major internet and cloud corporations are based in North America and Europe, and so are their data centres. The access to data is governed by the respective laws of the host countries. For the Indian law enforcement agencies (LEAs), obtaining data from these corporations takes a long time, hampering their work.
 
To address the challenges faced by the LEAs, the regulator would propose instead expansion of the mutual legal assistance treaty (MLAT). The MLATs are mainly related to criminal extradition. But provisions related to sharing of information are not entirely covered under MLATs. “These agreements should be made more exhaustive,” the official says. India has signed MLAT deals with 39 countries, including the US and the UK.
 
“The government should not hinder the growth of cloud technology through localisation policy. It is, moreover, not easy to dictate such a policy to major corporations,” the official says.
 
Also, the obligations under Article 14 of the WTO General Agreement on Trade in Services caution governments against localisation policy. Yet the regulator may recommend hosting of the government and highly sensitive data in India, the official says. 
 
In a first, the TRAI would propose that the instructions seeking user data from CSPs should come from a judge and not a secretary of the government of India. “In the US, the instructions for seeking information come from  judges and not secretaries. TRAI is proposing somewhat this kind of mechanism,” the official says.
 
MeitY’s mandate
 
The MeitY, on the other hand, has kept away from formulating legal provisions concerning cloud computing so far. Currently, the ministry is preparing a second list of empanelled CSPs. The list includes Airtel, Reliance Jio and Amazon Web Services. It has also formulated a model SLA and guidelines for user government agencies that will enable them in the procurement of cloud services.
 
Last year, it brought out the first list of empanelled CSPs. These CSPs can be approached by the government user agencies for rolling out their applications and services.
 
Initially, MeitY began its policy work on cloud in 2013 when it formed a working group headed by Infosys co-founder Kris Gopalakrishnan for making government the enabler for the cloud ecosystem and adopting a cloud policy intervention for legal and regulatory framework. The group had submitted its report in about two years. Around the same time, officials in charge of the cloud initiative either left or were transferred to other projects. The details of the working group’s report are not known yet.
 
The ministry had also planned to set up an architecture management office (AMO) and cloud management office (CMO) for project design and implementation. Three years later, it is yet to form these bodies, and a policy on cloud. According to a ministry official, MeitY may consider setting up a CMO. Whether it would address legal and regulatory aspects remains to be seen.
 
The cloud ecosystem, however, is a combination of organisational, legal, regulatory, infrastructure and technological aspects. “All have to be dealt with simultaneously,” says a former senior MietY official.
 
In terms of technology, interoperability standards play a crucial role when users want to use multiple clouds or when they want to switch from one service provider to another. In its absence, integration between software hosted in different clouds would be a major challenge. 
 
There is also a need for an exit policy and migration – when a user wants to switch service providers, the user must be assured by the existing CSP that its data has not been illegally stored and that the migration to the new service provider is done without any hassles.
 
Cloud computing also requires amendments to the IT Act, 2000, for issues related to security, liability, data ownership and access to LEAs, the official says. Lastly, there is need for synergy at the higher levels between the communications ministry and MeitY so that CSPs and users have clarity on rules and regulations. 
 
pratap@governancenow.com

(The article appears in the August 1-15, 2017 issue of Governance Now)
 
 

 

Comments

 

Other News

How the humble Indian thali helps improve global sustainability

Food plays a crucial role not only in human survival but also in shaping environmental sustainability. It impacts biodiversity, water use, and contributes to greenhouse gas emissions. Sustainable food choices are becoming increasingly important as we aim to balance human health with the health of our plane

Maha Mumbai Metro launches WhatsApp-based ticketing

Maha Mumbai Metro Operations Corporation Ltd (MMMOCL) has launched a WhatsApp-based ticketing service. The service, available on Metro Lines 2A and 7, allows commuters to purchase tickets directly through WhatsApp, eliminating the need for paper tickets and providing a seamless, user-friendly experience.

Navi Mumbai airport: Runway trial successful

An Indian Air Force (IAF) transport carrier C295 landed at the southern runway 26, marking the formal launch of the new airport of Mumbai Metropolitan Region (MMR) on Friday. The aircraft touched down on the newly completed 3,700-metre runway at 12.14 pm, the airport operator said. The landi

‘Those who know dharma say truth is the highest dharma’

As Ramlila performances in north India are winding up and we celebrate Dussehra, the victory of good over evil, here is a unique retelling of Valmiki`s Ramayana.  

Nation bids farewell to Ratan Tata

It is the end of an era with Ratan Tata’s passing away. The former chairman of Tata Sons died of age-related illnesses at the Breach Candy Hospital in Mumbai late Wednesday. He was 86. A titan among the captains of industry, Tata steered the mighty Tata Group from the days of old econo

A trip to the future, with AI visionary Kurzweil

The Singularity is Nearer: When We Merge with AI By Ray Kurzweil Bodley Head/ Penguin, 425 pages Ray

Visionary Talk: Amitabh Gupta, Pune Police Commissioner with Kailashnath Adhikari, MD, Governance Now


Archives

Current Issue

Opinion

Facebook Twitter Google Plus Linkedin Subscribe Newsletter

Twitter