This is a fairly complex system. Let's say you are building a first-class security GIS and must use FSTEC-certified trusted boot tools. But at the same time, you have a cryptographic tool installed on your computer, and according to FSB rules, you must also use a certified trusted boot tool, but certified by the FSB. Receiving two certifications at the same time obviously complicates the workflow somewhat.
Harmonization and simplification of regulatory requirements would seem to have a positive impact on the industry, but not everything is so simple. From a formal point of view, the task of the state is to ensure the security of ordinary users' data. There is a federal law "On personal data", a huge mass of by-laws, and regulators impose requirements that force businesses to spend astronomical amounts on the purchase of certified means of information protection and other measures to protect personal data. At the same time, every person faces calls from unknown numbers every day offering to buy, take a survey, urgently provide albania mobile database information about the cardholder. The situation with the security of personal and other data practically does not change with the development of the legislative framework, and this is a global problem, not only Russian. Yes, of course, a number of companies neglect technical information protection, and GOSTs and regulations are designed to identify and punish them. But, in addition to technical data protection systems, the culture of working with them should also develop. And here the problem is more likely in education, the development of the skill of "digital hygiene" among ordinary users, and not in the lack of regulation.
For the future
In the current conditions, GOSTs are no obstacle to clouds and virtualization. In Russia today there are enough large and medium-sized companies working with both information security tools and cloud services. These companies are developing dynamically and are already working at a high international level.