Introduction

One of the mandates of the National Information Technology Development Agency (NITDA) is to issue policies for the development of the Information Communication Technology (ICT) sector in Nigeria.1 The ICT sector has since grown in its relevance to the Nigerian economy as the National Bureau of Statistics recently reported that the ICT industry had contributed 13.85 percent to the Gross Domestic Product of Nigeria in the second quarter of 2019.2

The Federal Government of Nigeria introduced the Economic Recovery and Growth Plan (EGRP) in 2017 with the objective to build a globally competitive economy. One of the ways this may be achieved is by increasing the contribution from ICT and ICT-enabled activities to the Gross Domestic Product3.

In August, 2019, NITDA built on the EGRP objectives by issuing the Nigeria Cloud Computing Policy (NCCP) with the goal of ensuring 30% increase in adoption of cloud computing by 2024 among Federal Public Institutions (FPI) and Small Medium and Enterprises4 (SMEs) that provide digital enabled services to the government; and 35% growth in cloud computing investment.5 NITDA's drive is to address the challenges in digitalisation of FPI processes and to ease the business environment for local Cloud Service Providers (CSP).6 Some of the challenges identified have been the cost of ICT investments, inefficient and un-scalable ICT environment and poor interoperability of ICT systems.7

Objectives of Cloud Computing Policy

In the simplest terms, cloud computing means storing and accessing data and programs over the Internet instead of a computer's hard drive. The cloud can therefore be considered as a metaphor for the Internet8.

Cloud computing is expected to reduce the initial cost of ICT infrastructure and the cost associated with obtaining ICT infrastructure; reduce the downtime in public service delivery; enable open access to government information and data anytime and anywhere for both citizens and businesses; and increase engagement and participation as well as foster trust. It allows for new features to be continuously deployed while the costs are amortised across a global service customer base9.

Protective Measures10

To address possible issues that may arise with cloud computing services, NITDA will work together with government entities to find ways to strike the proper balance between local content requirements, privacy, security and intellectual property of national data; and will develop a cloud computing code of conduct. In cross border transfer of data, NITDA will provide guidance to FPIs to determine which jurisdictions their data may transit or be stored in.

Many CSPs have advanced security features assuring that data in the cloud can be at kept as, or even more secure than data in traditional on-premises solutions. CSPs will be required to be compliant with cloud security certification11 and FPIs contracts must avoid vendor lock-in.12

Data Classification and Information Security13

In migrating data of FPIs to the cloud, NITDA has recommended the classification of data into limited sensitivity,14 moderate sensitivity,15 sensitive data,16 and classified or national information.

Data with moderate sensitivity were recommended to be securely held in public cloud environment if appropriate safeguards are in place. These type of data and those of limited sensitivity will have standard security. Sensitive data are to have enhanced security controls and classified or national information are to have custom, hardened on-premises systems. The various types of data, except for those with limited sensitivity, were recommended to be stored in Nigeria.17

To protect consumers, NITDA will work on a framework for the execution of contracts between FPIs and the CSPs.

Conclusion

The NCCP provides a migration framework for the public sector to utilise cloud services. The advantages of the cloud computing have been spelt out in the NCCP and a number of the challenges with the adoption of cloud computing have been addressed, such as the privacy concerns, vendor lock-in, and security challenges. The adoption of the NCCP is a welcome development and should be met with adequate security measures for the protection of governmental information.

Footnotes

1 It is composed of four activities of Telecommunications and Information Services; Publishing; Motion Picture, Sound Recording and Music Production; and Broadcasting.

2 National Bureau of Statistics, Nigerian Gross Domestic Product Report, Q2 2019 https://nigerianstat.gov.ng/elibrary?queriessearch=GDP accessed on 7th November, 2019

3 Economic Recovery and Growth Plan 2017-2020 published by the Ministry of Budget and National Planning in February 2017

4 It refers to enterprises which have an annual turnover not exceeding Five Hundred Thousand Naira

5 Section 4.0 of the NCCP

6 Section 1.2 of the NCCP

7 Section 1.2 of the NCCP

8 What is Cloud Computing?, Eric Grifith - https://www.pcmag.com/article/256563/what-is-cloud-computing accessed on 7th November 2019

9 Section 5.2 of the NCCP

10 Section 8.0 of the NCCP

11 Section 16.0 of the NCCP

12 Clause 18.0 of the NCCP

13 Section 9.0 and 10.0 of the NCCP

14 Official, public or non-confidential data

15 Confidential, routine government business data

16 Including citizen data

17 Section 10.0 of the NCCP

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.