Government Cloud First Policy Pushed at the 1st Philippine CTO Summit
The Department of Information and Communications Technology (DICT) ensures that the risks and vulnerabilities associated with using cloud vendors to store and process data are addressed using appropriate controls and security standards by adopting the government's Cloud First Policy.
L-R, Robert Jenkin, Co-Founder and CEO of CloudSigma; Nikolay Kossev, COO of Comfac Technology Options |
"All data created, collected, organized, modified, retrieved, used, consolidated, sourced from, or owned by the Philippine government, including all of its agencies and instrumentalities, or by any national of the Philippines or any entity that has links to the Philippines, which are in the cloud, regardless of location, shall be governed by Philippine laws, policies, rules, and regulations," said Maria Victoria Castro, Director IV, National ICT Planning, Policy, and Standards, during the 1st Philippine CTO Summit: Cloud 4.0 dubbed "Moving from Public Clouds to In-Country Clouds" held in Makati City last April 27.
This clause is described in DICT Department Circular No. 010, sec. The country's Cloud First Policy was updated in 2020, according to DICT Department Circular No. 2017-002, which was released in 2017.
The government's Cloud First Policy pushes the use of cloud computing solutions as the primary component of their information infrastructure planning and procurement. It contains the federal government's executive divisions, departments, bureaus, agencies, and instrumentalities, including GOCCs, their affiliates, SUCs, and local government units (LGUs). According to Castro, the Cloud First Policy should be embraced by the court, Congress, constitutional commissions, and the Office of the Ombudsman.
The DICT asserts that the Cloud First Policy's requirements correspond to the most recent local and worldwide security standards for their industry and all relevant Philippine legislation, emphasizing the need to execute them.
According to the DICT Circular, the Philippine government, its agencies, and its instrumentalities would retain complete ownership and control over their data. Government data may not be moved, stored, or processed on cloud infrastructure unless it follows the Circular's principles and other applicable laws, policies, rules, regulations, and issuances.
Government agencies can use cloud infrastructure and receive support from DICT based on their needs.
Professional cloud service providers have qualifications that are recognized globally. They adhere to strict protocols. When it comes to data collection, cloud service providers have a proven track record, but they are not a silver bullet. According to Robert Jenkin, co-founder, and CEO of Cloud Sigma, a cloud service provider that has been operating in the Philippines through its partner, Comfac Technology Options (CTO), putting something on the cloud without properly securing it puts it in danger.
The purpose of cloud computing is to reduce the cost (of purchase and operation) of government ICT by eliminating hardware and system duplication as well as database fragmentation. Cloud computing is a network access approach that allows for ubiquitous, easy, and on-demand network access to a shared pool of configurable computing resources (such as networks, servers, storage, applications, and services).
Cloud computing enables faster service launch, operational continuity, company recovery, and improved citizen online services. It also promotes inter-agency collaboration to improve efficiency.