Over the past few years, technology has advanced tremendously and cloud computing is one of the most significant innovations of information technology (IT) industry, encompassing blockchain, artificial intelligence (AI) and edge computing that provides potential opportunities for government and private business entities.
Cloud computing has been coined as an umbrella term to describe a category of sophisticated on-demand computing services. It denotes a model on which a computing infrastructure is viewed as a "cloud" from which businesses and individuals access applications from anywhere in the world on demand. Cloud computing allows participants in blockchain transactions to remotely record information in decentralised ledgers and subsequently access them.
In 2018, analysts predicted that more than half of enterprises would adopt cloud computing worldwide and that cloud applications would continue to radically change the way enterprises compete for customers. Most of the countries are increasingly adopting cloud-based solutions.
For developing countries like Bangladesh, this technology aims to provide the clients a cost-effective and convenient means to manage the huge amount of IT resources. Though cloud technology is not yet widely widely in Bangladesh, giant cloud service providers such as AWS (Amazon Web Services), Azure, Google Cloud Services and Oracle are working actively with their partner companies in Bangladesh to spread their cloud services. Sook Hoon Cheah, president of Microsoft South East Asia New Markets, observed at Microsoft Cloud Innovation Summit on 'Transforming Bangladesh with Cloud' in Dhaka recently that "Microsoft is targeting to get huge business through its cloud solution segment in Bangladesh, especially from the private sector, as the country has been advancing digitally for the last few years".
Sonia Bashir Kabir, former Managing Director of Microsoft Bangladesh, said, "We are seeing huge business prospects in Bangladesh as there are 160 million (16 crore) people in the country and they are generating huge data". As there are restrictions from the government on hosting government data outside of the country, she added, 'Microsoft is concentrating only on the private sector'.
However, there are certain limitations that discourage an organisation in adopting cloud technology in Bangladesh. Firstly, people do not have clear idea about this new technology. Secondly, there is no legislation that directly and specifically prohibits, restricts or governs cloud technology.
However, the Government of Bangladesh Information Security Manual (GoBISM)-2016, framed by Bangladesh Computer Council under the ICT Ministry, has provided some guidelines and recommendations for government agencies to adopt cloud computing. Though private organisations are encouraged to use this manual, it has not made such manual mandatory for all sectors to be followed.
Thirdly, by nature cloud technologies operate across national boundaries and in this solution personal data needs to be hosted outside of the country which is not permitted by laws of the land. According to section 12 of the Bank Companies Act, 1991, banks cannot remove its records and documents relating to its business from its office to a place outside Bangladesh without prior permission of the Bangladesh Bank. It is not clear whether such restriction is applicable for hosting data in cloud service. Besides, private organisations other than banks do not fall under the ambit of such restriction.
Fourthly, since Bangladesh has no comprehensive data privacy laws, personal data may be disclosed by a cloud provider in unauthorised ways. Moreover, large-scale national and international cyber security attacks are also common.
For adoption of cloud service, a precondition is to have a strong data privacy regulation in the country. Around the world, many of the data protection laws are now being updated to meet new international standards, such as 'General Data Protection Regulation (GDPR)' adopted by the European Union in 2018 with the aim of protecting all EU citizens from privacy and data breaches in today's data-driven world. The APEC Cross-Border Privacy Rules (CBPRs) System, developed by the 21 economies of the Asia-Pacific Economic Cooperation (APEC) forum, provides a mechanism for governments and business stakeholders to safeguard free flow of data while protecting the privacy rights of individuals.
The Software Alliance, also known as BSA, that ranks countries' preparedness for adoption of cloud computing services, has released 'the BSA Global Cloud Computing Scorecard in 2018' putting additional emphasis on the policy areas that matter most to cloud computing, such as privacy laws that protect data without unnecessarily restricting its movement across borders. Most of the countries in the Scorecard have data protection frameworks in place and have established independent privacy commissioners. Unfortunately, privacy laws are still absent or insufficient in several countries. Brazil and Thailand have no comprehensive laws in place, while laws in China, India, Indonesia, and Vietnam remain very limited. Canada and Mexico score highest in the privacy section.
In order to meet the standard of the 21st century global economy and to take advantage of the cloud service, policymakers and regulators should provide a legal and regulatory framework for adoption of cloud technology including specific guidelines for users' data privacy without imposing unnecessary restrictions. Comprehensive cybercrime legislation as well as an up-to-date cyber-security strategy is also required. Such policy or regulation should comprise the provision of data encryption, data backup, recovery and archiving, data privacy, data portability and harmonisation of international rules, establishment of necessary IT infrastructure, and risk assessment. Restrictive policies that create actual or potential trade barriers will inhibit or slow the evolution of cloud computing.
Cloud user should not use cloud services unless a comprehensive risk assessment is undertaken by the user. Cloud service provider should ensure that all controls have been properly implemented before the user uses the cloud service and the data stored in the cloud will not be used or disclosed by a cloud provider in unauthorised ways. The success of cloud computing depends on users' faith that their information will not be used or disclosed in unexpected ways.
Mazharul Islam is a corporate legal practitioner.
