Maharashtra Citizen’s Data Will Be Stored On Microsoft Azure Cloud. Security Concerns?
This is an interesting development – Maharashtra Government has announced that they plan to use Microsoft’s Azure Cloud to store citizen data under Digital locker scheme. This is probably the first time that citizen’s private data will be stored on third party Cloud servers. Till date, state as well as central Government used their own servers on National Informatics Center (NIC) network.
The citizen’s data stored on Azure cloud will be linked to user’s Aadhaar numbers.
The digital locker scheme is part of Narendra Modi’s ambitious Digital India programme which aims at better use of technology to deliver improved Governance to citizen’s of India. As part of Digital India programme, every citizen will be provided with the following:
- Shareable private space on a public Cloud
- All digital resources universally accessible through Cloud.
- All citizen entitlements to be available on the Cloud to ensure easy access.
- All Government documents/ certificates to be available on the Cloud.
- Portability of all entitlements for individuals through the Cloud.
Earlier last month, Devendra Fadanvis, the Maharashtra CM had announced that Microsoft will be setting up South Asia’s largest data centers in Mumbai and Pune. The Digital Locker is expected to use these data center for their Digital locker initiative.
In regards to Digital locker, Devendra Fadanvis has said, “This system will be linked with UID (Unique Identification Number, or Aadhaar); all information would be seeded with the digital identity and will help get public services.The digital information would be secure in digital lockers,”
The Digital Locker is expected to go live by end of 2015 according to Microsoft officials!
While centralizing and offering all Government services at one place is a great move, the question to be asked is, how secure will this content be.
Putting up private user data like UID (Aadhaar), passport details, medical details, PAN number etc on the cloud does pose a serious security risk. And because the cloud is owned and operated by a third party (in this case Microsoft), it will undoubtedly be accessible to them.
Currently, neither Maharashtra Government nor Microsoft has given any details on how they will be handling security and privacy, but important point remains that data will be accessible to Microsoft too!
While we are reasonably sure that all necessary safeguards will be put in place, involving a third party is in itself a big risk!
Would love to hear reader’s thought on this!