Balancing digitisation and national security – growth pains galore

image of screen with mouse pointer

Balancing digitisation and national security – growth pains galore

arun sandharGuest blog: Arun Sundar, Chairman, Asia Analytics Alliance (a Special Interest Group of the Asia Cloud Computing Association) Chief Strategy Officer, TrustSphere.

Arun Sundar is one of the eminent thinkers in the global technology space, having built, led and advised technology businesses across the world. He is the Chairman of Asia Analytics Alliance, a special interest group of Asia Cloud Computing Association.

Among many initiatives as part of this alliance, Arun lead the oft‐referred and first-of-its kind study in APAC on the supply and demand gap for big data analytics in Asia Pacific. Arun is also the founder of Social Capital Institute which is a not‐for‐profit movement built with the mission of evangelising the concept of ‘Social Capital’ and ‘KarmaSocial Capital’.

As well as being a regular speaker, writer, and opinion leader in APAC, US and Middle East, Arun is also a respected thinker in the business philosophy space, as the founder of Social Capital Institute, and as a TEDx speaker.


Earlier this month, I was invited to moderate a panel discussion in Jakarta on the Indonesian Government’s Regulation no. 82 (GR82), announced in October 2012.

GR82 is Indonesia’s draft regulation concerning electronic information and transactions. GR82 has caused concern among industry players, as it states all data centres used by public services and business disaster recovery operations are to be located in Indonesia for reasons of law enforcement, protection and national sovereignty.

The panel was organised by Asia Cloud Computing Association (ACCA), the apex industry trade association that represents stakeholders of the cloud computing ecosystem in Asia Pacific. The panel and its topic was particularly interesting to me, given the ringside view of the evolution of ‘data currency’ I have been lucky to witness as the Chairman of the Asia Analytics Alliance.

The relevance of this topic to both the economic and national security vectors of Indonesia was evident from the quality of the attendees. The audience represented segments across the board – including banking, trade associations, the United States Embassy, ministries, Deloitte, and telecom players.

Why GR82 matters now

The panellists too were from a broad spectrum including some of the most erudite industry associations in Indonesia. These included Pak Heru Sutadi, Executive Director, Indonesia Information and Communication Technology Institute; Pak Ardi Sutedja, Chairman and Founder, Indonesia Cyber Security Forum & Board Secretary, Professions & Associations Board MASTEL; Pak Satria Gunayoman, Chairman, SG & CO Allround Consulting Solution & Senior Representative, Indonesian Computer Association; Pak Rommy Bastian Hutauruk, Data Centre Business Senior Manager, PT Aplikanusa Lintasarta; and Pak Teguh, Deputy CEO, PT. Alita Praya Mitra.

GR82 as a regulation and its timing is too critical a topic to ignore. Indonesia has been one of the economies where digital as a theme has been catching up fast. Therefore, the impact GR82 can have in deterring the economic acceleration riding on the digital evolution is worth pondering. The ambiguity surrounding the regulation further deepens these concerns.

For example, the policy requiring data centre placement within Indonesian borders applies to anyone who runs an electronic system and has transaction activities in Indonesia. What’s more, the definition of “public services” is very ambiguous. The procedural aspects of how this regulation will be enforced is also ambiguous. Ambiguity, it goes without saying, provides short-term business opportunities for a few consultants but results in a slowdown of ‘business speed’.

Views from the experts

The members of the panel had some very interesting perspectives around this topic.

Pak. Heru touched upon a very interesting precedent. Lack of access to data stored on Blackberry servers for a home‐land investigation created a ‘directional’ thinking towards local data access for public services. The ambiguity in what is termed as ‘public services’ was also brought to light by Pak Heru. Pak Rommy was particularly upbeat about the potential data centre businesses that could be up for grabs. However, his observation was that this business potential is still theoretical and yet to be translated into real demand. The reason he believed was the scepticism surrounding the regulation and the tendency to wait for clarity coupled with some hope of retraction, at least partially.

Pak Teguh’s perspectives were quite grounded from the perspective of the role internet and digitisation has for the common man. He pointed out that more than 90% of Indonesians are aware that they are distributing personal data and majority (98%) of them need to be protected from the misuse of that data.

This points to the belief of the common man that the government should take care of necessary legislation. He also emphasised the need for clear data classification and payment terms of ISPs. This relates to cross-border data transfer and connectivity, along with the preparation of upcoming customer privacy act.

Security is more of a culture than a ‘procedure’

There is a positive impact on this legislation, around cyber‐security. The panel uncovered some of the cultural and social practices in Indonesia which are not ‘privacy’ and ‘security’ savvy. From this perspective, a regulation like this is a ‘starting point’ given the rise in cyber security issues.

Another interesting discovery was the need for closer scrutiny and classification of data that needs to be a part of (and outside) this framework. A generic framework may not achieve its purpose, and also add a layer of rigmarole which is detrimental to the economic interest.

Of course, there are economic considerations, pitfalls and potential issues galore around GR82. However, it should also be noted that the economy exists for a nation’s people, their livelihood and development. The security of a nation and its people are more important than any economic interests.

The benefit of a regulation like this is clear. Namely, its ability to enhance national security and investigations. This is a lesson countries including Indonesia have learnt the hard way, thanks to ‘Blackberry server access’ issues of the past. Teething ‘growing pains’ of balancing the acceleration of the digital economy with the fundamental needs of a nation. Interesting times…