Regulatory framework remains cloudy

With the bifurcation of the communications and IT ministry, monitoring cloud computing becomes an uphill task

pratap

Pratap Vikram Singh | November 10, 2016 | New Delhi


#Communications and IT ministry   #Cloud Computing   #Cloud   #MeitY   #DoT   #TRAI  


In August 2014, private photos of over 20 Hollywood celebrities were leaked online. Somebody apparently hacked into their accounts on iCloud – Apple’s backup service for all its devices – and stole the photos. The incident was a wake-up call for many, underlining the ease with which data stored in the cloud can be hacked. Keeping this risk in mind, the Indian government is taking some steps to formulate a regulatory framework around cloud computing.

The ministry of electronics and information technology (MeitY) and the ministry of communications have taken up the task. But, it appears, that the two have different views on the regulation. The department of telecommunications (DoT), under the communications ministry, may consider bringing cloud service providers (CSPs) under a stringent regulatory framework, given the content of a public consultation paper floated by the Telecom Regulatory Authority of India (TRAI) on cloud computing. The MeitY, on the other hand, may refrain from any major intervention and adopt a liberal approach to promote the cloud market.

Interestingly, these two ministries were formed after the ministry of communications and IT was bifurcated in July after the cabinet reshuffle. Since then the task to chalk out a regulatory framework has become slightly more complicated.

By 2019, cloud IT infrastructure spending is expected to be $52 billion in India, as per International Data Corporation (IDC). Cloud computing refers to on-demand access of computing resources such as software, infrastructure and storage among others from a remote server. For users, it eliminates the need to procure the computing resources (and hence lowers IT expense) and instead connects them to the cloud server (which could be located in a different continent) to access services and pay as per usage. For small and medium enterprises and startups, the cloud is a silver lining as they usually work with limited financial resources. For the government, it offers an opportunity for a quick rollout of applications and services. 

But so far the cloud computing market has been without a regulatory framework in the country. “Regulations provide a framework for liability that is important for enabling the market to mature. Without regulations, stakeholders will not be able to resolve issues arising out of using cloud computing,” says Jaijit Bhattacharya, a senior technology consultant at KPMG. Policy and regulation help in addressing the risks associated with cloud deployments, as the cloud takes away the control which organisations had in the traditional data centres, says DD Mishra, research director, Gartner. 

At present, a cloud user doesn’t have any legal recourse against hacking. The industry, moreover, is working without any interoperability standards, which makes data transfer from one service provider to another difficult.

Regulatory framework

The government first acknowledged the potential of the innovation called cloud in its national telecom policy of 2012, which called for “policy initiatives” to address “the concerns of cloud users and other stakeholders, including specific steps that need to be taken for lowering the cost of service delivery”. Ever since, two wings of the government are working on the question of regulation, in parallel. While the DoT has focused more on policy side, MeitY is more in the action mode – with little coordination between the two.

In 2012, the DoT sought TRAI’s views on how to regulate cloud computing. TRAI released its ‘consultation paper on cloud computing’ in June 2016, outlining its views on regulations – pending its final recommendations to come later. It also sought responses from the general public on issues around cross-border flow of data, data localisation, registration and licensing of service providers. The industry associations have termed the TRAI position as an attempt to “overregulate”.

Meanwhile, also in 2012, the department of electronics and IT (the precursor of the MeitY), set up Meghraj – a cloud initiative of the government of India – with the help of national informatics centre (NIC). It also released ‘roadmap’ and ‘strategy’ documents for cloud adoption in general, and by the government in particular. An expert working group was also formed to lay out a framework for enabling a cloud ecosystem and making India a global hub of cloud service providers. Headed by Krish Gopalakrishnan, a cofounder of Infosys, the group was to spell out provisions for standards, interoperability, security, privacy and cross-border flow of data.

According to a senior Nasscom official, the Gopalakrishnan-headed group met a few times and eventually submitted its recommendations. The TRAI consultation paper has mounted pressure on the MeitY to decide on the working group recommendations and come out with its own framework, spelling out standards for interoperability, security, data flow and data ownership, among others.

Ministry officials, on their part, are digging out files of the previous meetings. There are plans to revive the working group, find a replacement for its convener who is unwell, and set up a cloud management office (CMO).

MeitY officials are also unhappy with the involvement of TRAI in this matter. “They have nothing to do with cloud computing. Why are they getting into it,” queried a top official at the MeitY. Ironically, TRAI is headed by RS Sharma, who earlier as IT secretary oversaw the MeitY’s cloud initiatives. 

“The regulator’s [TRAI’s] role should be confined to ensuring whether the infrastructure required for making India a cloud computing hub is in place. It must not interfere with applications,” a senior Microsoft official said. By and large the industry has expressed similar sentiments. For Mishra of Gartner, the overlap happens “in an evolving market where different initiatives are at different levels of maturity”.

Reconciliation between the TRAI’s view and that of the MeitY is the only way forward. A balance between security, data ownership, localisation and legal access on one hand, and free flow of data on the other is the need of the hour. “There can be two sets of regulations. And even if they are evolving at two different places, at some point in time, they need to converge,” Mishra said.

Experts, including a few at MeitY, nonetheless appreciate the regulator’s work in bringing out a meticulous and comprehensive consultation paper.

Should there be regulations at all?

BSA is batting for a free play, arguing that cloud computing is at an early stage of development in India and attempts to bring it under a regulatory fold will be counterproductive. “Cloud services are provided over telecom infrastructure, which is already licensed and regulated. There is no need for any additional licensing or regulatory oversight,” it said in its response to the TRAI paper.

However, many critical aspects of cloud computing need regulation. The regulation should focus primarily on liability, data sovereignty and legal interception, said Bhattacharya of KPMG. “We should monitor but we should not over control unless it becomes important. Free flow of data unless it does not violates cross border regulations is also important,” Mishra of Gartner said.

For the time being, service providers – and users – will have to keep guessing whether to comply with two separate regulations, or whether regulations will be voluntary or mandatory.

pratap@governancenow.com

(The article appears in the November 1-15, 2016 issue)

Comments

 

Other News

Jal Jeevan Mission: 6.70 crore households provided with tap water connections

Since August 2019, Government of India, in partnership with States, is implementing Jal Jeevan Mission (JJM) to make provision of potable tap water supply every rural household by 2024. As many as 6.70 crore households have been provided with tap water connections in the 35 months, since Aug

Cloud inclusivity: Ensuring highly regulated organisations are ready for a cloud-first world

Over the last few years, cloud has been able to create a special place for itself amongst fast moving, competitive and growth-led organisations. As the technology became an imperative, it has undoubtedly created unique business opportunities and isbecoming an anchor for innovation for leading businesses gl

1.29 crore voters chose NOTA in five years

None-of-the-above, or NOTA – the option introduced for voters in 2013 when they don’t want to support any of the candidate – has made some progress. In the past five years, NOTA has secured 1,29,77,627 votes in state assembly elections and Lok Sabha election, according to an analysis by t

India committs to reduce Emissions Intensity of GDP by 45% by 2030

India stands committed to reduce Emissions Intensity of its GDP by 45 percent from the 2005 level by 2030 and achieve about 50 percent cumulative electric power installed capacity from non-fossil fuel-based energy resources by 2030. The country’s India’s updated Nationally Determined Contributi

5G spectrum auction grosses Rs. 1,50,173 crore

The government had put 72,098 MHz spectrum to auction, of which 51,236 MHz (71% of the total) has been sold with bid amounting to Rs. 1,50,173 crore. Adani Data Networks Ltd has obtained 400 MHz spectrum in mm wave band (26 GHz). Bharti Airtel Ltd has obtained 19,867.8 MHz in 900, 1800, 2100

Delhi has been getting hotter since 2020

A steep rise has been recorded over the past three years in pre-monsoon surface air temperature, land surface temperature and relative humidity in Delhi/NCR, whereas there is no such increase in relative humidity. This is a cause of concern, Dr Jitendra Singh, minister of state (independent

Visionary Talk: Amitabh Gupta, Pune Police Commissioner with Kailashnath Adhikari, MD, Governance Now


Archives

Current Issue

Opinion

Facebook    Twitter    Google Plus    Linkedin    Subscribe Newsletter

Twitter