With the advent of cloud computing services and jargons like SMAC (social, mobility, analytics and cloud services) in the information technology world, there is a need for relevant laws and regulations too.
Especially, in India, there is a need for fresh thinking as many of the existing laws are based on regulations or policies of the British era. US-based EMC, which provides cloud services, big data and IT infrastructure services, said India is lagging behind in framing IT laws compared to other countries in the Asia Pacific region. In an interview with Business Line, Surajit Sen, Country Manager-Data Protection and Availability Division EMC India and SAARC, talks in detail. Edited excerpts:
Where do you see India in terms of cloud computing and its adoption?
There are certain things in our industry which are unstoppable forces. Cloud computing is one such thing – it’s like a paradigm shift – and eventually India will be like most of the countries of the world. Value proposition is so compelling that I don’t see any reason why India or any customer wouldn’t adopt it. It is just that we are a slow starter. Elsewhere in the world, people have built the business model required to succeed and that is the reason why cloud adoption is picking up rapidly in most of the markets. India have been at the bottom of the table within Asia Pacific, as cloud adoption is lowest here.
You think new policies should be made around it?
We have done a fair bit of work in last few years around building the policies and we do have some policies. But, in some areas, it is completely blank. For example, we don’t tell companies how long they should retain personal data or information…your employer is not legally bound to retain your employment record for some length of time. But then, we have fast emerging standards like KYC (know your customer) that the RBI has done for banks. What India lacks at the moment is enforcement – that is an area we can definitely improve upon. Elsewhere in the world, there are penalties that may levy on companies, which may run into billion of dollars at times. That is why companies have extra vigilant around compliance. Unfortunately for us, the penalties are not very well defined, well etched out or in some cases they are so low that people just don’t care. Our regulators are not the best when it comes to checking whether they are compliant or not.
But, do you think companies or users are aware of that?
Some companies have explicit rules, which prohibit one from sending data or information outside a country, but it is not clear in India. It is not explicitly mentioned anywhere whether you are allowed to send corporate data or financial record to the employee outside the country. And, that is one reason why cloud services adoption is low (in India) because many of the cloud service providers are hosting their services outside India. Indian customers, if they have to avail themselves of their services, either they go ahead and do it unknowingly (they don’t know the implications) or they are not sure how the Government react in availing those kind of services, so don’t adopt it.
Do you support the idea that companies serving in India should have their servers here?
It is really for the Government to decide because national security and national interest are important. It is just that we make life tough for companies to do business and that is the reason why they are reluctant to set up database here. If only the Government could have the right regulations and policies around IT and cloud services, we will have massive surge and whether it makes sense for some companies to build their data centres in India that is a business decision.