Asia's Source for Enterprise Network Knowledge

Saturday, May 27th, 2017

Security

Balancing Digitization and National Security ‐ “Growth pains” galore

Earlier this month, I was invited to moderate a panel discussion in Jakarta on the Indonesian Government’s Regulation no. 82 (GR82), announced in October 2012. The panel was organized by Asia Cloud Computing Association (ACCA), the apex industry trade association that represents stakeholders of the cloud computing ecosystem in Asia Pacific. The panel and its topic was particularly interesting to me given the ring side view of the evolution of ‘data currency’ I have been lucky to witness as the Chairman of the Asia Analytics Alliance, a special interest group of the ACCA. GR82 is Indonesia’s draft regulation concerning electronic information and transactions. GR82 has caused concern among industry players, as it states all data centers used by public services and business disaster recovery operations are to be located in Indonesia for reasons of law enforcement, protection and national sovereignty.

The relevance of this topic to both the economic and national security vectors of Indonesia was evident from the quality of the crowd this discussion could amass. The audience represented segments across the board from banking, trade associations, the Unites States Embassy, ministries, Deloitte, telecom players etc. The panellists too were from a broad spectrum including some of the most erudite industry associations in Indonesia. These included Pak Heru Sutadi, Executive Director, Indonesia Information and Communication Technology Institute, Pak Ardi Sutedja, Chairman and Founder, Indonesia Cyber Security Forum & Board Secretary, Professions & Associations Board MASTEL, PakSatria Gunayoman, Chairman, SG & CO Allround Consulting Solution & Senior Representative, Indonesian Computer Association, Pak Rommy Bastian Hutauruk, Data Center Business Senior Manager, PT Aplikanusa Lintasarta and Pak Teguh, Deputy CEO, PT. Alita Praya Mitra.

GR82 as a regulation and its timing is too critical a topic to ignore. Indonesia’s role in this Asian century can never be over‐estimated. Interestingly the role digital plays in providing a solid backbone to the emerging economies like Indonesia as well as its ability to accelerate economies is substantial. Indonesia has been one of the economies where digital as a theme has been catching up fast. Given this context the impact GR82 can have in deterring the economic acceleration riding on the digital evolution is a concern worth pondering. The ambiguity surrounding the regulation further deepens these concerns. For example, this policy requires data center placement within Indonesian borders applies to anyone who runs an electronic system and has transaction activities in Indonesia, whether they are new or existing. The definition of “public services” is very ambiguous. The procedural aspects of how this regulation will be enforced is also ambiguous. Ambiguity, goes without saying, provides short term business opportunities for a few consultants but results in a deceleration of ‘business speed’.

The members of the panel had some very interesting perspectives around this topic.

Pak. Heru touched upon a very interesting precedent where lack of access to data stored on Blackberry servers for a home‐land investigation created a ‘directional’ thinking towards local data access for public services. The ambiguity in what is termed as ‘public services’ was also brought to light by Pak Heru.

Pak Rommy was particularly upbeat about the potential data center businesses that could be up for the grabs. However, his observation was that this business potential is still theoretical and yet to be translated into real demand. The reason he believed was the skepticism surrounding the regulation and the tendency to wait for clarity coupled with some hope of retraction, at least partially.

Pak Teguh’s perspectives were quite grounded from the perspective of the role internet and digitization has for the common man. He pointed out that more than 90% of Indonesians are aware that they are distributing personal data and majority (98%) of them need to be protected from the misuse of that data. This essentially points to the belief of the common man that the government should take care of the necessary legislations. He also emphasized on the need for clear data classification and the clarity in the payment terms of ISPs in the scheme of cross border data transfer and connectivity, along with the preparation of upcoming customer privacy act.

Interestingly there is a positive impact to this legislation from the perspective of cyber‐security. Security is more of a culture than a ‘procedure’. The panel uncovered some of the cultural and social practices in Indonesia which are not ‘privacy’ and ‘security’ savvy. From this perspective, a regulation like this is a ‘starting point’ given the rise in cyber security issues. One other interesting perspective that was uncovered is the need for a closer scrutiny and classification of data that needs to be a part of (and outside) this framework. A generic framework may not achieve its purpose whilst also adding a larger layer of rigmarole which is detrimental to the larger economic interest.

While the economic considerations, pitfalls and potential issues galore around GR82, it is also not to be forgotten that the economy exists for a nation’s people, their livelihood and development. The security of a nation and its people are more important than any economic interests. The benefit of a regulation like this is in its ability to enhance national security and investigations, a lesson countries including Indonesia have learned the hard way, thanks to ‘Blackberry server access’ like issues of the past. Teething ‘growth pains’ of balancing the acceleration of the digital economy with the fundamental needs of a nation. Interesting times...   About the Author ARUN SUNDAR Chairman, Asia Analytics Alliance (a Special Interest Group of the Asia Cloud Computing Association) Chief Strategy Officer, TrustSphere Arun Sundar is one of the eminent thinkers in the technology space globally. Arun has built, led and advised technology businesses across the globe. Arun is one of the key management team members who pioneered and established the category of ‘Relationship Analytics’ as part of the current venture TrustSphere where he is their Chief Strategy Officer. Arun is the Chairman of Asia Analytics Alliance, a special interest group of Asia Cloud Computing Association. Among many initiatives as part of this alliance, Arun lead the oft‐referred and first of its kind study in APAC on the supply and demand gap for big data analytics in Asia Pacific. Arun is also the founder of Social Capital Institute which is a not‐for‐profit movement built with the mission of evangelizing the concept of ‘Social Capital’ and ‘KarmaSocial Capital’. A side to a regular speaker, writer, and opinion leader in APAC, US and Middle East, Arun is also a respected thinker in the business philosophy space as the founder of Social Capital Institute, TEDx speaker etc. Contact Details: analyticsalliance@asiacloudcomputing.org