Govt Upgrades Legacy Email to Cloud-Based Secure System
New Zoho-powered platform to enforce strong encryption, data sovereignty and 99.9% uptime.
- Government replaces legacy email with a cloud-based, secure, scalable system developed by Zoho.
- Strict data sovereignty rules mandate that all data stay within India.
- End-to-end encryption, MFA, geo-fencing, and NIC-CERT integration form the core security architecture.
- System promises 99.9% uptime with disaster recovery centres 500 km apart.
GG News Bureau
New Delhi, 5th Dec: The Government of India has initiated a comprehensive upgrade of its official email infrastructure, shifting from the legacy system to a cloud-based, secure and scalable platform. The upgrade is being executed through Zoho Corporation Ltd., an Indian software provider selected via an open competitive process. The move aims to modernise government communication while ensuring robust security and data sovereignty.
Announcing the transition in the Rajya Sabha, Minister of State for Electronics and Information Technology Jitin Prasada said the upgraded service will offer faster scaling, seamless migration of existing accounts, and integrated productivity tools such as word processors, spreadsheets and presentation software.
Strong Security Architecture Defined
The revamped email platform is built on a security framework designed to protect sensitive government data. All email content will be encrypted both at rest and in transit, using RSA-256 and TLS 1.3 encryption standards. The service provider must adhere to global security certifications including ISO 27001, ISO/IEC 27017 and ISO 27018.
Key security features include:
- Mandatory Multi-Factor Authentication (MFA) across all protocols (Web, IMAP, SMTP, POP, Calendar)
- Geo-fencing and IP-based access restrictions
- Anti-spoofing measures aligned with global standards
- Mobile Device Management (MDM) and advanced threat protection systems
The platform is also integrated with NIC-CERT’s Security Information and Event Management (SIEM) system to enable real-time monitoring and response to threats.
Full Data Sovereignty Ensured
The government has mandated that all data generated through the email service must remain within India. Both primary and disaster recovery data centres are physically located inside the country, with no data permitted to be replicated or shared overseas.
Zoho, as an Indian-registered entity, falls under Indian law and jurisdiction. The contract reinforces the government’s focus on “Make in India,” ensuring full ownership of data and intellectual property created during the contract.
High Reliability and Disaster Preparedness
To guarantee continuity of service, the upgraded system mandates a minimum uptime of 99.9% round-the-clock. The service provider is also required to maintain disaster recovery sites in separate seismic zones at least 500 kilometres apart. Strict Recovery Time and Recovery Point Objectives have been defined to minimise data loss during emergencies.
The government clarified that Arattai, a messaging app developed by Zoho, is not part of this email solution.
