All government related data from state and central departments residing in cloud storage networks should be located servers in India and not in foreign countries, the Ministry of Electronics & Information Technology (MEITY) said in its latest set of guidelines. These guidelines must be followed by cloud service providers, every time they sign a contract with a government entity for data storage. The new guidelines specify that any company looking to offer cloud services to government entities will first need to go through rigorous Standardisation Testing and Quality Certification (STQC) which is issued by the MEITY itself. STQC testing for cloud storage companies specifies certain benchmarks, standard encryptions techniques etc. to ensure that sensitive data being stored on the cloud is safe. As of now, As of now, MEITY has certified 11 companies that can provide cloud solution to government departments. These include Microsoft, HP, IBM India, Tata Communications, Bharat Sanchar Nigam Limited (BSNL), Net Magic IT Services, Sify Technologies and CtrlS Data Centers. Additionally, the cloud provider must agree to all requests from law enforcement entities. “The onus shall be on the Service Provider to perform all due diligence before releasing any such information to any such law enforcement agency,” the guideline added. Contract clauses for agreements for cloud providers Apart from this, MEITY has specified certain contractual terms that may be included in the agreements between the cloud service provider and government entity: - Central search system for govt: The cloud provider should place an “e-discovery” system to allow…
