The Philippines’ Department of Information and Communications Technology (DICT) affirms that it is actively addressing the risks and vulnerabilities linked to the utilization of cloud vendors for data storage and processing. This commitment is carried out through the implementation of suitable controls and security protocols as part of the government’s Cloud First Policy adoption.
According to Maria Victoria Castro, Head of Cybersecurity Bureau, Department of Information and Communications Technology (DICT), all data created, collected, organized, modified, retrieved, used, consolidated, sourced from, or owned by the Philippine government, including all its agencies and instrumentalities, or by any national of the Philippines or any entity that has links to the Philippines, which are in the cloud, regardless of location, shall be governed by Philippine laws, policies, rules, and regulations.
The aforementioned provision was specified in DICT Department Circular No. 010, issued in 2020, which introduced modifications to the Cloud First Policy of the country as initially prescribed in DICT Department Circular No. 2017-002 released in 2017.
Castro said that the Cloud First Policy of the government advocates for prioritizing the integration of cloud computing solutions in infrastructure planning and procurement. This policy extends its coverage to encompass executive departments, bureaus, offices, agencies, instrumentalities of the national government (including government-owned and controlled corporations [GOCCs] and subsidiaries, state universities and colleges [SUCs], and local government units [LGUs]). Additionally, Congress, the judiciary, constitutional commissions, and the Office of the Ombudsman are encouraged to adopt the Cloud First Policy.
Emphasizing the significance of adopting the Cloud First Policy, the DICT assures that the policy’s provisions comply with current local and international security standards within the industry and adhere to relevant Philippine laws.
The DICT Circular explicitly states that the Philippine government, its agencies, and instrumentalities shall maintain complete control and ownership over their data. No transfer, storage, or processing of government data in cloud infrastructure is permitted unless it is carried out in accordance with the Circular and other applicable laws, policies, rules, regulations, and issuances.
Furthermore, Castro previously stated that the Philippines also needs to adopt cloud technology to be able to deliver quality services to Filipinos and to achieve better governance.
In January, the Philippines and China signed a memorandum of understanding with the aim of fostering cooperation on digital projects involving AI, 5G, big data, IoT, and cloud computing. In accordance with the MoU, the countries will share information and best practices in digital government strategy and digital government services.