Securing Citizen data: With the recent entry and growth of global companies like Google Tez and WhatsApp in the payment system market, it is imperative for the government to regulate the growing ecosystem, amid the risk of increased data breaches. Global companies usually operate their data centers and store customer data in their location of preference leading to governance and audit concerns during an event of data breach. The central bank’s regulation will allow for better monitoring and scrutiny of transnational data, as well as to have unfettered access to data stored in the payment eco-system. While the primary intent for the compliance stems from the need to react faster in case of security breaches, there are far broader implications for vendors in the payment ecosystem such as relocating data to servers in India, cost and downtime concerns and complete auditing within the deadline.
While some global majors in the payment industry including American Express, Visa and other players have raised concerns and reservations, others like Google, Mastercard are planning to comply with the necessary local laws as it meets the necessary expansion plans that they would inadvertently have to execute in lieu of the growing demand for cloud services. Local players currently using datacenters in India, would still need to plan for their storage backup and business continuity sites within India, if they have hosted it on cloud, elsewhere in the world.
Data Center Growth: Over the last 2 years, the India data center market witnessed investment from large players including Microsoft, Amazon, Facebook to stay close with their customers to address challenges arising from increased data volumes and associated latency while accessing data in real-time. Several other players including Google, NTT Communications, Alibaba, CloudFlare have revealed plans to invest in data centers in India to provide services for their customers in financial services, telecom, e-commerce and travel.
The RBI regulation for localized data storing is not likely to have a disruptive growth on the data center market in the short run, as the payment operators will be burdened with the cost of data relocation from offshore data centers to India as well as manage business continuity. Hence, the short-term strategy will prompt players in the payment ecosystem to focus more transferring their data to an existing physical location within India, however, the long-term focus will be to invest in their own data centers to alleviate security concerns and business continuity in the event of a disaster. There are already Tier IV data centers operational in India and most cloud service providers have their data centers within India or already investing to get them operational as early as 2019. As the payment ecosystem matures, the market will drive:
- Growth of colocation market with investment from large and medium enterprises
- Growth of storage as a service and datacenter as a service
- Growth of Hybrid Cloud deployments
- Growth of Managed service providers with a strong portfolio in IT infrastructure services including security, storage and BCDR (business continuity and disaster recovery)
It is more than likely that the compliance is the first of many such regulations to provide lawmakers with a greater control and governance aimed at strong data protection. We expect that such compliances will continue to be imposed sensitive sectors that require a greater degree of data privacy and security.
– Gowtham Kumar
Senior Manager, ICT Research