The Department of Information and Communications Technology (DICT) assures that the risks and vulnerabilities associated with using cloud vendors to store and process data are being addressed using appropriate controls and security protocols in the adoption of the government’s Cloud First Policy.
“All data created, collected, organized, modified, retrieved, used, consolidated, sourced from, or owned by the Philippine government, including all its agencies and instrumentalities, or by any national of the Philippines or any entity that has links to the Philippines, which are in the cloud, regardless of location, shall be governed by Philippine laws, policies, rules, and regulations,” said Maria Victoria Castro, Director IV, National ICT Planning, Policy and Standards Bureau, DICT, during the 1st Philippine CTO Summit: Cloud 4.0 dubbed “Moving from Public Clouds to In-Country Clouds” held April 27 in Makati City.
This provision was outlined in DICT Department Circular No. 010, s. 2020 which introduced amendments to the country’s Cloud First Policy, as prescribed in DICT Department Circular No. 2017-002 released in 2017.
The government’s Cloud First Policy promotes the use of cloud computing solutions as a primary part of their infostructure planning and procurement. It covers all executive departments, bureaus, offices, agencies, instrumentalities of the national government including GOCCs and subsidiaries, SUCs and LGUs. Congress, judiciary, constitutional commissions and the Office of the Ombudsman are all encouraged to adopt the Cloud First Policy, said Castro.
Underscoring the importance of adopting the government’s Cloud First Policy, the DICT says provisions comply with current local and international security standards for their industry, and all relevant Philippine laws.
The Philippine government, its agencies, and instrumentalities shall retain full control and ownership over their data, the DICT Circular said. There shall be no transfer, storage, or processing of government data in cloud infrastructure unless made in accordance with the provisions of the Circular and other relevant laws, policies, rules, regulations, and issuances.
DICT is the agency in charge of providing cloud infrastructure access and support services to government agencies, according to their requirements.
“Professional cloud providers have international recognized certifications. They have very strict procedures. If you look at the track record of cloud providers, they have a good record in data collection but it’s not a magic bullet. If you put something in the cloud and you don’t secure it properly, then it’s at risk,” said Robert Jenkin, co-founder and CEO of Cloud Sigma, a cloud service provider which has been operating through its partner in the Philippines, Comfac Technology Options (CTO).
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction; aimed at reducing cost (acquisition and operation) of government ICT by eliminating duplication of hardware and systems, fragmentation of databases.
Cloud computing promotes inter-agency collaboration for greater efficiency and better citizen online services, faster deployment of services, ensures operational continuity and business recovery, and greater budget control.