IT ministry starts registering cloud service providers to ensure data security
Why this matters: local context for readers following news across Pakistan and the region.
ISLAMABAD: The Ministry of Information Technology and Telecommunication (Mo ITT) has started registering cloud service providers (CSPs) to ensure that services meet required standards and safeguard national and public data security. The government had announced strict accreditation criteria for CSPs under the Pakistan Cloud First Policy (PCFP). So far, six applications have been received by the ministry for accreditation. IT Minister Shaza Fatima told Dawn that strict security criteria and quality standards have been set for CSPs, and that they must pass a rigorous security check and an audit by a third-party auditor registered with the Pakistan Computer Emergency Response Team (PKCERT) to ensure that the data of Pakistanis and government data remain secure from hackers. “For the first time, the policy ensures that Pakistan’s sensitive data is stored on servers physically located within the country, which will help keep national data under Pakistan’s legal control,” she said. “Under the PCFP, all public sector entities (PSEs), including federal and provincial departments, are required to use cloud services for any new IT project instead of building their own separate, expensive data centres,” she added. Shaza said the transition had begun, and that the provinces had already approved their own versions of the policy to align with the federal government. “For the proper management of the federal and provincial cloud policy model, the MOIT has established a ‘Cloud Office’ to facilitate the adoption of cloud across the public sector and accreditation of CSPs, while specialised ‘Cloud Acquisition Offices’ will be established in each province to help departments buy the services they need safely and quickly,” the minister informed. Meanwhile, a senior MOIT official said that accreditation of cloud service providers (CSPs) was essential to ensure they meet required standards, as clients — both government departments and the private sector — are not fully aware of the safety