Mazharul Islam
Over the last few years, technology has advanced tremendously and cloud computing is one of the most significant innovations of IT industry, e.g. block chain, artificial intelligence and edge computing etc. that provides potential opportunities for govt. and private business entities. Cloud computing has been coined as an umbrella term to describe a category of sophisticated on-demand computing services.
It denotes a model on which a computing infrastructure is viewed as a “cloud,” from which businesses and individuals access applications from anywhere in the world on demand. Cloud computing allows participants in block chain transactions to remotely record information in decentralized ledgers and subsequently access them.
In 2018, analysts predict that more than half of enterprises will have adopted cloud computing worldwide and that cloud applications will continue to radically change the way enterprises compete for customers. Most of the countries are increasingly adopting cloud-based solutions. For developing countries like Bangladesh, this technology aims to provide the clients a cost effective and convenient means to manage the huge amount of IT resources.
Though cloud technology is not established yet in Bangladesh, giant cloud service providers like AWS (Amazon Web Services), Azure, Google Cloud Services and Oracle are working actively with their partner companies in Bangladesh to spread their cloud services. Recently, Sook Hoon Cheah, the president of Microsoft South East Asia New Markets, remarks in the Microsoft Cloud Innovation Summit on ‘Transforming Bangladesh with Cloud’ held in Dhaka that “Microsoft is targeting to get huge business through its cloud solution segment in Bangladesh, especially from the private sector, as the country has been advancing digitally for the last few years”.
Sonia Bashir Kabir, former Managing Director of Microsoft Bangladesh said that, “We are seeing huge business prospects in Bangladesh as there are 16 crore people in the country and they are generating huge data”. She further added that, “As there are restrictions from the government of Bangladesh on hosting government data outside of the country, Microsoft is concentrating only on the private sector” which was reported in the Daily Star.
However, there are certain limitations that discourage an organization for adoption of cloud technology in Bangladesh.
Firstly, people do not have clear idea about this new technology.
Secondly, there is no legislation in Bangladesh that directly and specifically prohibits, restricts or governs cloud technology.
However, the Government of Bangladesh Information Security Manual (GoBISM)-2016, made by Bangladesh Computer Council, under ICT Ministry, has provided some guidelines and recommendations for government agencies to adopt cloud computing.
Though private organizations are encouraged to use this manual, it has not made such manual mandatory for all sectors to be followed. Thirdly, by nature cloud technologies operate across national boundaries and in this solution personal data needs to be hosted outside of the country which is not permitted by laws of the land. According to section 12 of the Bank Companies Act, 1991,banks cannot remove its records and documents relating to its business from its office to a place outside Bangladesh without the prior permission of the Bangladesh Bank.
It is not clear whether such restriction is applicable for hosting data in cloud service. Besides, private organizations other than banks do not fall under the ambit of such restriction. Fourthly, since Bangladesh has no comprehensive data privacy laws, personal data may be disclosed by a cloud provider in unauthorized ways.Moreover,Large-scale national and international cyber-security attacks are also common.
For adoption of cloud service, the prior condition is to have a strong data privacy regulation in the country.Around the world, many of the data protection laws are now being updated to meet new international standards, such as the European Union has adopted ‘General Data Protection Regulation (GDPR)’ in 2018 with the aim of protecting all EU citizens from privacy and data breaches in today’s data-driven world. The APEC Cross-Border Privacy Rules (CBPRs) System, developed by the 21 economies of the Asia-Pacific Economic Cooperation (APEC) forum, provides a mechanism for governments and business stakeholders to safeguard the free flow of data while protecting the privacy rights of individuals.
The Software Alliance, also known as BSA, that ranks countries’ preparedness for the adoption of cloud computing services,has released ‘the BSA Global Cloud Computing Scorecard in 2018’ putting additional emphasis on the policy areas that matter most to cloud computing, such asprivacy laws that protect data without unnecessarily restricting its movement across borders.
Most of the countries in the Scorecard have data protection frameworks in place and have established independent privacy commissioners. Unfortunately, privacy laws are still absent or insufficient in several countries. Brazil and Thailand have no comprehensive laws in place, while laws in China, India, Indonesia, and Vietnam remain very limited. Canada and Mexico score highest in the privacy section.
In order to meet the standard of the 21st century global economy and to take the advantages of the cloud service, policymakers and regulators should provide a legal and regulatory framework for adoption of cloud technology including specific guidelines for users’ data privacy without imposing unnecessary restrictions. Comprehensive cyber crime legislation as well as an up-to-date cyber-security strategy are also required. Such policy or regulation should comprise the provision of data encryption, data backup, recovery and archiving, data privacy, data portability and harmonization of international rules, establishment of necessary IT infrastructure, and risk assessment.
Restrictive policies that create actual or potential trade barriers will inhibit or slow the evolution of cloud computing. Cloud user should not use cloud services unless a comprehensive risk assessment is undertaken by the user. Cloud service provider shall ensure that all controls have been properly implemented before the user uses the cloud service and the data stored in the cloud will not be used or disclosed by a cloud provider in unauthorized ways.The success of cloud computing depends on users’ faith that their information will not be used or disclosed in unexpected ways.
Mazharul Islam is a Corporate Legal Practitioner and Legal Analyst and the writer is reached on Email: mazharkj528@gmail.com