• No results found

Overview of Cloud Computing in India

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Overview of Cloud Computing in India"

Copied!
15
0
0

Loading.... (view fulltext now)

Download now ( 15 Page )

Full text

(1)

®

Overview of Cloud Computing in India

September 17, 2014

Rahul Jain

Principal Consultant

Data Security Council of India

(2)

G

lobal

$ 111 bn $ 131 bn $148.8 bn $ 650-700 bn

2012

2013

2014

2020

$ 326 mn $ 443 mn $ 15-18 bn

Indi

a

Cloud Market Opportunity

New Public Cloud Spending

North America: 59%

2013 - 2016

Western Europe: 24%

Largest region

Asia/Pacific Greater China &

Latin America

Highest growth

Indonesia & India $71.5 bn

2012

2013

Worldwide IT Spending Globally | 2.0% $66.4 bn

Source : Gartner Reports, Nasscom - Deloitte Report - Deconstructing the ‘Cloud’, Zinnov

$3.6 tn $3.7 tn

G

lobal

Indi

a

Expected rise in 2013 India | 7.7% $685 mn

(3)

® Supply chain management Low High Low High

Ease of migration/ adoption on cloud

Collaboration Web Services Analytics Data Storage CRM Enterprise ERP/Custom Apps Desktop Suite Industry Applications Development and testing

Cloud ready workloads

Va lu e fr om m ig ra tion to cl ou d HR/Talent /Recruitment Finance/ Accounting

Workloads not yet amenable to cloud

What is moving to the Cloud?

(4)

Cloud Capabilities

(5)

®

Study Seize

Develop Configure/

Productize

Enterprises Enterprises, SMBs & SOHOs

Compete Co-opt Linear Non-Linear Time to opportunity Service portfolio Target markets Perspective on ecosystem Growth

“Traditional think” “Cloud think”

IT Service Providers to re-invent their thinking

(6)

70% 30% 39% 11% 13% 22% 25% 50% 37% 22% 15% 33% 2% 16% 21% 38% 47% 33% 3% 4% 4% 18% 24% 8% 11% 2% 4% Data Security & Privacy

Compliance Issues Legal & Contractual Issues Challenges in migration Lack of clarity in pay per use Model

Integration of Cloud based…

Critical Very Important Important Less Important Not Important

Key Challenges and Concerns in Adoption

(7)

®

Policy and Legal Issues in the Cloud

Location of data, systems

& servers

Applicability &

interpretation of laws

Provision for transfer of data

Obligations of cloud service

providers

Accountability & liability of

user organizations

Security and privacy standards

and practices

Cyber Crime investigation

measures / Cyber forensics

Surveillance & Interception

requirements

Use of specific technology (like

encryption)

Measures for international

cooperation

The above issues would have different perspectives depending on B2B versus B2C

cloud service

(8)

European sourcing market (excld. UK)

Share of Indian IT/BPM industry

Source: Nasscom Strategic Review, 2011

Impact of Restrictions on Data Transfers

24 %

55 %

Global sourcing market

IT outsourcing spend

Offshored

(Global)

Offshored

(Germanic Region)

26.6%

24.5%

8-12%

8-12%

Source: Nasscom Strategic Review, 2011

(9)

®

Lawful Access in the Cloud

Jurisdictional Issues with respect to lawful access to data:

Location of computer resource

Service provided in the country,

irrespective of location of

computer resource

Breach of National Security or

Terrorist Act or involves citizen(s)

Legal framework in requesting and

requested country

Contractual terms / Terms of

service

Instruments: MLAT, Budapest

(10)

Indian Regulatory Regime & Implications for Cloud

• Sensitive Personal Information and Reasonable Security Practices (Sec 43A)

• Intermediaries & associated liabilities (Sec 79)

• Conditions for transferring sensitive personal information (Rule 7, Sec 43A) &

DoT Guidelines

• Interception, monitoring, decryption (Sec 69, 69 A, 69B)

• Preservation and retention of information (Sec 67C )

(11)

®

Specific Issues based on Industry Consultations

Data Classification Technology – data segregation based on defined parameters

– to help classify data as lawful or unlawful

Cloud Forensics - gap between the demand and supply of required set of skills

and technology in cloud forensics is significant. LEAs need to be trained.

Digital Certificates – debate on non-recognition of the root certificates

authorized by the Indian CCA in imported software products. Jurisdictional

issues also discussed.

Encryption - variance in the legal and regulatory requirements | sensitive dual

use technologies - Wassenaar Arrangement – India not a member – impact on

cloud services?

Export and Import Controls maintained by the US – restrictions on export of

state-of-the-art technology through Export Administration Regulations (EAR)|

Trade Agreement Act (TAA) list – India not there | Impact on cloud services to &

from India?

(12)

Data Localization

Data Localization Data Retention Sovereignty Surveillance Privacy Technology Advancements National Security Economic Impact Data Security Crime Investigation Taxation

Decline in global trust - American companies that offer cloud computing and webhosting services are experiencing the most acute economic fallout

The PRISM program is predicted to cost the cloud computing industry from $22 to $180 billion over the next three years

“NSA-proof” or “safer” alternatives to American-made goods is an increasingly viable strategy for

Findings from recent New America’s Open Technology Institute Report – “Surveillance Costs: The NSA’s

(13)

®

Government Policies & Cloud Standards

Cloud First Policy, USA

An integrated Cloud Computing

Strategy for the European Union

Cloud Computing Strategic Direction

Paper, Australia

G-Cloud Strategy, UK

Smart Cloud Strategy, Japan

Cloud Security Alliance – STAR certification

Federal Risk and Authorization Management

Program (FedRAMP)

NIST – SP 500-291, 500-299, 800-144, etc

PCI-DSS – cloud specific guidelines

ITU – T X. 1601 – Security Framework for cloud

ISO/IEC 27017, 27018, 27036, Part 4

ETSI – analysis of standardization requirements

Policies

Standards, Frameworks & Guidelines

US-EU & US-Japan Trade

Principles for ICT services – Cross

border data flows, local infrastructure

India-EU trade negotiations for getting

India declared as a country with ‘adequate

level of protection’

Bilateral

WG setup by GoI comprising

government and industry officials

Budapest Convention on Cybercrime for International Cooperation

Treaty

GI Cloud Initiative, India (Meghraj)

(14)

DSCI Policy Recommendations

• Establishment of assurance mechanisms (security standards, assessments & certification) for enabling organizations including government agencies and SMEs to adopt Cloud

• Exploring the possibility of setting up ‘Cloud Zones’ for hosting global Cloud hubs, on the lines of SEZs, where there can be assurance of infrastructural elements (power, water, etc), strengthened security, possible relaxation in lawful interception and surveillance, among others

• Issuance of clarification of existing laws and policies (such as relevant provisions of IT Act e.g. Intermediaries) w.r.t. Cloud; Identification of legal issues, not presently covered by the existing legal framework, and creation of appropriate provisions for addressing the same; issuance of encryption policy

• Promoting international trans-border data flows through appropriate domestic policy instruments, multi-lateral / bi-lateral trade agreements; e.g. Data protection related issues in India-EU FTA negotiations

• Participating in international efforts that will impact Cloud – policies, standards & frameworks (e.g. ISO SC 27) , cyber crimes & police investigations (e.g. Budapest

convention, MLATs), cyber security & privacy (Global Privacy Enforcement Network), etc • Identification of government commodity services, establishment of governance &

management structure for Cloud migration, creation of resource pool for guidance, reform

of procurement policies; SLA, contract & RFP standardization, empanelment of Cloud

(15)

®

Thank You

References

Download now ( PDF - 15 Page - 422.84 KB )

Related documents

White rice consumption and risk of esophageal cancer in Xinjiang Uyghur Autonomous Region, northwest China: a case-control study

This study investigated the association between white rice consumption and the risk of esophageal cancer in remote northwest China, where the cancer incidence is known to be high..

A Novel Segmentation, Mutual Information Network Framework for EEG Analysis of Motor Tasks

The deviation of clustering coefficient C of the graph from the overall mean of the four groups as a function threshold T at three frequency bands..

Opinion & Special Articles: Professionalism in neurologyMaintaining patient rapport in a world of EMR

tablet computers has the ability to change the dynamic of encounters as it may help share information with patients, foster their education, and eventually enhance patient –

Consistent and Flexible Integration of Morphological Annotation in the Arabic Treebank

Wild Sex in Zebrafish: Loss of the Natural Sex Determinant in Domesticated Strains

A cross between a female of the NA (Nadia) natural strain by a male of the AB laboratory strain identified a single sex-linked locus on zebrafish chromosome 4 (Chr4) while the

Ixora coccinea: Study of Phytochemical Parameters and Antioxidant Activity

ABSTRACT: The species belonging to the genus Ixora are amongst the plants in Indian traditional Ayurveda system of medicine for a variety of ailments. The research work carried

Evaluation of Blast Furnace Slag as Alternative of Natural Sand in Cement Concrete and Cement Mortar

 The evaluation of compressive strength of cement concrete cube prepared with natural sand and percentage replacement of natural sand with Blast Furnace Slag (BFS) as fine

Primary extranodal marginal zone B-cell lymphoma with diffuse uveal involvement and focal infiltration of the trabecular meshwork: a case report and review of literature

In this study, we present a rare case of EMZL diffusely involving the uvea with focal involvement of trabecular meshwork and review of reported cases.. The study was approved