VPN providers flee Indian market ahead of new data rules | #itsecurity | #infosec


VPN provider Surfshark became the latest company to pull its servers from India this week, in response to government attempts to regulate encrypted web traffic.

The new directive by India’s top cybersecurity agency, the Indian Computer Emergency Response Team (Cert-In), requires VPN, Virtual Private Server (VPS) and cloud service providers to store customers’ names, email addresses, IP addresses, know-your-customer records, and financial transactions for a period of five years.

SurfShark announced on Wednesday in a post titled “Surfshark shuts down servers in India in response to data law,” that it “proudly operates under a strict “no logs” policy, so such new requirements go against the core ethos of the company.”

SurfShark is not the first VPN provider to pull its servers from the country following the directive. ExpressVPN also decided to take the same step just last week, and NordVPN has also warned that it will be removing physical servers if the directives are not reversed.

New VPN regulations “lack clarity”

Like many businesses around the world, Indian companies have increased their reliance on VPNs since the COVID-19 pandemic forced many employees to work from home. VPN adoption grew to allow employees to access sensitive data remotely, even as companies started adopting other secure means to allow remote access such as Zero Trust Network Access and Smart DNS solutions.

A report from Atlas VPN highlights that the VPN penetration rate in India moved from 3% in 2020 to over 25% in first half of 2021, growing at the fastest rate globally with a staggering 348.7 million installs, representing a growth of 671% over 2020.

Copyright © 2022 IDG Communications, Inc.



Original Source link

Leave a Reply

Your email address will not be published.

sixty six − fifty six =