‘Cyber-incident Reporting Crucial But Data Retention Mandate May Have Concerns’: Vidhu Nautiyal

In April, Cert-In issued fresh cybersecurity directives that required VPN and cloud service providers to retain information of their users for a minimum duration of five years – even if a user cancels their registration from the provider. The directives also set a six-hour time frame for the Indian companies to report cyber-incidents. These directives were supposed to go on floor from June 27, 2022. 

But the directives faced a pushback and received many suggestions for tweaks. Few VPN companies even announced that they would shut Indian servers as they believed that the rules were impinging on user privacy. 

In a last-minute move, Cert-In decided to defer the enforcement of the cybersecurity directives to September 25. 

We got in touch with Vidhu Nautiyal, co-founder and chief revenue officer, CloudConnect Communications Pvt. Ltd, to discuss on 5G and Indian government’s cybersecurity directives. Read on for excerpts from the interview. 

Excerpts:

How can 5G networks make a significant difference in terms of security, dependability, and resilience?

The technology has multiple advantages, including secure connections against rogue devices that may capture phone calls by mimicking cell towers like one's IDs that now will be encrypted with 5G. In addition, a more robust encrypted algorithm will scramble the traffic when voice and data travel from the device to the cell tower. A 5G system will also be available 24x7, with reliable performance and quick recovery when facing disturbances or attacks. 

As 5G wireless technology is meant to deliver higher multi-Gbps peak data speeds, ultra-low latency, more reliability, massive network capacity, increased availability, and a more uniform user experience. The tech will also facilitate higher performance and improved efficiency, empowering new user experiences and connecting new industries.

How can 5G and cloud services change the dynamics of enterprise today?

Nowadays, one might say that an unfavourable measure of information is being handled every day, except there is a need to use this broad informational index to make it significant. This leads to the idea of distributed computing – which organisations and ventures utilise for putting away much of information that requires a quicker network rate.

Organisations have proactively begun incorporating 5G innovation into their frameworks. The super-quick transmission paces of 5G will change the organisation and interchanges industry. Therefore, companies will undergo shifts in tasks and correspondence with clients, occasionally evolving how brands use them, not simply restricting to 5G. 

Furthermore, the software-driven approach to the network allows communications service providers to offer customised services and connectivity based on the workload, like prioritisation of data traffic, performance guarantees, enhanced security and network slicing. The technology will make the network more flexible than it has ever been before,

The ascent of 5G organisations isn't simply restricted to the development of broadcast communications; it is a critical step in the right direction toward potential outcomes and new capacities for organizations.

What does the outlook look like for Unified communications with 5G?

The advancement, in terms of the growth of the 5G technology, will impact unified communications as a service (UCaaS). The technology will act as a catalyst and change the communication processes proactively, affecting unified communications in terms of speed and reliability. In addition, businesses can take advantage of emerging solutions like virtual and augmented reality, which offer a much more immersive experience.

What is your opinion on the recently imposed ban on all the third-party VPN and cloud services for govt employees?

The recent ban restricts government employees from storing data on any non-governmental cloud services. This has been done to sensitise the employees on what to do and what not to do from the cybersecurity perspective. Even after a pushback from the stakeholder companies, the government has stood firm, and compliance with these norms is mandatory.

The new rules may require the cloud service provider to maintain a database which in-turn requires a set-up of additional infrastructure, incurring more capital expenditure. 

Despite them being deferred temporarily, do you think the rules of storing user data for VPN and cloud service providers by Cert-In are fair?

Virtual Networks Operators are liable to abide by the License conditions laid down by the Department of Telecommunications in India. These conditions ensure the security and safety of the end-users for their data and other conditions. On the other hand, there is undoubtedly a need for a framework to govern cyber-incident reporting, but the reporting timelines and excessive data retention mandates prescribed in the directives, may have some concerns regarding the implications in practice and impede effectiveness, while risking online privacy and security.

To conclude, how the directives will play out still needs quite a bit of clarity and analysis. We cannot say for sure, and would have to wait and see the implications.

How do these new rules affect companies like CloudConnect?

CloudConnect is Virtual Network Operator, and the regulations are already laid down and all the VNO’s need to follow the same. The new rules are set for the VPN and Cloud Data Providers, so, these rules don’t directly apply to us. However, we comply by all the rules and regulations applied to us by the Department of Telecommunications.