Get in Touch
Get in Touch


Building the G2C value chain with Cloud-First-Security-First approach

August 23, 2023

Rajesh Awasthi   

Vice President & Global Head of Managed Hosting and Cloud Services

India is transforming towards a digital, diverse, secure and inclusive economy and cloud computing is helping the country in bridging the digital divide, step by step. In this article, Rajesh Awasthi, VP and Global Head of Managed Hosting and Cloud at Tata Communications, explores how India is building the Government to Citizen (G2C) value chain with a cloud-first-security-first approach.

Digital India Mission has transformed the delivery of government services to millions across the country. Now, this pioneering campaign is entering its next phase, to ensure the anytime, anywhere access to citizen services that an increasingly tech-savvy population expects. To rise to the challenge, government enterprises will need a fresh approach to digitisation.

Therefore, to create a nationwide digital infrastructure, allied with new tools and technologies – AI, Big Data and the Internet of Things [IoT] which will galvanise various sectors to improve the well-being of every Indian will require Government of India to build and sustain a robust digital architecture. This is where the cloud infrastructure takes the centre stage that forms the core of services delivered to citizens of India through multiple applications. These services are segregated into two major categories:

  1. Services directly consumed by citizens like health records for citizens, benefits for BPL families, applying for a passport and schemes for farmers.
  2. Services consumed by different Government departments like Procurement through portals for government departments and weather forecasting.

With cloud playing a major role in the digital journey of government enterprises, it becomes eminent that cyber security and data privacy plays an extremely critical role in ensuring that the customer data is safe from breaches.

“With multiple integrations and technologies on a cloud platform and rising sophisticated cloud threats, hackers can exploit vulnerability due to misconfiguration, weak or unauthorised access, malicious insider to compromise security controls, establish foothold and move laterally to exfiltrate sensitive data.”

Often, we have seen that the vulnerabilities in the application or infrastructure are exploited to gain access to customer data. This affects the confidentiality, integrity and availability (CIA) of citizens personally identifiable information (PII) or sensitive information of various projects under the State and Central ministries.

To overcome these challenges, Government of India will need to start by assessing and uplifting the digital posture of each concerned department, further enabling an interconnected ecosystem of government, private, and peering parties, and offering seamless and secure last mile for G2C services and support. All this while keeping the citizen’s data and identity safe.

Adopting a digital platform is prudent with a Cloud-Internet-Security-First approach – an integrated, scalable and resilient digital core that brings together the best of infrastructure, application, technology stacks and systems integration in a holistic manner to facilitate cohesive operations while meeting the various regulations and compliances and maintaining all security parameters across data privacy, residency, sovereignty and more.

A cloud first strategy will help government departments to build a centralised IT infrastructure which can optimise operations and reduce maintenance costs and downtime. It also helps build and deploy applications in a scalable manner using containers and microservices enabling government to launch new or enhanced citizen services in future. Therefore, it is extremely important that the design, deployment, and compliance of any cloud infrastructure hosting Government applications, should be of highest priority and certified by a competent authority.

The Cloud service provider should ensure that they offer a Sovereign Cloud Platform that provides an integrated hybrid-ready cloud platform, with the flexibility and control government wants along with the assurance of staying compliant with ever evolving regional and regulatory guidelines at all times. To safeguard the national interest, it’s important that foreign authorities have no access over the data and government organisations can physically visit data centres for auditing their assets to ensure the vulnerabilities are accounted for and rectified.

A dedicated Government Community Cloud (GCC) that is secure, efficient and outcome-oriented, is a composable way to drive digitisation where a dedicated, federated and secured cloud infrastructure has been created especially for government agencies. Hence, ensuring that government’s extremely sensitive and valuable data is safeguarded – with both user data and control meta-data deployed, monitored, and managed 100% in country and governed by the law of land. This is further complemented by an open API lead approach to accommodate different internal and external agencies for swift and secured digital interconnections.

“With ease of access through smartphones, tablets and laptops, the traffic to citizen-services workloads will only increase, resulting in greater need to set up mechanisms to counter cyber-attacks and other security threats.”

Making existence of a trustworthy cyber security infrastructure following the principles of security by design is a precondition for all e-governance initiatives.

Therefore, adoption of a security first strategy is essential to reduce and manage cyber risk. Cyber threats are getting more prevalent, and the scale and severity of attacks are getting more intense. The hyper connected digital environments have expanded the attack surfaces and vulnerabilities. A single security breach may lead to data loss, disruption of day-to-day operations and impact the credibility of the system.

The following best practices are recommended for cyber security that State and Central Governments should adopt to deliver services securely while leveraging cloud technology benefits.

  • With rising internal attacks from malicious insiders or compromised credentials, escalate security with SSO, MFA and privilege identity management to stop abuse from privileges, and attacks on admin accounts.
  • With politically motivated advanced persistent groups (APT groups) targeting Indian government-run services and infrastructure with distributed denial of services attacks, appropriate security controls to prevent DDoS attacks and ensure uninterrupted delivery of critical services must be deployed.
  • With fragmentation of cloud endpoints securing this diverse landscape will require multiple endpoint security controls including antivirus or malware protection, host-based intrusion prevention system (HIPS) and file integrity monitoring (FIM) that continuously monitors and verifies the integrity of files and configurations on servers, detecting any unauthorised changes or modifications to protect against tampering, data breaches, and unauthorised access.
  • To safeguard applications, governments can enforce application level micro-segmentation for cloud, SaaS and web applications. It can also govern cloud usage across different devices and help meet regulatory compliance and data privacy mandates.
  • Furthermore, governments can partner with cyber security service providers that can work as an extension of their SOC teams to integrate managed detection and response/SIEM solutions to quickly detect threats across the cloud estate, and automatically respond to them swiftly. The cyber detection and response services that leverage MITRE ATT&CK framework cyber threat intelligence and threat advisory can provide recommendations on preventing on-going attacks.
  • Uncover security gaps with vulnerability assessments that help identify misconfigurations, application-level code, configuration and design errors, REST API vulnerabilities, including secure code review and DAST to measure potential risks scores and prioritize security for higher risk assets. This further helps in adhering to regulatory compliance requirements.

The future of e-governance starts from how well streamlined, integrated and automated the government processes are, and how conveniently can they be used by citizens. Digital India will ride on the reach and access to citizen services and information – anywhere, anytime by the Indian citizens.

Tata Communications is on a mission to empower governments and enterprises build a resilient and self-reliant India by protecting the country’s critical infrastructure and systems that Indians rely on every day with smarter and secure solutions.

To learn more about how Tata Communications is helping governments and enterprises protect their critical systems and infrastructure, click here.