India Begins Overhaul Of Legacy Official E-Mail Setup, Selects Zoho To Deploy Cloud-Based, Secure And Scalable System

The Union government has said that India’s official email system is being upgraded and migrated to a cloud-based platform operated by Zoho Corporation Ltd., a move aimed at improving scalability, security, and reliability of government communication.

"Government of India recognizes email as an important mode of official communication. Government is upgrading the legacy e-mail system to a cloud based, secure and scalable system. This upgrade is being carried out through M/s Zoho Corporation Ltd., a reputed Indian software service provider, selected through an open competitive process," Union Minister of State for Electronics and Information Technology Jitin Prasada said in a written reply to a question in Rajya Sabha.

The minister said this model ensures timely upgrades, quick scaling up, seamless migration of existing accounts, and the integration of modern office productivity tools—such as word processors, spreadsheets, and presentation software with email service.

Prasada stressed that the security architecture of the new platform is designed to protect sensitive government data.

All emails will be encrypted both at rest and in transit, with end-to-end encryption using RSA-256 and TLS 1.3 standards.

"The service provider is required to comply with rigorous control standards and certifications, including ISO 27001, ISO/IEC 27017, and ISO 27018. Key technical security requirements include the implementation of Multi-Factor Authentication (MFA) for user identities across all protocols (Web, IMAP, SMTP, POP, and Calendar), the application of Geo-fencing and IP-based restrictions, and the use of industry standards and policies to combat email spoofing," the minister said.

The system is further integrated with NIC-CERT’s Security Information and Event Management (SIEM) tools.

Furthermore, the system requires Multi-Factor Authentication (MFA), mobile device management (MDM), and advanced threat protection mechanisms to prevent phishing, malware, and data loss (DLP).

According to the minister, the contract with the service provider ensures strict adherence to data sovereignty.

He added that the service provider has ensured that the cloud-based solution, including Primary and Disaster Recovery data centers, are physically located within India, and no data can be shared or replicated outside the country.

"Zoho is a registered Indian entity subject to Indian laws and jurisdiction. The contract emphasizes "Make in India" products, ensuring that the government’s digital communication infrastructure is sovereign, with the government retaining full ownership of all data and intellectual property created during the contract," the minister said.

The service contract mandates a minimum uptime of 99.9 per cent on a 24x7x365 basis.

To ensure high reliability, the service provider is required to maintain Disaster Recovery sites in different seismic zones at least 500 kilometres apart, with strict Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) to minimize data loss during contingencies.

The minister clarified that while Zoho operates the platform, overall responsibility for government email systems remains with NIC and remains subject to CAG audit and the provisions of the Right to Information Act.

Please click here to add Swarajya as your preferred and trusted news source on Google