In the last few years, different ministry based regulatory bodies in India are coming out with new or upgraded regulatory compliance requirements. Post series of hacking of government and non-government critical infrastructure, regulatory bodies seems firmed up to plug all way a rounds in order to reduce or mitigate security threats to critical and non critical installation. The recent cyber security policies, security compliance for OEM’s, Service Provider's -Telco’s, ISP’s, Social Networking; received with mixed reactions. Now, the new proposed regulation to include device or connected devices, apps and platforms under the net is going to change the whole dynamics of the ICT industries. Any additional regulatory compliance would impact other industries with change management and in-turn additional Capex and Opex. The flurry of regulatory guidelines is good for industries but it may act as disruptive move also. The device security certification by government authorized centre is going to delay the product launch by device players and at the same time would increase the cost of product dramatically. Currently, regulators are still struggling to appoint government authorized security compliance center in order to enable the device player to get the certifications. In that scenario, enforcement of regulation from 1st Oct 2013, seems overly optimistic scenario. Then comes the cyber security policies guideline and it contain hundred’s of new proposed mechanism as well as offer little visibilities for ecosystem players. In a world of convergence, when device or OEM’s or SP or ISP goes for security certifications the same certification centre must correlate the multiple security regulations in order to create the scenario’s to execute detailed testing instead of expecting the ecosystem player plunge into time taking process of going to multiple regulatory bodies for the same. In my point of view, regulatory bodies may take an option of working seamlessly internally and coming out with one consolidated guideline for the ecosystem for the certification process and also tag the time bound commitment from regulatory bodies to complete the certification clearance. It is observed the OEM’s are put in queue to get the clearance and it impacts their product delivery to end customer and subsequently delays the complete ecosystem cycle. I believe that good initiative would be made more seamless in near future.
Android Applications
E2E Applications