Regulatory Issues
In the case of cloud computing, regulation might be exactly what we need. Without some rules in place there are
chances for unsecure with service or even shifty enough to make off with your data. ‘Sensitive Data’ is defined as personal information that relates to:
- passwords;
- financial information such as Bank account or credit card or debit card or other payment instrument details; (c)physical, psychological and mental health condition;
(d)sexual orientation; (e)medical records and history; (f)biometric information;
any detail relating to the above received by the body corporate for provision of services; or any information relating to (a)
– (g) that is received, stored or processed by the body corporate under a lawful contract or otherwise. No existing regulation: currently there is no existing regulation. While comparing cloud service providers to banks there are similarities.
Banks deal with money whereas cloud service providers deal with data, both are immense value to consumers and organizations alike.
Location of Stored Data – Service providers generally do not disclose the location where the service subscriber’s data are stored. It leaves users in the dark regarding the extent of protection applied to their critical information. Although security certifications could lessen the user’s anxiety, the matter of determining if the provider’s compliance with legal and regulatory laws includes those that cover the geographical location where data is stored, aside from the laws of the areas where the data was collected.
If government can figure out a way to safeguard data, either from loss or theft of any company facing such a loss would applaud the regulation. One such example is the greatest bank failure in American History. In 2008 the United States government took control of Washington Mutual. On the other hand, there are those who think the government should stay out of it and let competition and market forces guide cloud computing.
Law enforcement agencies have easier access to personal information on cloud data than that stored on a personal computer. Also the big problem is that people using cloud services are not aware of the privacy and security implication on their online email accounts, their LinkedIn account, their MySpace page, and so forth. While these are popular sites for individuals, they are still considered cloud services and their regulation may affect other cloud services.
Government Procurement
There are also questions about whether government agencies will store their data on the cloud. Procurement regulations will have to change for government agencies to be keen on jumping on the cloud. The General Service Administration (GSA) is making a push toward cloud computing, in an effort to reduce the amount of energy their computers consume. The GSA is working with a vendor to develop an application that will calculate how much energy government agencies consume.
Government Policies:
The aim of the cloud policy of government is to realise a comprehensive vision of a government cloud (GI Cloud) environment available for use by central and state government line departments, districts and municipalities to accelerate their ICT-enabled service improvements. As per the guidelines, both cloud service provider (CSP) and government department will have to share responsibility for the managing services provisioned using cloud computing facility.
To implement the policy, Government of India has made an initial step “GI Cloud” which has been coined as ‘Meghraj’. The focus of this initiative is to accelerate delivery of e-services in the country while optimizing the expenditure of the Government. The ministry of electronics and IT has issued on important guideline regarding the location of data as follows:
“The terms and conditions of the Empanelment of the Cloud Service Provider has taken care of this requirement by stating that all services including data will be guaranteed to reside in India”. The cloud computing service enables its user to hire or use software, storage, servers as per requirement instead of purchasing the whole system. Meity( Ministry of Electronics and Information Technology) has empanelled the following companies for providing cloud computing services to government departments :
- Microsoft ,
- Hewlett Packard,
- IBM India ,
- Tata Communications,
- Bharat Sanchar Nigam Ltd (BSNL),
- Net Magic IT Services,
- Sify Technologies and
- CtrlS Data
The architectural vision of GI Cloud as mentioned above consists of a set of discrete cloud computing environments spread across multiple locations, built on existing or new (augmented) infrastructure as given below : Components of Meghraj
- Setting up of State and National Clouds
- Set up an e-Gov Appstore
- Empanelment of Cloud Service Providers
- Empanelment of Cloud Auditors
- Setting up of Cloud Management Office
- Setting up an eco-system for Cloud proliferation (Policies, Guidelines, templates, security norms, certification, business models for applications, tariff & revenue models for private sector Cloud services)
- Awareness workshops, training programs and migration support for cloud adoption by
- MeghRaj (GI-Cloud) service Directory
- Setting up of Clouds by other Government entities Cloud Deployment Models:
The empanelment of the Cloud service offerings of CSPs has been done for a combination of the Cloud Deployment models and Service models as mentioned below:
GI Cloud Architecture

Implementation model Cloud Deployment Models:
The empanelment of the Cloud service offerings of CSPs has been done for a combination of the Cloud Deployment models and Service models as mentioned below:
Public Cloud :
A shared multi-tenant IT infrastructure is made available over the internet. It is owned and operated by a Cloud Service Provider delivering cloud services to the Government Department.
Virtual Private Cloud :
A logically separated Cloud Infrastructure (Servers, Storage, Network infrastructure and Networks) to protect data, applications and servers and provide robust virtual isolation for the Government Department.
Government Community Cloud
A cloud with IT infrastructure resources which will be dedicated for two or more Government Departments that have common privacy, security and regulatory considerations.