Jump to content
Reliance Jio & Reliance Mobile Discussion Forums
Sign in to follow this  
kesav

TRAI's Call For Papers on "Regulatory Framework For Cloud Computing”

Recommended Posts

TRAI's Call for Papers on "Regulatory Framework for Cloud Computing”

http://www.trai.gov.in/CallForPapers.asp

Cloud computing poses major threat to national security and individual's privacy.

It's highly important that TRAI brings about regulations before cloud computing spreads across rapidly......

Edited by kesav

Share this post


Link to post
Share on other sites

I can understand how terrorism is a threat to national security but I fail to see how cloud computing poses a major threat to national security and individual's privacy. The moment any of your data resides on someone else's server, there is every possibility of your privacy being invaded. Whether Facebook or Gmail (oops this is already on a cloud) this is the case. Furthermore, any organization or group of individuals can setup their own private cloud employing any suitable security measures. Currently this does happen to a limited extent through means of VPNs where employees can access resources of their company from anywhere in the world. The primary advantage of a cloud is reduced costs and better resource management.

If people are concerned about military installations and defence labs, in most cases, the internal networks are physically isolated from the outside world. A few standalone systems however are connected to the internet, through which people can gain access to outside resources. Sensitive information is never kept on these systems. And for most parts employees are not even allowed to carry in or carry out pen drives. Visitors and consultants are not even allowed to carry their mobiles inside.

Share this post


Link to post
Share on other sites

:previous:

How individual privacy is compromised? , you've already explained with examples of facebook, gmail, skype etc.,. With cloud, you further magnify that problem by moving entire private desktop into servers.

How national security is compromised?

Defense subcontractors are trusted and verified Indian SMEs/Corporates. In case, any of these SMEs use cloud for economical reasons the security is compromised.

Corporates normally have their data centers maintained by multinational IT infrastructure company. Recently, IT infrastructure providers are convincing their clients to have cloud based dynamic data centers which have lot of advantages over conventional data centers. Once, you move the data to the servers of IT infrastructure providers the security is compromised.

Cloud has innumerable advantages like wild horse. It has to be bridled to make it a race horse.

Share this post


Link to post
Share on other sites

It's one thing to keep your money in a bank locker. But a completely another thing to keep it in a locker in a public place. For example I do not have a Facebook account for this particular reason, lack of privacy. Cloud computing is optional, just like Gmail is. Corporates can have their own private cloud, completely isolated from the outside, even if necessary physically. For example, Google is providing a private cloud specifically for the US govt. It is called Google apps for the Government.

Most corporates are extremely secretive about their work. This is primarily to keep things away from the competition. And they would go to great lengths to do so in addition to maintaining multiple layers of hierarchy. Even keeping one project group isolated from the other. What they normally outsource is less sensitive stuff. More sensitive ones are almost never outsourced. For example how many corporates use "Google apps for Businesses" to handle sensitive information?

Just using cloud computing does not necessarily mean security is compromised. Security could be compromised. I would like to give an analogy of defending ones house versus defending a fort. It is less easy to defend a house. Much easier to defend a fort, for the primary reason that there are more people and well trained staff to do so and the risk of failing to do so is much higher. On the other hand, it is less easy to defend your house a house against a small army or even a single strong man. Yes loopholes can be exploited in cloud computing, but the possibilities of doing so are extremely thin.

A more real example would be to indicate the number of times my employers website was hacked (no thanks to the not so qualified sysads who do very little work and the one qualified sysad is busy handling too many things). But my blogspot page has never been hacked. As have some of the sites of some non-profits I have hosted on Google apps. They are actually quite happy with it, never even bothered to call me, till the domain name provider forgot to renew the domain, and I had it fixed. Thus in the past 4 years they never faced any problem. On the other hand cannot say the same about my employer.

In my former workplace, we generally use NFS/NIS for filesharing/authentication. When I had to handle some defence projects I intentionally disabled the NFS/NIS on my system knowing that it was insecure. It was more difficult for me to use the resources at my workplace, but it was worth it.

ps: Please do not consider this as an argument for the sake of argument. The purpose of this argument is for me to become more clear on how the nature of the security threat when using cloud computing is any more different than the current set of security threats.

Share this post


Link to post
Share on other sites

Keep aside the national security & individual privacy angle for a moment because that makes people angry (Rightly So..) what with many of the ill-informed, hasty, ambigous, non-uniform policy directives in recent times regarding Blackberry, Nokia, Internet, Telephone interception etc. from the govt. (Not TRAI)

But isn't the other points for discussing regulation are far more important when Cloud Computing is going to be/already is billions of dollar industry. The point of discussion is more from the angle of Consumer. Question is if there is a wide spread service which will be availed by millions, can all the rules of the game be decided by the Service Providers themselves keeping only their interest in mind or should there is a broad policy framework which protects the interest of all and allows the sector to be run in an organised manner. If one just looks at the following areas listed in the discussion paper, the need is imperative.

Papers could cover any of the areas concerning Cloud Computing as listed below:-

Regulatory framework for Cloud Computing.

Ensuring high availability levels.

Data erasing in the Cloud.

Data privacy at Service provider end

Data Security over the Cloud.

Data Export Restrictions

Monitoring Data Handling

regulations required for Regulated Industries (financial services healthcare)

Multiple Jurisdictions / Areas when data is stored at different data centres

Enhanced security Cloud Computing services

Ensuring quality of the Cloud service

Exit strategies and switching suppliers

Cloud Television/cloud computing on TV – levels of QoS

Inter-operable between Cloud Service Providers (common protocols)

Legal framework in distributive mode

Licensing issues for cloud computing

Imagine a hypothetical scenario. I am an SME operating in India. There are millions. Now because of Cost Effectiveness, Clould Computing is an attractive proposition for me. I consider 2-3 different service providers. Each one has its own terms & conditions for the above points. And as usual all the terms are always structured according to the convenience of the service provider. I don't have any say in that. What do i do? I may select the least bothersome among them but does that fulfill my needs, data security & privacy, availability levels, jurisdiction issues, QOS, inter-operability etc? Probably not and absence of any regulation (which is the case presently) leaves a large industry to function pretty much in the wild and run amock as they like it ignoring all this legitimate issues.

If we don't associate this proposed regulations as a curb for Individual Freedom (I don't think that looks like the intention of the Regulator based on areas listed), there is an undeniable need for it. Let's hope TRAI comes out with progressive, growth oriented and well thought out regulatory framework. I am hopeful because their starting point is gathering papers/point of view of all stakeholders, discuss and then evolve the framework.

Edited by rajanmehta
  • Like 1

Share this post


Link to post
Share on other sites

Why is TRAI wasting efforts in reinventing the wheel when other countries have already worked on cloud computing regulatory framework and interoperability standards, why does TRAI not build on these concepts and align them to Indian ecosystem.

E.g. This Europe report has several recommendations on how the regulatory framework should be.

Recommendation 2: The EC together with Member States should set up the right regulatory

framework to facilitate the uptake of Cloud computing

Cloud systems are mostly in an experimental stage – to fully exploit their capabilities in

particular from a commercial side, the according impact, dependencies, requirements

etc. need to be evaluated carefully. Accordingly, research efforts need to be vested not

only into technological aspects of realizing cloud systems, but also into the aspects

related to commercial and business aspects, in particular involving economical and

legalistic concerns. Accordingly, business consultants, legal researchers, governmental

bodies etc. should be encouraged to participate in investigating the particular

circumstances of cloud provisioning. Obviously, technologies thereby need to recognize

results from these areas, just as economical and legalistic views need to acknowledge

the technological capabilities and restrictions.

In summary, the specific issues are: (1) Economical aspects; (2) Legalistic issues; (3) Green IT.

  • Like 1

Share this post


Link to post
Share on other sites

Corporates are desperate to get their technologies approved as standards, after which they have no intention of any interoperability. Take the case of Microsoft's OOXML a version of which was standardized even though no software can/does implement the standardized version fully. The manner in which i got its non standard OOXML standardized was by bribing the representing members/organizations of the countries(most of them from Europe). India, South Africa and Brazil opposed OOXML. Even in India, Microsoft along with many Indian IT companies (Infosys, TCS, Wipro, Nasscom and others) wanted it to be approved as BIS standard and voted along with Microsoft. But fortunately academic institutions with IIT Mumbai taking the lead, government organizations and some other companies opposed it and instead preferred OpenDocument. ( For more details please read the BIS Documents on OOXML.) Thanks to their efforts, we have a truly open standard for all documents in India.

To see to what lengths a companies like Microsoft could go in getting their standards approved you should read Prof Deepak B Phatak's Open Letter.

I believe in not reinventing the wheel. But if the wheel fits only one car, then one is left with no other choice but to reinvent it. This is exactly the situation with using the European report for India. It may or may not fit India. We cannot be sure of the lobbying that has taken place in many European countries by corporates. It is therefore necessary that all the stakeholders in India be involved in drafting a policy document for India.

Edited by anandjm
  • Like 1

Share this post


Link to post
Share on other sites

India is not an initiator in R&D, we always use standards and frameworks invented or implemented by other countries but make a sham of reinventing the wheel.

The Indian algorithm is something like creating a committe --> having meetings --> wasting public money in doing feasibility studies --> coming up with report --> revising the report under lobby pressures of industry --> more meetings --> revising the report under lobby pressures of politicians --> more meetings --> cost goes up --> more meetings --> feasibility report deemend unfeasible --> throwing report in dustbin --> implementing a half baked standard which is a copy of other country's ecosystem without properly adapting to our marker --> end up with neither here nor there system --> elections --> if new government then create new committee and start from beginning else carry on.

This is true in all cases from telecom (USA uses CDMA, Europe uses GSM. We use both.) to constitution (USA uses president. UK uses prime minister. We use both.)

We can never fully reinvent the wheel because we hardly ever invent anything. We are a services driven economy not innovation driven. In the end we are just going to adopt an outside country's system and pass it off as Indian reinvention.

Instead of wasting efforts in such reinventing if we actually built on the good of readymade systems, and adapted it to our scenario, we would save effort and money, and also have better products.

This discussion is way off topic so would stop here. Sorry to OP.

Share this post


Link to post
Share on other sites

:previous:

I second what @anandjm said completely on post#7....+1 for you...

Absolutely, we don't have any necessity to copy something from western world which is totally tuned and more often purposely skewed to exploit other countries.

I also agree to @dipanlahiri statement on "adopting to our scenario".

It's whole purpose of this consultation after all....

Nobody stops anybody from submitting cloud_report_final.pdf document as his suggestion to TRAI.

All stakeholders will tear open the inefficiencies in those regulations and would help to bring meaningful regulations which suits our own interests.

As @Rajan says consultation is wider, it's just not only on security and privacy.

@anandjm, The issue of security lies mainly due to the reason that the fort is owned and manned by our friend Brutus. It's better not to park our secrets there......

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×