Panel to advise govt, IT cos on cloud security on the cards

Written by Goutam Das | Goutam Das | Bangalore | Updated: Jun 29 2011, 07:19am hrs
The Data Security Council of India, a body formed by Indias IT industry lobby Nasscom to promote data protection, is setting up a cloud security advisory group that will shortly come up with a policy framework for all stakeholders, including the government. The group will advise the government in critical areas such as security, privacy and location of servers in a cloud environment. The Union government is expected to promote usage of cloud services from its own data centres.

Kamlesh Bajaj, CEO of Data Security Council of India, said that governments across the world are struggling to understand cloud and formulate policies that protect both consumers and companies.

Everybody is concerned about cloud security. Compliance is required. Clients who are outsourcing to cloud service providers would like to be assured. We would like to come up with a policy framework and then submit it to the government, he told FE. The advisory group will have members from IT companies, Indian and global cloud service providers, lawyers and law enforcement bodies of the country.

Cloud computing, a new way of delivering IT products and services over the Internet, is catching up across the world. Since a companys applications may be hosted in a different geography and in a shared data centre, it has thrown up plenty of data security issues.

The need for greater data security in cloud has only been underlined by a series of high-profile breaches. In April, Sony revealed that passwords and credit-card details of 77 million accounts were stolen after hackers gained access to its PlayStation online-gaming system network. Google, Citi group, Lockheed Martin and even IMF have been attacked by hackers recently. A recent survey by online security software firm Symantec found that CEOs and CFOs in India were concerned about moving business-critical applications into cloud environments due to challenges such as security and reliability.

Since cloud computing is a new paradigm, there are loads of unanswered questions and the advisory group would try to make sense of tricky issues, Bajaj said.