You might recall that I did a story on India wanting VPN companies to retain data on who uses their services, and VPN companies considering their options including leaving the company. India has now escalated this by saying the following:
The Indian Computer Emergency Response Team clarified (PDF) on Wednesday that “virtual private server (VPS) providers, cloud service providers, VPN service providers, virtual asset service providers, virtual asset exchange providers, custodian wallet providers and government organisations” shall follow the directive, called Cyber Security Directions, that requires them to store customers’ names, email addresses, IP addresses, know your customer records, financial transactions for a period of five years.
And:
Rajeev Chandrasekhar, the junior IT minister of India, said that VPN providers who wish to conceal who uses their services “will have to pull out.” He also said that there won’t be any public consultation on these rules.
Keep in mind that India is the second largest Internet market on the planet. So I am guessing that the Indian government is counting on the fact that VPN providers will comply rather than give up doing business in that market. And even if some or most of them do leave, the Indian government will win anyway because it will leave the VPN companies that do comply with their directive. That of course assumes that Indian citizens don’t just go out and get a VPN service from outside the country. After all, it’s not like we haven’t seen that happen before.
This will be interesting to see as I suspect that the push back will be substantial from both sides, and only one side will win. Let’s see which side that is.
New Compliance Report Finds Explosive Use of Automation, Overwhelming Ransomware And Zero Trust Focus
Posted in Commentary with tags A-LIGN on May 18, 2022 by itnerdA-LIGN, a cybersecurity compliance and audit firm, has released its second annual benchmark report, highlighting organizational compliance year-over-year as executives emphasize such programs and their significance in accelerating corporate growth. There are sereveal critical themes surrounding automation, ransomware, and zero trust including:
This benchmark report should be considered required reading by enterprises as it can serve as a roadmap as to where you focus your efforts. The report can be viewed here.
Leave a comment »