study on cloud computing on asean - mdesmdes.go.th/assets/portals/14/files/590621 study on cloud...
TRANSCRIPT
P a g e | i
STUDY ON CLOUD COMPUTING ON ASEAN
FOR ICT FRAMEWORK AND POLICY RECOMMENDATIONS INITIATIVE
Electronic Government Agency (Public Organization) (EGA)
P a g e | ii
Final Report
“Study on Cloud Computing on ASEAN for ICT Framework and Policy Recommendations Initiative”
1. Contents i-iii Executive Summary ........................................................................................................................... 1
1. Introduction .............................................................................................................................. 3
1.1. Main Research Questions ................................................................................................... 3
1.2. Research Methodology ...................................................................................................... 4
1.2.1. Cloud Computing Definition........................................................................................ 4
1.2.2. Cloud Computing Enabled Environments: Perspective and Readiness ......................... 6
1.2.3. Perspective on Cloud Adoption ................................................................................. 10
2. Standard Models of Cloud Computing and Initiatives ............................................................... 11
2.1. Standard Cloud Computing Reference Framework ........................................................... 12
2.2. Major Vendors’ Cloud Computing Reference Architecture ................................................ 16
2.3. Government Cloud Initiatives ........................................................................................... 24
3. Recommendations Trusted ASEAN Cloud Framework .............................................................. 30
4. Cloud Computing in ASEAN: A Policy Perspective and Initiative Study ...................................... 33
4.1. Cloud Computing Global Trend......................................................................................... 33
4.2. ASEAN Cloud Computing Readiness: ................................................................................. 35
4.3. ASEAN ICT Benchmarking: ................................................................................................ 39
4.4. Comparative Analysis of Cloud Computing in ASEAN ........................................................ 44
4.5. Comparative Analysis of Cloud Computing Policy and Legal Infrastructure ....................... 47
5. Cloud Computing Country Profile: ............................................................................................ 57
5.1. Brunei .............................................................................................................................. 57
5.2. Indonesia ......................................................................................................................... 61
5.3. Malaysia........................................................................................................................... 65
5.4. Philippines ....................................................................................................................... 70
5.5. Singapore ......................................................................................................................... 73
5.6. Thailand ........................................................................................................................... 78
5.7. Vietnam ........................................................................................................................... 83
6. Conclusions and Policy Recommendations ............................................................................... 87
7. Appendix ................................................................................................................................. 89
8. References ............................................................................................................................... 97
P a g e | iii Figure 1 Methodology for Cloud Computing ....................................................................................................... 4 Figure 2 NIST Cloud Architecture Reference Model [1] .......................................................................................... 12 Figure 3 Cloud Actors defined in NIST Model [2] ................................................................................................. 12 Figure 4 Generalized Reference Framework [4]................................................................................................... 13 Figure 5 Cloud Computing Reference Framework [3] ............................................................................................ 13 Figure 6 Overview of Cloud Services at Each Level [2] .......................................................................................... 14 Figure 7 Essential Activities of a Cloud Provider [2] .............................................................................................. 14 Figure 8 NIST Cloud Computing Reference Architecture [1] ..................................................................................... 15 Figure 9 DMTF Cloud Service Reference Architecture [4] ........................................................................................ 15 Figure 10 Cloud Security Alliance Reference Model [5] ......................................................................................... 16 Figure 11IBM Cloud Computing Reference Architecture [7] ..................................................................................... 17 Figure 12 Cisco Cloud Reference Architecture Framework [8] .................................................................................. 18 Figure 13 Cisco Cloud Reference Architecture Framework in Detail [8] ........................................................................ 18 Figure 14 Oracle Cloud Conceptual View [9] ..................................................................................................... 19 Figure 15 Oracle Cloud Logical View [9] .......................................................................................................... 20 Figure 16 VMware vCloud Architecture [10] ...................................................................................................... 21 Figure 17 VMware vCloud Suite 5.5 Architecture [10] ............................................................................................ 21 Figure 18 AWS Cloud Architecture [11] ............................................................................................................ 22 Figure 19: AWS Cloud Architecture as Layers [12] ............................................................................................... 22 Figure 20 Microsoft Azure Cloud Platform [13] .................................................................................................. 23 Figure 21 Functional Layers of Microsoft Azure Cloud Platform [13] ........................................................................... 23 Figure 22 Detailed Layers of Microsoft Azure Cloud Platform [13] ............................................................................. 24 Figure 23 Government Cloud Computing Framework [15] ...................................................................................... 25 Figure 24 UK G-Cloud Online Store called "CloudStore" [19] ................................................................................... 26 Figure 25 Singapore Government Cloud Platform [20]........................................................................................... 27 Figure 26 Thailand EGA Cloud Platform [21] ...................................................................................................... 28 Figure 27 Thailand EGA Cloud Architecture [21] .................................................................................................. 28 Figure 28 Thailand EGA Cloud Framework ........................................................................................................ 29 Figure 29 Proposed Trusted ASEAN Cloud Framework .......................................................................................... 30 Figure 30 Proposed Thailand Cloud Security Framework ........................................................................................ 30 Figure 31 Common Consensus Requirements .................................................................................................... 31 Figure 32 Best Practices............................................................................................................................. 32 Figure 33 : ICT Development in Brunei (2013) Source: ITU (2013) .............................................................................. 58 Figure 34 Brunei Internet Subscribers Source: Brunei Information Technology Council, 2014 ............................................... 59 Figure 35 Brunei Internet Subscribers Penetration Source: Brunei Information Technology Council, 2014 ................................. 59 Figure 36 ICT Development in Indonesia (2013) Source: ITU 2013. ............................................................................. 61 Figure 37 Internet Users in Indonesia (1998-2014) Remarks: the 2014 figure is estimated. Source: APJII .................................... 62 Figure 38 Indonesian Cloud Computing Market Growth Forecast (2010-2014) Source: Frost and Sullivan .................................. 63 Figure 39: Indonesian Cloud Computing Market Share Source: Frost & Sullivan ........................................................... 64 Figure 40 Indonesian Cloud Computing Deployment Model Adoption Source: Frost & Sullivan ............................................ 64 Figure 41 ICT Development in Malaysia (2013) Source: ITU (2013) ............................................................................. 66 Figure 42 Malaysian Internet Users (per 100 people) 2010-2014 Source: World Development Indicator, World Bank Database ......... 67 Figure 43 Malaysia Cloud Computing Market Size, 2010Source: Frost & Sullivan (2011)...................................................... 68 Figure 44 Malaysia IaaS Market Forecast, 2010-2014Source: Frost & Sullivan (2011) .......................................................... 68 Figure 45 Adoption of Cloud Computing in Malaysia by Delivery Model Source: Frost & Sullivan (2011) .................................. 69
P a g e | iv Figure 46 ICT Development in Philippines (2013) Source: ITU (2013). .......................................................................... 71 Figure 47: Internet Statistic in Philippines (2007-2014) Source: Internet Live Stats [43] ....................................................... 71 Figure 48 ICT Development in Singapore (2013) Source: ITU (2013) ............................................................................ 74 Figure 49 Household Access to Internet, 2004-2014Source: IDA, 2014[48]. .................................................................... 74 Figure 50 Household Access to Broadband, 2004-2014Source: IDA, 2014[49].................................................................. 75 Figure 51 Business Usage of Internet 2012-2014 Source: IDA, 2012............................................................................. 75 Figure 52 Intended Use of Public and Private Cloud Services in Singapore, 2010-2013Source: IDC, 2010 .................................. 77 Figure 53 ICT Development in Thailand (2013) Source: ITU (2013) ............................................................................. 78 Figure 54 Broadband Penetration per Household in Thailand (2003-2015) [52] ............................................................... 79 Figure 55 ICT Development in Vietnam (2013) Source: ITU (2013) ............................................................................. 84 Figure 56: Internet Users in Vietnam (2009-2013) Source: Vietnam White Book 2014 ..................................................... 84 Figure 57Cloud Computing Usage Source: PasserellesNumériques Vietnam ................................................................. 86
P a g e | 1
Executive Summary
Cloud Computing has sparked the interest of ICT users, individuals, businesses as well as government agencies. For large corporations as well as governments, it gives a way to derive the greatest benefits from services and applications available online via the web in the service-on-demand mode with per-usage billing. In this respect, Cloud computing offers a new economic model which supports new investment modes as well as the operations of IT resources. It would help lower technology costs and speed up the time to market advantages. Thus, at the national level, the potential socio-economic impact of Cloud Computing would be very huge since it potentially creates high-paying jobs and drive the economic growth both directly and indirectly, especially in the advent of digital economy.
The top tier developed countries have now accounted for most of the supply and consumption of cloud computing services, and they have been at the forefront of international policymaking on the essential issue such as cross-border data flows. However, as the usage of ICT has been very common among people in developing countries including ASEAN, we are eager to catch up and expand their role as suppliers and consumers of cloud computing services as well. Thus, ASEAN recognizes the importance of Cloud Computing and initiate this project with the objectives to understand the current status of Cloud Computing technology and the requirements from Policy and ICT Framework viewpoints of each member state government and major business sectors, to study best practices and frameworks for Cloud Computing deployment and development, to bridge the different viewpoints of each member state, and to initiate a starting point to develop Policy Recommendations and ICT Framework on Cloud Computing development in ASEAN.
We have studied the standard model of the cloud computing framework originally provided by US NIST (National Institute of Science and Technology). We also surveyed several frameworks proposed by major cloud vendors including IBM, Cisco, Oracle, VMware, Microsoft and Amazon. Furthermore, many governments such as USA, UK and Europe have initiated the Cloud First policy to promote and support application development on clouds for government services. The European Commission also proposed the Trusted Cloud Europe Framework with the goal to stimulate the European single cloud market, and to put the position of digital leadership in cloud computing. For security concerns for clouds, the Cloud Security Alliance (CSA) has provided several security guidelines and currently gathers strong community groups to drive the deployment of cloud security standards. In addition, ENISA (European Union Agency for Network and Information Security) has recently announced the security framework for government clouds, and at least four European countries have adopted the Cloud First policy and already are in the execution stage.
P a g e | 2
As for the current status on cloud computing adoption and supporting environment for cloud computing development, followings can be concluded. Firstly, a solid physical and legal infrastructure is a necessity. A strive for a complete universal broadband service is fundamental for cloud computing provision and deployment. As for legal infrastructure, there are numerous issues demanding attention, particularly data protection; IPR and cyber-crime acts. There is also an on-going policy debate on such subjects as localization rules in each country. In addition, there is a need to identify specific rules and regulations for data security on cloud infrastructure in data sensitive sectors, such as finance and healthcare.
Secondly, cloud demand does not necessarily means opportunity for cloud domestic suppliers. Since cloud computing provision relies heavily on economies of scale, small providers tend to find it challenging to compete in the market. It is therefore important for each country to find and devote necessary resources and attention to strengthen its niche, namely its vertical sector. The government will need to promote and support local service providers in order for them to become more competitive in the market.
Thirdly, government intervention to create demand for cloud computing should be considered. Therefore, ASEAN may promote its cloud industry by using government cloud as an exemplar for cloud service provision in order to generate awareness and boost adoption among potential users in the private sector. Besides, ASEAN countries can learn from the best practice from developing countries or even Singapore in order how to encourage cloud adoption throughout the promotion scheme to boost both service demands and supplies of cloud computing.
Lastly, for long term development, ASEAN government needs to promote cloud computing research and development to effectively respond to issues concerning cloud computing deployment and service models. Moreover, a long-term human resource plan is needed to ensure that there will be sufficient suppliers of specialists in cloud computing development in the coming future.
P a g e | 3 1. Introduction
At present, cloud computing has gained lots of attentions from end users to business people. It has sparked the interest of ICT users, individuals, business sectors as well as government agencies. For large corporations, it gives an essential way to derive the greatest benefit from services and applications available online via the web in the service-on-demand mode with per-usage billing. In this respect, cloud computing has offered a new economic model for several domains on which ICT has influenced as it supports new modes of investment, and a new efficient way for the operation of IT resources. This helps lower technology costs as well as create market advantages.
At the national level, the potential socio-economic impact of cloud computing is huge. Cloud computing can also potentially create high-paying jobs and drive economic growth— both directly, through the success of firms providing IT services, and indirectly, via the “spillover” benefits to other industries of increased access to advanced technology. However, developed countries account for most of the supply and consumption of cloud computing services, and have been at the forefront of international policymaking on the issue such as cross-border data flows. Meanwhile, developing countries are eager to catch up and expand their role as suppliers and consumers of cloud computing services.
ASEAN recognizes the importance of cloud computing and initiates this project with the following objectives:
1. To understand the current status of cloud computing technology and the requirements from Policy and ICT Framework viewpoints of each member state government and major business sectors
2. To study best practices and frameworks for cloud computing deployment and development and to bridge different viewpoints of each member state
3. To initiate a starting point to develop Policy Recommendations and ICT Framework on Cloud Computing development in ASEAN
1.1. Main Research Questions
Based on the objectives, the study aims to address the following questions:
1. What are the standard models of cloud computing?
2. How do countries initiate their cloud computing?
3. What is the extent and characteristics of cloud computing adoption in ASEAN?
4. What are main factors influencing cloud adoption in ASEAN?
P a g e | 4
5. What is the readiness of each country in relation to the aforementioned factors?
6. What are the desired policies, legislations and regulations to promote cloud adoption in this region?
7. What are the potential collaborations among ASEAN?
1.2. Research Methodology
Figure 1 Methodology for Cloud Computing
1.2.1. Cloud Computing Definition1
The most commonly accepted definition of Cloud Computing was developed by the National Institute for Standards and Technology (NIST) from USA. NIST defines Cloud Computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”. Cloud Computing can be categorized by three different dimensions, including the essential characteristics of Cloud Computing, Cloud Computing service models and Cloud Computing deployment models.
1Source: http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
P a g e | 5
1) Essential Characteristics of Cloud Computing including
On-demand Self-service: A consumer can unilaterally provision computing capabilities, such as computing time, network bandwidth, and storage services, as needed automatically without any human interaction.
Broad Network Access: Cloud capabilities are made available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).
Resource Pooling: The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.
Rapid Elasticity: To providers, capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To consumers, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
Measured Service: Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of services. This implies that this type of service is charged per usage metrics or pay-per-use.
2) Cloud Computing Service Models, which consist of three following models
Infrastructure as a service (IaaS): The capability provided to consumers includes provision of processing, storage, networks, and other fundamental computing resources where consumers can deploy and run arbitrary software on the cloud infrastructure. Consumers, however, do not manage or control the underlying cloud infrastructure.
Platform as a Service (PaaS): The capability provided to consumers includes deployment of consumer-created or acquired applications designed using programming, database, and other services supported by service providers on the cloud infrastructure for consumers to use, without having to manage or control the underlying cloud infrastructure, including networks, servers, operating systems, or storage themselves.
Software as a Service (SaaS): The capability provided to consumers includes usage of provider applications running on a cloud infrastructure. The applications made available can be accessible from various client devices. Consumers do not manage or control the underlying cloud
P a g e | 6
infrastructure including network, servers, operating systems, storage or even individual application capabilities.
3) Cloud Computing Deployment Models
Private Cloud: An exclusive use of the cloud infrastructure is provisioned to a single organization (which may, however, comprise multiple users), primarily business units. The infrastructure may be managed and operated by the organization, a third-party service provider.
Community Cloud: An exclusive use of the cloud infrastructure is provisioned to a specific community of various entities with common goals, objectives or needs (e.g., businesses, academic institutes, or government agencies).
Public Cloud: An open use of the cloud infrastructure is provisioned to the general public. The infrastructure may be owned, managed, and operated by a business entity, academic institutes or government agencies.
Hybrid Cloud: This is a combination of two or more distinct cloud infrastructures (private, community, or public). These infrastructures remain unique while bound together by standardized or proprietary technology that allows for data and application portability.
1.2.2. Cloud Computing Enabled Environments: Perspective and Readiness
At organizational level, the decision to adopt Cloud Computing is predicated on a number of factors including cost, availability, data security, benefits, and availability of services, infrastructure, and various regulations. Nationally, a variety of factors determine whether a country has a propitious environment for supply and consumption of cloud computing services. Asia Cloud Computing Association (ACCA) and Business Software Alliance (BSA) are the two principal organizations studying and benchmarking these factors as they provide annual national cloud computing readiness. The reports steer us to factors considered most important to cloud development and adoption. They also highlight the situations regarding cloud computing in each country.
1) Asia Cloud Computing Association (ACCA)
ACCA Cloud Readiness Index (CRI) consists of ten parameters as follows:
Data Privacy: ACCA employs data from the Business Software Alliance’s Cloud Computing Scorecard for a snapshot of the status of privacy laws and regulations, and cross-references it with APEC data on those signatories to the Cross-Border Privacy Enforcement Arrangement (CPEA). ACCA also
P a g e | 7
adds two attributes: first, the requirements for the local registration of data controllers and second, the extra territoriality of national data protection laws.
International Connectivity: This parameter focuses on international bandwidth through submarine optical fiber cable systems especially the capacity of intra-Asia cables and hence this metric, drawn from the data set of ITU/UNESCO State of Broadband. The connectivity is divided into 2 parts: one for submarine cables that are operating only within Asia (intra-Asia) and those that are operating outside (e.g. Asia- USA, Asia-Europe, Asia-Africa-Europe) whereas the combined scores were divided by the population of each country. Moreover, in developing country index for this parameter, ACCA focuses on each country’s international submarine fiber systems and measured the impact of public sector efforts and private investments to streamline international connectivity by both landing of new cable systems and capacity upgrade activities for both operators and end-users.
Data Sovereignty: The data is drawn from an extensive study of ACCA on laws and government policies related to data sovereignty that may affect the adoption of cloud computing. The study takes a qualitative approach, ranking each of the countries by five criteria: 1) regulations that support cloud access; 2) data safety regulations; 3) data host regulations; 4) cross border movement; 5) regulatory stability and enforcement.
Broadband Quality: Scores were derived by combining the average peak broadband speed with the percentage of connections over 4 Mbps, using the published data. Broadband quality consider both of fixed broadband (at least 100 Mbps) and mobile broadband in terms of universal service and commercial service.
Government Regulatory Environment and Usage: Two data points from the Network Readiness Index in the World Economic Forum’s Global Information Technology Report are employed as proxy. The first factor is the political and regulatory environment pillar (one of two in the environment sub-index), which assesses the extent to which the national legal framework facilitates ICT penetration and the safe development of business activities. The second is the government usage pillar (the third of three pillars making up the usage sub-index), which evaluates governments’ implementation of ICT policies to enhance competitiveness and the well-being of citizens, the efforts they make to implement their visions for ICT development, and the number of government services they provide online.
P a g e | 8
Power Grid and Green Policy: This parameter measures how power supplies can be sustained in the long run. Scores are derived from the World Economic Forum’s Global Energy Architecture Performance Index Report. However, for some countries (e.g. Hong Kong and Taiwan), relative scores are derived by an independent assessment by the ACCA of the Energy Architecture Performance Index's (EAPI)'s energy triangle, involving (1) Economic growth and development, (2) Environmental Sustainability, and (3) Energy Access and Security.
Intellectual Property Protection: This score draws on the World Economic Forum’s (WEF) Global Competitiveness Report, using information from the Intellectual Property Rights factor in the WEF's report.
Business Sophistication: This parameter maps the quality of a country's overall business networks and the operations of individual firms. There is a strong correlation between the level of business sophistication and the adoption of cloud services. ACCA draws the data from the WEF Global Competitiveness Report.
Data Center Risk: The primary source of data is the 2012 Data Centre Risk Index from Hurleypalmerflatt, Cushman & Wakefield, which takes into account, attributes such as data center-related costs, political stability, natural disasters, water availability and energy security. In cases where the primary source of data does not cover a particular country in Asia, ACCA combine the Maple croft 2012 Global Risk Index with the primary source data.
Freedom of Information Access: The concept of this parameter is based on the power and opportunity of the cloud can best be harnessed by countries that allow free and open access to information. In order to examine this parameter, ACCA have to explore on multiple sources to measure two attributes: freedom of the press (as a proxy for freedom of speech) and the accessibility of digital content via multiple platforms. The composite index derived from three sources, equally weighted: (1) Freedom House's Freedom on the Net 2012 global assessment of Internet and digital media, (2) Freedom House's Freedom of the Press 2012 index, and (3) WEF's Global Information Technology Report 2013's Accessibility of Digital Content.
2) BSA Global Cloud Computing Scorecard
The BSA scorecard examines the legal and regulatory framework of 24 countries around the world, identifying 66 questions that are relevant to
P a g e | 9
determining readiness for cloud computing. Firstly, for the primary data, it examines major laws and regulations relevant to cloud computing in seven policy categories; data privacy, security, cybercrime, intellectual property rights, promotion free trade and infrastructure. These policy categories align with the BSA’s Cloud Computing Guiding Principles. The secondary data collects the country’s ICT-related infrastructure and broadband deployment in five main indicators as follows:
Base indicators such as population, urban population, number of households, population density, per Capita GDP, Public cloud services market value and personal computer usage.
ICT and network readiness indicators such as ITU ICT Development Index (IDI), World Economic Forum Networked Readiness Index (NRI), International Connectivity Score and IT Industry Competitiveness Index.
Internet users and international bandwidth such as internet users, international internet bandwidth (bits per second per internet user and total gigabits per second per country).
Fixed broadband such as fixed broadband subscriptions as % of households, as % of population and as % of internet users.
Mobile broadband such as mobile cellular subscriptions, active mobile broadband subscriptions per 100 inhabitants and number of active mobile broadband subscriptions.
Table 1.The following table summarizes the indicators employed in both indices.
Indicators BSA Scorecard ASEAN Cloud Readiness
Index
1.Infrastructure
1.1 Broadband Penetration/Broadband Quality
X X
1.2 ICT Readiness X -
1.3 International Connectivity - X
2. Data Privacy X X
3. Data Sovereignty - X
3. Security X -
4. Cybercrime X -
P a g e | 10
5. Intellectual Property Rights X X
6. Support for Industry-Led Standards &International Harmonization of rules
X -
7. Promoting Free Trade X -
8. Government Regulatory Environment and Usage
- X
9. Business Sophistication - X
10. Data Center Risk - X
11. Freedom of Information Access
- X
Based on factors derived from the aforementioned reports, the research team will gather data from secondary data as well as from the workshop in order to identify ASEAN Cloud Computing status on the following issues:
Basic information of the country such as population, GDP.
Basic ICT infrastructure of the country including, but not limited to, fixed-line and mobile penetration, internet penetration and broadband penetration
Basic information on ICT consumption pattern such as market value, if applicable.
Current policies and regulations regarding ICT in general and on Cloud Computing in particular. Our study will focus mainly on policies and regulations which are applied across sectors, not industry-specific. Special interest will be upon policy and regulations that has direct impact on “Data” such as Data Security and Data Privacy.
1.2.3. Perspective on Cloud Adoption
The research team aims to unearth the extent to which cloud computing is adopted and the pattern of adoption by different practice in each member country. We will also attempt to explain the underlying factors to adoption pattern in each country. We will carry out the following tasks:
Identify stakeholders in each country: This study will classify Cloud Computing stakeholders into three groups: Cloud service providers, Cloud users (and non-users), Policy makers/Regulators. Considering timeframe and budget limitation, it is not possible to launch a nationwide or large
P a g e | 11
scale survey. We propose to conduct a survey on key players in the region of 100 persons per country with the following details:
1. Cloud service providers: representatives from ICT Industry associations including telecommunications and software industry associations. “Cloud”-related associations, where exist, are also our target.
2. Cloud users (and non-users): Two groups of cloud potential adopters are identified, the private sector and government sector. Trade or Commercial associations will be our representatives for private sector whereas government sector will be represented by all offices at ministry level.
3. Policy makers/Regulators: government administration, policy and promoters as well as regulators in the related fields are our main population.
Prepare questionnaire2 which will be drafted and presented at the workshop. The final questionnaire will be posted online. The main issues to be raised in the questionnaire include:
1. Cloud Adoption Situation: This include market size, percentage of cloud adoption nationwide and/or at sectoral (such as government/private sector)
2. Existing laws and regulations in the country
3. Barriers to cloud adoption in the country
4. Future perspective on Cloud development
5. Suggested ASEAN initiative on Cloud
2. Standard Models of Cloud Computing and Initiatives
There are three parts for the survey of cloud computing models. First, the standard models proposed by the standard organizations such as NIST [1] will be presented. Second, many architectures proposed by well-known vendors will be explained. Finally, the Government Cloud Initiatives in USA, Asian and European countries will be depicted.
2 Unfortunately, our attempt to reach country-level data has failed with low response rate. The research thus
rely heavily on secondary data analysis.
P a g e | 12
2.1. Standard Cloud Computing Reference Framework
First, the well-known simple NIST cloud computing model [1] is presented as shown in Figure 2. The NIST model defines the five essential cloud characteristics, and gives three basic service models as well as four deployment models. The model also defines five cloud actors: cloud provider, cloud consumer, cloud auditor, cloud broker and cloud carrier as shown in Figure 3 [2]. However, it does not include other essential components such as the process, the organization and the roles of cloud actors.
Figure 2 NIST Cloud Architecture Reference Model [1]
Figure 3 Cloud Actors defined in NIST Model [2]
Figure 4 presents the Generalized Reference Framework [3] which includes four main components: reference model, reference architecture, organization and process. This reference framework also provides a blueprint or template architecture for adopting a cloud based solution. In addition, each element in the framework can be used to support different adoption scenarios according to an individual participant or organization. The framework applied to the cloud computing is shown in Figure 5, and it will be used as the basis for other cloud related models.
P a g e | 13
Figure 4 Generalized Reference Framework [4]
Figure 5 Cloud Computing Reference Framework [3]
The cloud reference models can be classified into two types [5]: role-based model and layer-based model. The role-based model maps activities or capabilities to roles or actors as exemplified in the NIST model. Most models are based on two roles: cloud consumer and cloud provider. Figure 6 gives the overview of cloud services at each service level. Figure 7 presents the essential activities of a cloud provider. The NIST Cloud Computing Reference
P a g e | 14 Architecture as shown in Figure 8 is an example of the role-based model. Another example of the role-based model is the DMTF Cloud Service Reference Architecture [4] which focuses on cloud service management framework as shown in Figure 9. Note that DMTF is the abbreviation of Distributed Management Task Force, Inc., and aims to bring the collaboration on systems management standards and development of IT industry.
Figure 6 Overview of Cloud Services at Each Level [2]
Figure 7 Essential Activities of a Cloud Provider [2]
P a g e | 15
Figure 8 NIST Cloud Computing Reference Architecture [1]
Figure 9 DMTF Cloud Service Reference Architecture [4]
For the layer-based model, the activities or capabilities are mapped to layers in the
architecture such as application layer, resource layer, service management layer or security layer. The examples of this model include Cloud Security Alliance reference model [5] as shown in Figure 10 having multiple layers expressed as a cloud stack, and IETF Cloud Reference Framework describing the capabilities of each layer in depth [6]. In summary, each proposed framework typically contains roles, activities and several layers of architectures.
P a g e | 16
Figure 10 Cloud Security Alliance Reference Model [5]
2.2. Major Vendors’ Cloud Computing Reference Architecture
In this section, we describe the cloud computing reference architecture of many major vendors including IBM, Cisco, Oracle, VMware, Amazon, and Microsoft.
1) The IBM Cloud Computing Reference Architecture (CCRA) [7] as shown in Figure 11
is a blueprint to guide the development teams in the design of public and private clouds. The architecture is built based on the collective experiences of hundreds of cloud client engagements and the implementation of IBM-hosted clouds. It is also a role-based model and very similar to the NIST Cloud Computing Reference Architecture [1]. Actors are divided into three groups: consumers, providers and creators, and 14 user types have been identified. Significantly, the architecture includes the cloud management activity to the cloud service provider’s functions, and separates into two main components: service management and business management. In addition, IBM has added the unique Business Process as a Service (BPaaS) to the cloud architecture. Thus, IBM illustrates that business process is a very essential component of the cloud. Another foresight of IBM’s cloud architecture is the inclusion of the governance for enveloping the whole cloud architecture along with the security, the resiliency, the performance and the consumability. In summary, the IBM’s cloud architecture has illustrated the interconnections between providers, developers, partners and consumers.
2) The Cisco Cloud Reference Architecture Framework [8] as shown in Figure 12 is the
architecture that places the cloud on top of layers of service, security and
P a g e | 17
technology architectures, and it is the layer-based model consisting of five layers: the datacenter technology architecture layer, security layer, service orchestration layer, service delivery and management layer, and the cloud services consumer layer. The foundation of Cisco’s framework is the data center technology architecture which has three service blocks: network, compute, and storage, and it hosts all the delivered services to a cloud consumer or subscriber. The security layer gives the blanket as an end-to-end architecture across all aspects of the framework. The service orchestration layer is implemented with configuration repository enablers, and the configuration repository stores the key service information such as service catalogue, asset inventory, and resource-to-service mappings. This layer is the glue to integrate the lower layers to create a service for delivery. The next layer is where infrastructure and service management function take place. The topmost layer is the cloud consumer service layer which provides a portal for consumers to request and manage. Figure 13 shows the Cisco cloud reference architecture framework that results from the experiences in building, deploying and operating its own private cloud.
Figure 11IBM Cloud Computing Reference Architecture [7]
P a g e | 18
Figure 12 Cisco Cloud Reference Architecture Framework [8]
Figure 13 Cisco Cloud Reference Architecture Framework in Detail [8]
3) The Oracle Cloud Reference Architecture [9] is expressed as the high level
conceptual view as shown in Figure 13 which covers the perspectives of cloud consumer, cloud provider and cloud broker. At the cloud consumer side, the components include security infrastructure, network components such as routers and load balancers, and monitoring components such as gateways and collectors. At the cloud provider side, the components include (1) facilities such as utilities and cooling system, (2) physical resources such as networks, systems and disks, (3) resource abstraction layer providing logical abstraction of physical resources which may not be suitable for serving consumers directly since they need to be logically partitioned and secured for multi-tenancy and rapid elasticity support, (4) three types of cloud services, and (5) cloud management which provides the control plane to manage the resources, control access and govern the infrastructure. The cloud broker would act as cloud providers and cloud consumers at the same time.
P a g e | 19
It also provides additional capabilities to the provider such as aggregation and intermediation.
Figure 14 Oracle Cloud Conceptual View [9]
The logical view of Oracle cloud architecture as shown in Figure 15 consists of four
layers: access layer, service layer, resource layer, and cloud management layer. The access layer has two sets of functionality: (1) interfaces and facilities which allow access to the underlying services and management capabilities including portals and self-service APIs, and (2) networks which support provisioning process including DNS, firewalls and proxies. The services layer contains the end user services deployed in the cloud including IaaS, PaaS and SaaS. It also represents logical groups of service resources which are used to rapidly provision the services. The resources layer represents the logical and physical resources provided through the cloud infrastructure, and managed by the pool manager. The cloud management layer provides the management capabilities required for all services. It also provides support for both build-time and run-time activities.
P a g e | 20
Figure 15 Oracle Cloud Logical View [9]
4) The VMware vCloud Logical Architecture [10] as shown in Figure 16 illustrates how
the core components of vCloud are interrelated and form a common set of cloud services. In addition, from an infrastructure perspective, the vCloud is built on virtual infrastructure, whose components are split between a management cluster and cloud consumer resources. The VMware vCloud Suite 5.5 architecture as shown in Figure 17 provides virtualized infrastructure services with built-in intelligence to automate on-demand provisioning, placement, configuration and control of applications based on policies as it includes VMware vCloud Automation Center which enables customers to automate the delivery of IT applications and services. It also adds vSphere App HA for detecting and recovering from application or operating system failure as indicated in the VMware vCenter Site Recovery Manager.
P a g e | 21
Figure 16 VMware vCloud Architecture [10]
Figure 17 VMware vCloud Suite 5.5 Architecture [10]
5) The Amazon Web Services Architecture [11] as shown in Figure 18 provides a highly
reliable and scalable infrastructure for deploying web-scale solutions, with minimal support and administration costs. The main component of AWS services is Amazon EC2 which is a web service that provides resizable compute capacity in the cloud. The virtual service instances can be launched in one or more geographical regions
P a g e | 22
having multiple availability zones. The storage services are given as Amazon S3 Objects and Buckets. Other services including databases and map-reduce flows are provided for consumers’ applications. Figure 19 illustrates the AWS cloud architecture as layers of services from foundation services to application platform services since it provides the services from infrastructure to software. In addition, the AWS cloud allows customers to design their own application architectures that would suite to the nature of applications including web application hosting, content and media serving, and large scale processing [12].
Figure 18 AWS Cloud Architecture [11]
Figure 19: AWS Cloud Architecture as Layers [12]
6) Microsoft Azure Cloud Architecture [13] as shown in Figure 20 provides two layers
of services: infrastructure and platforms. The Fabric controller facilitates and
P a g e | 23
manages the IaaS services, while the App Fabric controller manages the PaaS
services. Figure 21 and Figure 22 show the detailed layers of Microsoft Azure which
has several connectors at each layer, and enables services to the layer above.
Figure 20 Microsoft Azure Cloud Platform [13]
Figure 21 Functional Layers of Microsoft Azure Cloud Platform [13]
P a g e | 24
Figure 22 Detailed Layers of Microsoft Azure Cloud Platform [13]
2.3. Government Cloud Initiatives
Currently, government cloud initiatives have been proposed by a number of countries
including United Kingdom, USA, Singapore and Thailand since cloud computing provides
not only computing services, high availability and resilience of data, but also improved
security as well as the overall cost IT reduction across government agencies. However, the
adoption of clouds in a government has brought challenges and barriers to overcome
security concerns and cultural changes. At least three factors would have catalyzed the
cloud for a government [14]. They are security, policy, demonstrated ROI (return on
investment) which indicates how much the government can reduce IT infrastructure cost.
In this section, the outline of proposed e-government frameworks is presented.
1) USA Cloud Initiatives
USA has started the Federal Cloud Initiative and introduces the government cloud computing framework since 2008 as shown in Figure 23. The cloud-first policy is initiated in 2011 to accelerate the realization of cloud computing in government agencies, and mandates that government agencies must first consider the cloud before making new IT investments [17]. One good example of cost reduction when moving to cloud is the cost cutting from more than $100 million in 2011 of US Army when moving to a cloud-based enterprise email system.
P a g e | 25
Figure 23 Government Cloud Computing Framework [15]
The Federal Risk and Authorization Management Program, Fed RAMP in short, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services [16]. In other words, it serves as a security clearing house for cloud solutions as well as helps facilitate the security certification process of agencies so that their cloud adoption could be speeded up. In the early stage, there are five cloud adopting federal agencies: General Services Administration (GSA), Department of the Interior (DOI), Department of Agriculture (USDA), NASA, and National Oceanic and Atmospheric Administration (NOAA) [18].
2) UK G-Cloud Initiative
In 2012, the UK Government initiated G-Cloud for easing procurement by several departments of UK Government for IT services using cloud computing. The G-Cloud consists of two parts: (1) a series of framework agreements with suppliers that allows public sector organizations call off services without needing to run a full tender or competition procurement process, and (2) an online store called "CloudStore" that allows public sector bodies to search for services covered by the G-Cloud frameworks [19]. The service began in 2012 and there were over 700 suppliers by May 2013. Over 80% of suppliers are small and medium enterprises. In June 2013, G-Cloud moved to become part of Government Digital Service (GDS). Furthermore, the adoption of Cloud First policy was announced in late February 2014, and based on the procurement of more than 1200 providers and 13000 services.
P a g e | 26
Figure 24 UK G-Cloud Online Store called "CloudStore" [19]
3) Singapore Government Cloud [20] aims to provide efficient, scalable and resilient cloud computing resources. It is designed to meet different levels of security and governance requirements, and divided into three assurance zones: naming high, medium and basic assurance zones. The high assurance zone has a physically dedicated computing resource pool only be used by the government to serve its high assurance needs. The medium assurance zone will be shared among government agencies with security controls in place and the non-government cloud users. The basic assurance zone has a computing resource pool offered by public cloud providers. In addition, the Singapore Government will identify and provide software-as-a-service products including business analytics, customer relationship management and web content management on G-Cloud, and have the plan to deploy its G-Cloud in Feb 2013. Figure 25 shows the Singapore Government cloud platform.
P a g e | 27
Figure 25 Singapore Government Cloud Platform [20]
4) Thailand E-Government Cloud Thailand started the e-Government initiative since 1997 when the Government Information Technology Services (GITS) was established under the National Science and Technology Development Agency (NSTDA), and the Ministry of Science and Technology (MiST) with the goals to assist Government agencies implement IT services and plans, and had drawn up the agenda to transform the government from connecting government agencies to all stakeholders for providing e-Services anytime, anywhere through any channel. The Electronic Government Agency (EGA) was established in 2011 under the supervision of the Minister of Information and Communication Technology. The goal is to (1) coordinate the implementation of electronic government activities for public use; (2) create equal opportunity and access to the Government Information Network (GIN); (3) establish security protocols for all electronic services offered by the Government; (4) develop common standards conforming with international standards under the TH e-GIF (Thailand e-Government Interoperability Framework); (5) encourage the skill enhancement of all IT personnel working in supporting the e-Government services; and (6) communicate the status of e-Government initiatives to stakeholders throughout the Government. Since then, the EGA has developed G-Cloud Platform, EGA Cloud Architecture and EGA Cloud Framework as shown in Figure 26, 27, and 28, respectively.
P a g e | 28
Figure 26 Thailand EGA Cloud Platform [21]
Figure 27 Thailand EGA Cloud Architecture [21]
P a g e | 29
Figure 28 Thailand EGA Cloud Framework
5) Trusted Cloud Europe Framework
The European Commission has issued the final report titled “Establishing a Trusted Cloud Europe” which initially laid out the European Cloud Computing Strategy to ensure that the cloud computing opportunity will be captured in Europe [22]. The report proposed the concept of the Trusted Cloud Europe framework as shown in Figure 28 to support the definition of common cloud best practices as well as to connect them to use cases and to apply them in practice. The goal is to stimulate the European single cloud market which can create new prosperity and a position of digital leadership for citizens, businesses and public administrations.
As we have an overview of Cloud frameworks and its architectures, cloud computing is now emerged as a new development platform. There are a plethora of different reference architectures, models and frameworks for cloud computing, and it would not be easy for an organization to adopt an appropriate model for its business focus. Some perspective and readiness for cloud adoption are reviewed in next topic.
P a g e | 30 3. Recommendations Trusted ASEAN Cloud Framework
The goal of proposition this cloud framework is to support the mobility and integration
of common services among ASEAN countries so that we can have the ASEAN single cloud
market for all business sectors. The framework consists of four layers as shown in Figure 29.
Figure 29 Proposed Trusted ASEAN Cloud Framework
Figure 30 Proposed Thailand Cloud Security Framework
P a g e | 31
The first layer at the bottom is the national cloud of each country, and in the example,
we present the proposed cloud security framework of Thailand as shown in Figure 30. We
propose that each national cloud should have the security controls and mechanisms of its
own for the operations and services provided within its country.
In the second layer, each country has to identify which government services will be
provided to other countries. In addition, any identified domain of industry services should be
declared to give services to others. The parties involved could be cloud vendors, cloud users,
government agencies and industry associations. In this layer, the consensus among those
parties needed to be built for any services provided across ASEAN. Three common essential
consensus must be agreed upon the following requirements: Data requirements, Security
requirements and Service requirements. For providing services of one domain, the data
exchanged between clouds would happen very often. Thus, data requirements are needed
since data definition presented by each country are most likely to be different. The data
requirements define the type, the format, the size of the data as well as the data-life-cycle
functions operated on the data from data creation to data disposal. We also need to agree
upon the security requirements which define the identity of people and services given. Other
security fundamentals such as authentication and the security policy must be defined as well.
Moreover, the service requirements will define the level of services such as SaaS services, the
service domains to be operated, the service agencies, and service properties. The summary of
those requirements are given in Figure 31 below. The consensus building should include the
following issues such as privacy needs, enforcement mechanisms, and any legislative reform.
Figure 31 Common Consensus Requirements
P a g e | 32
The third layer exemplifies the use cases which give specific domains for providing
services. From the figure, we present four use cases: healthcare services, identity services,
financial services, and data science services. They could be good examples for providing
services across ASEAN members. For instance, within the AEC, people would easily move or
migrate from place to place, and when they get sick, healthcare services can be provided
locally as if they were at home. Of course, with easy moving around AEC, the money would
be spent here and there. Significantly, the identity of people in AEC must be unique and easily
identified due to security concerns, especially when a criminal can cross the border very easily
too.
The fourth layer describes the best practice for a particular domain of services. The
issues to be considered include the standards, fair contracts, code of conduct, SLA (Service
Level Agreement) and Certifications. All of these would define the common best practices
among all parties involved in the service providing and service usage. Examples of technical
standards are given in the Figure 32 below. For instance, PCI-DSS would be a global standard
used for providing financial services. Other technical standards such as encryption
technologies and third-party audits could be defined as guidelines for all agencies to follow.
Legal guidelines would involve certifications, acts, and compliance. Meanwhile, operation
guidelines could be used to define the SLA criteria, and several management aspects.
Figure 32 Best Practices
Furthermore, since each country is autonomous and has been governed with different
laws and legislations, it would not be easy to comply all those requirements together in one
scheme. There will be no one-size-fits-all scheme. In other words, each service domain may
have to define extra requirements to fit needs and comply with the law of each country
P a g e | 33 member. As a result, our proposed framework adds the alignment of policies and legislations
to cover all layers. The alignment would help establish common templates that address
jurisdiction and enforcement concerns. It would also help align the requirements according
to defined rules and best practices. It should help reduce the restrictions on data location
which all countries have the most concern since everyone wants the data at a security
guaranteed place.
Finally, with this proposed framework, we would like to see a pilot project that sets up
cloud services at the ASEAN level.
4. Cloud Computing in ASEAN: A Policy Perspective and Initiative Study
To understand the current status and trend of cloud computing among ASEAN countries requires information regarding laws, regulations, and cloud computing adoption. ASEAN are a late adopter of cloud computing technology, excluding Singapore. Hence, this research has struggled with insufficient information required for the development of a cloud computing policy and framework, particularly in relation to a low response rate from online survey(s). For this reason, the study of an ASEAN cloud computing enabled environment in this project is mainly based on secondary data. The study is outlined in two parts: firstly, benchmarking and analysis for a cloud computing enabled environment across ASEAN countries, and secondly, an in-depth look at each country, estimating the market size and conditions. There are five main issues presented in the first part. These are 1) cloud computing global trend, 2) ASEAN cloud computing readiness, 3) ASEAN benchmarking on ICT indicators,4) ASEAN cloud computing adoption,and5) Laws and regulations related to cloud computing.
4.1. Cloud Computing Global Trend
Cloud computing has seen a steady growth in market expansion in recent years. Private cloud has been well received in the market, at least in its early stages. Although the market value of public cloud is already higher than that of private cloud, the private cloud and virtual private cloud continue to hold a significant market share due to existing organizational difficulties in switching to the public cloud model. Nonetheless, public cloud is expected to grow continuously through 2020 (as shown in Figure 33).
P a g e | 34
Figure 33 Cloud Services Market 2011-2020 Source: Forrester Research, 2012
Considering workload uses on cloud computing, public cloud has also gained more trust from businesses due to the strengthening of public cloud security. Even though some critical tasks need to stay on private cloud, public cloud adoption is still growing fast. Another alternative deployment is hybrid cloud, which has reached more adoption due to the flexibility of interoperability between distinct cloud service platforms. The public cloud workloads are expected to grow at 33% while private cloud workloads are anticipated at 21% from 2013 to 2018 (See Figure 2.)
Figure 34 Public VS Private Cloud Growth [24]
In terms of a service model, for the initial development of cloud computing, IaaS appears to be a majority workload share, though the market is expected to level off in future years. Moreover, Telcos has adapted its strategy to claim Infrastructure as a Service (IaaS) or cloud market share, often through the mergers and acquisition of relevant cloud computing businesses.
P a g e | 35
As for Platform as Service (PaaS), the workload share is not very high due to limited users by software and application developers, but it is expected that the PaaS will witness dramatic growth and strong competition in the near future. PaaS providers offer on top service whether they are SaaS or BpaaS, and in parallel with its core business will also gain a huge advantage over competitors that do not offer such services.
Simultaneously, the SaaS has great growth prospects compared to IaaS. Although both have a high market value and high workload share. With various application services, the SaaS market allows intense competition, without current players having significant market power. This market has experienced high growth all over the world lately.
As shown in Figure 34 by 2018, IaaS workload share will have a 28% share of all cloud workloads with an average growth rate of 33% from 2013 to 2018. PaaS will drop from a 15% share of all cloud workloads in 2013 to 13% by 2018. SaaS shows the swiftest growth and the highest deployed global cloud service with an expected 59% share of all cloud workloads by 2018.
Figure 35 Cloud Computing Service Model Sharing [24]
In the public cloud, initial deployment to Software as a Service (SaaS) offered a low risk and easy to adopt proposition for the consumer segment and SMEs while IaaS and PaaS are dominant in the private cloud for large enterprises. Recently, as the development of cloud security has been entrusted to public cloud providers, large-scale enterprises are adopting public SaaS as well.
4.2. ASEAN Cloud Computing Readiness:
In addition to establishing a clear understanding of ASEAN cloud computing, it is important to research best practices abroad in order to identify key factors influencing cloud
P a g e | 36 computing policy and framework in each of the member countries within the different development process. Asia Cloud Computing Association (ACCA) and Business Software Alliance (BSA) are the 2 principal organizations benchmarking key factors for enabled cloud environment.
According to CRI 2014, Singapore is the ever-ready leader, followed by Malaysia, Thailand and the Philippines as the dedicated improvers, while Indonesia and Vietnam are the steady developing countries. As for the improvement of the cloud ecosystem, Thailand moved up four places to 9th place, followed by the Philippines with two places improved since 2013 at 10th place. On the other hand, Indonesia and Vietnam dropped by one rank each from 2013. Singapore and Malaysia are currently in steady relative positions in 4th and 8th places respectively (See Table 2).
Table 2 Cloud Computing Readiness Index 2014 [25]
Categories Singapore Malaysia Thailand Philippines Indonesia Vietnam
Selected Ranking(6 of 14 countries)
4 8 9 10 12 14
CRI Score 74.8 66.2 59.3 56.1 52.4 47.8
1. Privacy 6 5.8 4 5.8 4.4 3.6
2. International Connectivity 8.2 5.8 5 5.4 2.9 3.2
3. Data Sovereignty 7.8 6.7 6.2 5.9 6.2 5.6
4. Broadband Quality 8.8 7.1 8 4.1 3.1 4.2
5. Government Regulatory Environment and Usage
6.1 5.2 3.7 3.7 3.9 3.8
6. Power Grid and Green Policy 5.9 4.9 6.3 5.5 5.7 4.7
7. IP Protection 8.7 6.9 4.4 5.1 5.6 4.1
8. Business Sophistication 7.3 7.2 6.3 6.1 6.3 5.3
9. Data Center Risk 7.4 8.5 7.6 5.5 6.4 6.4
10. Freedom of Information 8.6 8.2 7.8 9 7.9 7
3Source: Asia Cloud Computing Association (ACCA)
P a g e | 37
As shown in Table 2, broadband quality is the highest score for Singapore and Thailand while Malaysia’s strength lies in data center risk. As for the Philippines, Indonesia and Vietnam, they all give precedence to the freedom of information more than other countries in ASEAN, hence, they gain a high score in this area, especially the Philippines. In contrast, power grid and green policy are weak points for Singapore and Malaysia. At the same time, Thailand and Philippines share an equal score but are lagging behind in government regulatory environment and usage that could be a great obstacle for cloud computing development. Furthermore, Indonesia struggles and faces the worst international connectivity with the lowest score in ASEAN. Even though Vietnam shares the same problem with Indonesia, it has still gained more points from CRI evaluation.
In addition to the CRI index, ACCA has also launched a survey on SME cloud computing adoption that compares the same 14 economies as the CRI index, namely the SMEs in Asia Pacific: The Market for Cloud Computing, investigating how SMEs adopted cloud technology both in vertical and horizontal industry perspectives. The study reveals that 90% of enterprises in ASEAN are small and medium enterprises (SMEs), however, the definition of SMEs is various in each country. As for the demand drivers for SMEs, the cost reduction is a critical factor for SMEs to adopt cloud technology across ASEAN countries, other factors such as improving efficiency and remote access are considered as top drivers for the cloud market in the region.
Figure36 illustrates that Singapore came in second overall out of 14 countries and is positioned as the leader across the ASEAN economies. The criteria for SME Cloud Market Index evaluates the attractiveness of cloud computing for Asian SMEs in relation to market size, market coherence, market demand, price and government support for SME adoption of cloud and IT programs. The second position in ASEAN belongs to the Philippines, with a 48.7 total score. The addressable market size in the Philippines is relatively smaller than its other ASEAN counterparts, however, other conditions are favorable for SMEs to use cloud technology, particularly with the early adopters of cloud technology. The third position is Indonesia with its outstanding score of 76.8 for SMEs' size, the biggest market among member countries. Following Indonesia are Malaysia (46.5 score), Thailand (45 score), and Vietnam (28.7 score).
P a g e | 38
Figure 36 SME Cloud Computing Market Attractiveness Index Source: ACCA, 2015
BSA Global Cloud Computing Scorecard
The Business Software Alliance (BSA) has compared 24 countries on various factors influencing cloud computing in its publication entitled BSA Global Cloud Computing Scorecard. These elements include ICT readiness, free-trade promotion, support for industry-led standards and international harmonization of rules, intellectual property, cyber-crime, security, and data privacy. In addition to determining cloud computing readiness, it also collects data in terms of ICT related infrastructure and broadband deployment in various categories; population density, urban population, number of households, per Capita GDP, public cloud market value and personal computer usage. Additionally, ICT and network readiness indicators such as ITU ICT Development Index (IDI), World Economic Forum Networked Readiness Index (NRI), International Connectivity Score and IT Industry Competitiveness Index are considered as a relevant measurement of cloud readiness.
Table 23 BSA Global Cloud Computing Scorecard, 2013
Categories Singapore Malaysia Indonesia Thailand Vietnam
Selected Ranking
(5 of 24 countries)
5 13 21 23 24
ICT readiness and broadband deployment (Score: 30)
22.9 16.4 10.4 11.7 10.6
Free-trade promotion (Score: 10) 8.6 5.8 2 3 1.4
P a g e | 39
Categories Singapore Malaysia Indonesia Thailand Vietnam
Support for industry-led standard (Score: 10) 8.8 10 8.2 8.8 7
Intellectual property (Score: 20) 18 17.4 11.2 8 9.2
Cybercrime (Score: 10) 9 7.2 7 7.4 5
Security (Score: 10) 3.6 5.6 3.2 1.6 2.8
Data privacy (Score: 10) 7.6 7.1 6.4 3.5 4.1
Total Score: 100 78.5 69.5 48.4 44 40.1
Source: BSA Global Cloud Computing Scorecard, 2013
As mentioned in Table 3, of the 5 selected countries listed in the scorecard, Singapore is the first in the table for ICT readiness and broadband deployment. Following Singapore are Malaysia (13th), Indonesia (21st), Thailand (23rd), and Vietnam (24th). It can be noted that Thailand and Vietnam are the last two places from 24 countries for cloud computing readiness. A closer examination of the scorecard reveals that besides ICT readiness, Singapore also excels in the areas of intellectual property protection, computer-crime control, and data privacy policy, while Malaysia’s strength lies in intellectual property protection, ICT readiness, and support for cloud computing industry-led standards. On the other hand, Singapore lags behind in areas of security despite its excellent ICT readiness and intellectual property protection. Thailand remains disadvantaged in almost all areas, except the support for cloud computing industry-led standards, with the worst being ICT infrastructure, free-trade promotion, security and data privacy policy.
4.3. ASEAN ICT Benchmarking:
In order to better understand the ASEAN cloud computing ecosystem, it is important to do background research on key factors and benchmarking indices influencing cloud computing development, especially those related to infrastructure readiness and competitiveness associated with the cloud computing environment. This study mainly focuses on worldwide ICT infrastructure indices such as the Network Readiness Index (NRI), the Global Competitiveness Index (GCI), the ICT Development Index (IDI), and the E-Government Development Index (EGDI) summarized in Table 4. It can be noted that of the 10 selected countries (listed in Table 4) Malaysia's ICT readiness has been highly developed at quite an impressive rate while Singapore is the top three of ICT global readiness in all benchmarking.
P a g e | 40 Table 4: ASEAN ICT Benchmarking
Index/
Country
Networked Readiness Index
(NRI) 2014
The Global Competitiveness Index
(GCI)2014-2015
ICT Development Index (IDI)2014
E-Government Development Index
(EGDI)2014
Rank Score Rank Score Rank Score Rank Score
Singapore 2 5.97 2 5.65 16 7.90 3 0.9076
Malaysia 30 4.83 20 5.16 71 5.20 52 0.6115
Brunei 45 4.34 n.a.* n.a.* 66 5.43 86 0.5042
Indonesia 64 4.04 34 4.57 106 3.83 106 0.4487
Thailand 67 4.01 31 4.66 81 4.76 102 0.4631
Philippines 78 3.89 52 4.40 103 4.02 95 0.4768
Vietnam 84 3.84 68 4.23 101 4.09 99 0.4705
Laos 109 3.34 93 3.91 134 2.35 152 0.2659
Cambodia 108 3.36 95 3.89 127 2.61 139 0.2999
Myanmar 146 2.35 134 3.24 150 1.82 175 0.1869
Remark: * The Survey of the Global Competitiveness Index was not completed to minimum requirements in Brunei Darussalam.
Source: The Global Competitiveness Index – WEF, Networked Readiness Index – WEF, ICT Development Index – ITU, and E-Government Index – UN.
The Networked Readiness Index (NRI)
According to the ranking of worldwide infrastructure networked readiness, Singapore, Malaysia and Brunei are the top three leaders among ASEAN member with rankings of 2nd place, 30th place and 45th place respectively. On the other hand, Laos, Cambodia and Myanmar are disadvantaged while compared with developed countries in ASEAN like Singapore and Malaysia and even with such developing countries as Indonesia, Thailand, Philippines, and Vietnam.
With respect to NRI 2014, which covers 143 countries and is made up of a composite indicator based on four main categories (such as environment, readiness, usage, and impact), 10 subcategories or pillars, and the 53 individual indicators across different pillars are as follows [25]:
P a g e | 41
Firstly, the environment index consists of 2 pillars, the political and regulatory environment and the business and innovation environment. They assess the regulatory framework in terms of the extent of intellectual property rights protection, software piracy and independence of the jurisdiction, and they also evaluate market conditions related to entrepreneurship, innovation and ICT development.
Secondly, readiness index covers 3 pillars (infrastructure, affordability and skills) measuring the infrastructure and factors that support the uptake of ICT in each distinct country. The infrastructure focuses on various indicators; for example, mobile network coverage, international internet bandwidth, security of internet servers, and stability of electricity. As for affordability, the pillars assesses both usage costs and broadband internet subscription costs, as well as acting as an indicator that points to a competitive market mechanism in order to reduce costs for broadband users in the long run. The last pillar of readiness index, the skills pillar, tends to evaluate the effectiveness of ICT users in each country by considering the enrollment rate in secondary education, quality of the education system, and adult literacy.
Thirdly, usage index takes into account the ICT adoption by three main sectors: individual usage, business usage and government usage. Individual usage is based around mobile and internet usage, personal computer ownership, and social network usage. Business usage intends to capture how ICT is integrated into business operations in terms of adoption technology in business process through business-to-business and business-to-consumer processes, as well as by assessment of the number of patent applications under the Patent Cooperation Treaty (PCT) adopted by corporates. The government usage measures the leadership and implementing policy for ICT development, as well as the quality of government online services.
Lastly, impact index applies both the economic impacts and social impacts from ICT development. The economic impacts aim to show the effect of ICT on the economy in order to demonstrate how ICT improve business processes and create added value through new products and services and also indicate how ICT has contributed to developing whole economies by adopting innovation. The social impacts aim to evaluate the societal progress made through enhancing ICT usage in basic services (such as accessibility to healthcare and education) and also advanced services like energy saving and smart life. At the same time, the government impact focuses on the effect of ICT improving government efficiency and quality of services provided to the public, as well as accruing citizens to involve in the e-government program.
P a g e | 42
The Global Competitiveness Index (GCI)
The Global Competitiveness Index (GCI) compounds with the 12 main pillars as the set of institutions, policies, and factors supporting the overall productivity of a country. These are determined as the fundamental accelerators of growth rate and competitiveness for generating economic wealth. These pillars include the institutional environment that is influenced by the legal and administrative framework; efficient infrastructure, macroeconomic environment, health and primary education, higher education and training, goods market efficiency, labor market efficiency, financial market development, technological readiness, market size, business sophistication, and innovation. It should be noted that these pillars are not independent. In other words, they are interrelated and reinforce each other so a weakness in one area has a negative effect in others as well.
A closer examination of the GCI 2014-2015 reveals that Singapore ranks as the second most competitive economy across the dimensions of the GCI as the top of 3 in seven out of the 12 pillars. Additionally, Singapore’s strength lies in all market efficiency (i.e. goods market, labor market, and financial market), and also as one of the world's best institutional frameworks and high infrastructure facilities. Following Singapore is Malaysia that is ranked 20th
(out of 148 countries) and is considered as having rapid growth for a transforming economy in terms of efficiency accompaniment, particularly in healthcare and primary education. The 3rd place in ASEAN (up six places from previous assessments and now ranked 31st globally) Thailand. This is defined as a swift reform of a macroeconomic environment despite its regardless innovation development. In the 2014-2015 survey, Indonesia gains four places up to 34th rank detailing progress in almost all its overall rankings except its labor market that remains by far the weakest aspect in terms of wage and employment situation, in turn, the use of ICT by the population remains comparatively low. Up seven places since the previous year Philippines continues an upward trend and leapfrogs in the institution pillar due to government performance improvement and strides in technological adoption (up eight places to 69th out of 148 countries). Furthermore, the Philippines is the one of the great digitally domestic connected countries, close behind Malaysia (60th) and Thailand (65th). For the rest of the ASEAN members, Vietnam, Laos, Cambodia and Myanmar, their performance is almost unaltered from the previous year. However, common challenges in most ASEAN nations are the quality of infrastructure (particularly in international connectivity), stable institution framework, and innovation development.
ICT Development Index (IDI)
The ICT Development Index (IDI) launched annually by ITU combines two indices together, Digital Opportunity Index (DOI) and The ICT Opportunity Index (ICT-OI) associated across 166 countries' performance with regard to an availability of ICT infrastructure and
P a g e | 43 access, a high level of ICT use, and a skill to use ICT effectively. Based on these three components, the IDI is divided into three sub-indices: 1) Access sub-index captures ICT readiness including fixed telephone subscriptions, mobile cellular telephone subscriptions, international internet bandwidth per internet user, households with a computer, and households with internet access. 2) Use sub-index captures ICT intensity, along with individuals using internet, fixed broadband subscriptions, and also wireless broadband subscriptions. 3) Skill sub-index captures the ICT capability as an essential indicator to adult literacy, gross secondary enrolment, and gross tertiary enrolment. Furthermore, in the 2014 report, ITU collaborated with the United Nations Statistical Commission (UNSC) and national statistical offices to figure out a special focus on the potential of big data from ICT devices and applications to improve public services like healthcare, education and environmental management [26].
According to the IDI's report, Thailand is the one of the above average improvement countries (ranked 81st and up 10 places from last year) boosting over the past 12 months in wireless broadband penetration while Singapore (ranked 16th) is considered as ICT champion in Asia Pacific countries. Similarly, Brunei and Malaysia achieve and IDI score higher than the global average (4.77 score) with 66th position and 71st position, respectively, even though Malaysia's progress has dropped down the most in international comparison, from 66th in 2013 to 71th in 2014. In the meantime, Vietnam (ranked 101st) and the Philippines (ranked 103rd) have endeavored to reach the IDI global average but still entangle with the ICT skill development. On the other hand, all remaining 4 countries, Indonesia, Cambodia, Laos, and Myanmar, fall short of the developing country average (3.84 score).
E-Government Development Index (EGDI)
The United Nations has provided an E-government Development Survey every two years to assess the e-government development and current status of the 193 United Nations member states based on three significant dimensions, the availability of online services, telecommunication infrastructure, and human capital related to an evolving e-government. EGDI reveals that the economic capacity in terms of the national income, as well as accessibility to ICT infrastructure and public services such as education and healthcare, influences the e-government implementation in each country. With respect to the EGDI 2014, Singapore has retained the top three of e-government ranking, jumping from 10th place globally to 3rd over the last two years, regarding as very high EGDI with index values in the range of 0.75 to 1.00 (See Table 3). Singapore has also developed a multi-agency program led by the Ministry of Finance called ACE (Alliance for Corporate Excellence), gathering all systems and operation environments for human resources, finance and procurement into a common shared system based on cloud computing to support a cost efficiency for government services.
P a g e | 44 In the meanwhile, four out of the ASEAN countries, Malaysia, Brunei, Philippines and Vietnam, have enhanced significantly to gain better positions in e-government development, in particular, by means of creating a one-stop-service delivery portal to provide government service to their citizens. In addition to the higher mobile penetration rate in the region, Singapore, Malaysia, Thailand and the Philippines provide an e-access government service through mobile applications with m-Government conducting both government-to-business and government-to-consumer transactions. On the other hand, Laos, Cambodia and Myanmar challenge the digital divide to provide e-government services after dropping behind with ICT appropriated infrastructure development.
4.4. Comparative Analysis of Cloud Computing in ASEAN
A study of ASEAN cloud ecosystem aims to establish a clear understanding of cloud computing adoption and market conditions, which consists of an analysis in various factors of cloud computing, particularly in ICT and cloud computing readiness. A study of cloud computing in the region has shown that the cloud ecosystem of each country consists of similar stakeholders, dividing into 5 categories as follows:
1) Policy maker and regulator: an agency that is responsible for shaping a direction of cloud computing and also regulating and promoting domestic cloud computing services.
2) Association: an agency supporting cloud computing environments especially business aspects and shaping the mechanism which supports the cloud ecosystem to increase trust and cloud adoption.
3) Infrastructure Provider: Infrastructure Provider: Telecommunication operators and virtual machine providers who are the major stakeholder in this area. Another infrastructure need for cloud services such as internet speed or internet bandwidth and security infrastructure.
4) Cloud Service Provider: there are 3 categories of cloud service provider, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
5) Cloud Users: Cloud adoption is mainly defined as Independent Software Vendor (ISV), including enterprises of small, medium and large scale for people who use cloud services based on personal cloud and public cloud deployment. Cloud computing in ASEAN has seen a prosperous growth in market expansion. Cloud computing, particularly in a mass market, is modeled on economies of scale and it is thus dominated by players with significant market power, most of which are Multi-National Companies (MNCs) such as Amazon, Google, Microsoft, Saleforce.com, and IBM, i.e., those companies with the capability to provide comprehensive solutions across the service value chain. This poses challenges and barriers to local service providers in each country. To successfully penetrate and stay competitive in the
P a g e | 45 cloud market, new entrants need to rely on their niche services and focus on joint venture schemes.
In terms of deployment, private cloud has been well received in the market, at least at its early stages. At present, however, the market value of public cloud is expected higher than that of private cloud. Its popularity is also increasing. In the developed countries, public and private cloud services hold a similar size of market share. In Singapore, the government urged its agency to use public cloud as well as private cloud provided by G-Cloud. Meanwhile, in other ASEAN countries, businesses appear to remain in favor of private cloud due to security concerns. On the other hand, hybrid cloud in Malaysia has overwhelmed private cloud and is projected to double its growth in the next few years. At present, the private cloud and virtual private cloud continue to hold a significant market share due to organizational difficulties in switching to the public cloud model.
In the matter of service models, the development of the IaaS market appears to be quite advanced across the region. Even so, service providers in developing countries, such as Thailand, Indonesia and Vietnam have limited advantages in markets in which the local culture poses limitations on market entry and penetration throughout domestic laws and regulations, including shortage of promotions. Further, it can be noted that Telcos has adapted their strategy to require cloud market share, often through mergers or the taking over of relevant cloud computing businesses.
Currently, the entire ASEAN PaaS market is dominated by key providers from developed countries, the United States and Singapore, although the PaaS market value is not very high. As for the SaaS in ASEAN, it is a market with greater value and growth prospects than the IaaS and PaaS markets. In addition, the SaaS is a market that has experienced high growth in all its member countries. It is also apparent that countries with highly competitive software industries, such as the Singapore, Malaysia, and Thailand, can easily and seamlessly progress to provide this cloud service model.
Table 5 summarizes the characteristics and conditions of cloud computing in ASEAN as mentioned above. Also, it can be noted here that some countries (Laos, Cambodia, and Myanmar) do not appear in the table below due to lacking systematic information related to the domestic cloud computing market.
P a g e | 46
Table 5 : Comparison Cloud Computing Market in ASEAN
Country % of cloud adoption Dominant Model &
Deployment
Vertical Sector to Cloud Early Adoption G-Cloud
Brunei Business use – n.a.
Government use – 41%
(Source: BIT, 2014)
SaaS
Private Cloud
Education, Healthcare
(Source: EGNC)
yes
Indonesia Business use -42%
(Source: VMWare, 2013)
SaaS
Private Cloud
Financial Institution, Wholesale and Retail (Restaurants and Hotels), Transportations, Warehouse and Communications, Creative Industry
(Source: ACCA)
n.a.
Malaysia Business Use - 33%
(Source: Frost & Sullivan,
2011)
SaaS
Hybrid Cloud
Transportation and Storage, Wholesale and Retail Trade, Arts Entertainment and Recreation, Repair of Motor Vehicles
(Source: ACCA)
yes
Philippines Business Use –35%
(Source: VMWare, 2013)
n.a. Business Process Outsourcing, Technology Startup, Retail Services
(Source: ACCA)
yes
Singapore Business Use - 51% Government Use - 80%
(Source: VMWare, 2013 and IDA, 2010)
SaaS
Private Cloud
Commerce (Wholesale and Retail), Accommodation and Food Services, Property
(Source: ACCA)
yes
Thailand Business use – 34%
(Source: VMWare, 2013)
SaaS
Private Cloud
Telecom and Finance, Trade (Wholesale and Retail), Logistic
(Source: MICT)
yes
Vietnam Business Use – 39%
(Source: VMWare, 2013)
IaaS
Private Cloud
Trade (wholesale and retail), Banking and Financial Institutions, Education and Hospitality
(Source: ACCA)
yes
As for the business sector, records in many countries show that SMEs are the key users of public cloud services due to their limited budget to invest in private cloud. Large enterprises
P a g e | 47 remain major cloud users. On the other hand, they tend to prefer private cloud or hybrid cloud services to public cloud services due to security aspects.
In terms of government cloud usage, governments in each selected country have started to use some form of cloud services. Outstanding countries in terms of G-Cloud adoption include Singapore, Malaysia, the Philippines, and Thailand. Nonetheless, the actual use in each of these countries may remain limited, excluding Singapore, due to the nascent state of domestic cloud development.
4.5. Comparative Analysis of Cloud Computing Policy and Legal Infrastructure
Legal infrastructure related to cloud computing continues to evolve in ASEAN member
countries. The dynamic technology development illustrates how legal and regulatory
influence ICT enabler corresponding with a great challenge to create an appropriate innovation
ecosystem, of which cloud computing is a major part. For the last decade, ASEAN countries
have attempted to expand universal broadband infrastructure, to build strong ICT industry, to
promote the widespread use of ICT in all sectors, to develop competent ICT workforce, and
create a solid legal infrastructure to meet with new technology development. Currently, there
are a growing number of laws and regulations that serve as the foundation for cloud computing
development. There are 5 outstanding aspects of legal infrastructure for cloud computing that
can be compared and contrasted. These include data privacy, cybercrime, security,
intellectual property rights, and standards. Table 5 summarizes the current status of laws and
regulations related to cloud computing in each country.
P a g e | 48
Table 6 : Laws and Regulations Related to Cloud Computing Comparison in ASEAN
Issues Brunei Cambodia Indonesia Laos Malaysia Myanmar Philippines Singapore Thailand Vietnam
Data Privacy Draft Data
Protection
Legislation
none Information
and Electronic
Transactions
2008
none Personal
Protection Data
Act2010
none Data Privacy
Act 2012
Personal Data
Protection Act
2012
The Official
Information Act
1997
Draft Data
Protection
Legislation
Protection of
Consumers’
Rights 2010
P a g e | 49
Issues Brunei Cambodia Indonesia Laos Malaysia Myanmar Philippines Singapore Thailand Vietnam
Cybercrime Computer
Misuse Act 2007
Draft e-
Commerce
Legislation
Pornography
Law 2008
Special
Provisions
(416/IC) for
Control of the
content,
information
and data
obtained via
internet
system
Computer Crime
Act 1997
Communications
and Multimedia
Act 1998
Computer
Science
Development
Law 1996
Electronic
Transaction
2004
Cybercrime
Prevention Act
2012
Computer
Misuse Act 1993,
Criminal
Procedure Code
Act 2010
Computer Crime
Act 2007
The Law on
National Security
2004
Decree on
Management,
Provision, and
Use of Internet
Services and
Information
Content Online
(Decree 72)
P a g e | 50
Issues Brunei Cambodia Indonesia Laos Malaysia Myanmar Philippines Singapore Thailand Vietnam
Security Electronic
Transactions Act
2004 (revised
2008)
Consumer
Protection (Fair
Trading) Order
2011
Draft e-
Commerce
Legislation
Information
and Electronic
Transactions
2008
Electronic
Transactions
2012
Digital Signature
Act 1997,
Electronic
Commerce Act
2006
Electronic
Transaction
2004
Electronic
Commerce Act
2000
Electronic
Transactions Act
2010
Electronic
Transactions Act
2001
(Amendment
2008)
E-Transactions
2005
P a g e | 51
Issues Brunei Cambodia Indonesia Laos Malaysia Myanmar Philippines Singapore Thailand Vietnam
Intellectual
Property Right
n.a. none TRIPS
Copyright Law
2002
Draft copyright
law
TRIPS
Copyright
Act2012
none Republic Act
No.8293
TRIPS
Copyright Act
1997
(Amendment
2006)
Remote
Gambling Act
2014
TRIPS
Copyright Act
1994
TRIPS
Penal Code 1999
P a g e | 52
Issues Brunei Cambodia Indonesia Laos Malaysia Myanmar Philippines Singapore Thailand Vietnam
Regulator/
Policy Maker
Authority for
Info-com-
munications
Technology
Industry
(AITI)/Ministry of
Communica-
tions
Ministry of Post
and Telecommu-
nications
Indonesian
Telecommu-
nications
Regulatory
Authority/
Ministry of
Communica-
tionsand
Information
Technology
Ministry of Post
and
Telecommu-
nications
Malaysian
Communica-
tions and
Multimedia
Commission
(MCMC) /
Ministry of
Information
Communi-
cations and
Culture (MCC)
Posts and
Telecom-
munica-tions
Depart-ment
(PTD)
National
Telecommu-
nications
Commission
Infocomm
Develop-ment
Authority (IDA)/
Ministry of
Communi-
cations and
Information (MIC)
National
Broadcasting and
Telecommu-
nications
Commission
(NBTC)/
Ministry of
Information and
Communica-
tions (MICT)
Ministry of
Information and
Communi-
cations
Source: UNCTAD (2013), ACCA (2014), and BSA (2013), ITU (2013)
P a g e | 53
Data Privacy
Data privacy is one of the key concerns for the adoption of cloud computing both for individuals and businesses. Three of the ASEAN countries have enforced the data privacy act, for instance, Personal Data Protection Act 2012 (Singapore), Personal Protection Data Act 2010 (Malaysia), and Data Privacy Act 2012 (Philippines). In the meantime, Thailand and Brunei are in the process of enacting data privacy laws. At the moment, in Thailand, the draft of the Personal Data Protection Act is currently under the consideration of parliament under its digital economy policy.
Furthermore, the developing countries like Indonesia and Vietnam do not yet have sufficient privacy protection and enforcement mechanisms to apply related laws based on the data protection and consumer protection mechanism. Thailand also applies The Official Information Act 1997 during the draft of privacy laws is in a process. Despite the fact that the data privacy laws help boost confidence for the cloud user, however, Cambodia, Lao and Myanmar have none of the regulation regimes related to their data protection mechanism. The data privacy issue is particularly concerning in ASEAN in order to monitor what commercial cloud providers do with consumers' personal data, particularly in a public cloud.
The information ownership becomes a significant concern including information rights control and also cross-border data flow to third parties that lack the domestic mechanism of data protection, such as the possible mass relocation of users' data to server farms located in foreign jurisdictions. According to these concerns, many countries have established constitutional rights to privacy and embedded these in various sectoral laws, and so to be regardless to comprehensive privacy legislation in these regions is rare. In some ASEAN countries (such as the Philippines, Thailand and Malaysia) which support ICT-enabled services as a promising growth sector, data protection laws are necessary to comply with a foreign requirement relating to data processing on cloud computing.
Cybercrime
From the European convention, cybercrime consists of computer-related offenses, computer-related fraud, computer-related forgery, content-related offenses (such as child pornography), and misuse of devices, system interference, data interference, illegal access and interception3. With respect to the convention, in this report, cybercrime refers to not only to criminal activities committed by means of computers and the internet (for example hacking and virus diffusion), but also distribution of inappropriate online content. Basic computer crime laws
P a g e | 54
are designed to address online content regulations, while specific cybercrime laws are an advanced jurisdiction from basic criminal law, dealing with such things as the Computer Misuse Act, for example. Many jurisdictions manage internet content through a mixture of legislation and other regulator tools, codes of conduct or licensing requirements for internet service providers (ISPs). For instance, Singapore has enacted both legislation and regulatory tools, the Computer Misuse Act 1993 and the Criminal Procedure Code Act 2010, taking into account of both online content control and misuse of computers. Malaysia launched the Computer Crime Act in 1997 and also applied online content regulations in related law as the Communications and Multimedia Act 1998, aiming to control online data from ISPs via licensing issue. At the same time, Thailand enacted the Computer Crime Act 2007 for enforcement on both consumers and providers. Alternatively, Indonesia has legislated specific laws dealing with pornography such as the Pornography Law 2008. Meanwhile Lao has special provisions (416/IC) for content control of information and data obtained via an internet system. However, online content regulation has not always been considered a priority in ASEAN; some countries have left this issue in favour of the Electronic Transaction Act or The National Security Bill as is the case with countries like Cambodia, Myanmar and Vietnam.
To consider closely the international framework on computer crime, the Council of Europe Convention is considered to be the best practice on cybercrime. To date no ASEAN member countries have yet joined the convention but the selected cybercrime laws of Brunei, Malaysia, Singapore and Thailand are influenced by laws of the Europe Convention. For example, in Thailand, the Computer Crime Act 2007, which came into force in July 2007, aims at preventing and suppressing computer related offenses and aligns to the Budapest Convention. Overall, the Act is to put laws and orders to the use of the Internet, ensuring security and building trust in communicating and performing electronic transactions. There is, however, criticism over how the Act is unreasonably strict on online providers, who may unknowingly store illegal content on their systems and how requirements, such as redesigning networks to implement filtering data and log requirement to control user access, is considered as burdensome, particularly in a Big Data era.
Security
The ITU defines information cybersecurity as “the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets. Organization and user’s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment”[26]. Cybersecurity
P a g e | 55
also strives to ensure the attainment and maintenance of the security properties relevant security risk in the cyber environment.
Further security measures that also need to be considered and put in place include (1) administrative security (which refers to an administrative procedure to provide for the development of policies, measures, criteria or any procedures to be used in the selection, development, application or maintenance process), (2) physical security (defined as the development of policies, measures, criteria, or any procedures to ensure the protection of information assets, construction or other assets against threats from individuals, natural disasters, accidents or other such events) and (3) confidentiality (defined as protection or reservation of a computer network system, computer system, computer operating system, information system, information data, electronic data, or computing data against access, use, or disclosure by an unauthorized third party). Moreover, the level of security required depends on the information security risk and the potential damage it may cause to individual users or even to the economy and society.
Each ASEAN country, except Cambodia, has enforced an electronic transaction bill to protect domestic and cross border online transactions. In relation to cloud computing, the Electronic Transaction Act has a major role in creating a legal environment that allows the growth of transactions, both of commerce and non-commerce, on the cloud. In addition, some countries link cybersecurity to other related laws aiming to boost trust and confidence for internet transaction such as The Consumer Protection Order 2011 in Brunei and The Digital Signature Act 1997 in Malaysia.
Intellectual Property Rights
As cloud computing system includes multiple components, each operated by a different party, intellectual property rights becomes a complex issue in terms of patent infringement and copyright infringement. It should be noted that a user of cloud computing service, following NIST's characteristic of cloud computing, need not to know where data storage and processing occurs. Thus, even if the hardware or data processing used in a cloud computing infrastructure do infringe patent rights or copyright, detecting that infringement is still difficult. The most important of these are the need for strict personal data protection and safe harbor legislation for ISPs to limit their liability in case of copyright infringement (by users and without their knowledge). There is also an on-going policy debate on such subjects as localization rules. Intellectual property protection has ratified and implemented TRIPS agreement and WIPO copyright treaty. Only two out of 10 ASEAN countries, Cambodia and Myanmar, have not yet endorsed the TRIPS agreement while some of which developed their own copyright act corresponding with WIPO treaty these include Thailand,
P a g e | 56
Malaysia and Indonesia. At the same time, Vietnam applied a conduct code called The Penal Code 1999 to protect copyright infringement. As for the Philippine's copyright law, it is treated in the intellectual property code officially known as The Republic Act No.8293 based on the principles of the Berne Convention. Copyright laws in the Philippines not only protect against copyright infringement but also guard patents, trademarks, and other forms of intellectual property. As mentioned above, copyright laws vary from jurisdiction to jurisdiction, for example what constitutes copyright infringement in one country may not in another. Hence, intellectual property right in its strict intellectual property law should allow ISPs to operate well in the cloud environment by limiting ISPs' liability for intellectual property right infringement in both copyright and patent.
The Implications for Legal Infrastructure towards Policy Recommendations:
According to this study, there are significant differences in the overall legal approach that has been taken in each country. For instance, basic computer crime laws have been developed in Lao, Myanmar, and Vietnam, in the meantime specific and advanced regulations in the other countries can make it difficult to identify and compare legal requirement for businesses who wish to operate in the region. Brunei, Indonesia, and Thailand have a strong aspiration to improve a specific law with the endeavor to pass the draft of data privacy legislation. Although, enacting laws related to cloud computing indicates how each country has developed their cloud ecosystem, particularly in legal infrastructure, ASEAN member countries still face the huge challenges in implementation, enforcing, and promoting the requirements of those laws. Thus the conformation of legal infrastructure and common law system in the region needs to be considered as the potential benefits for businesses based on cloud computing environment.
In a nutshell, ASEAN legal infrastructure is continuously improving to boost more trust and confidence for cloud users. Its strength lies in having comprehensive ICT policies as well as data protection and computer crime legislation. Policy and law areas that need further improvement may include (1) limitation of service provider’s liability to encourage the provision of cloud computing service in each country, (2) data privacy and protection to build consumer's trust in the cloud ecosystem, (3) clarification of laws and regulations especially transparent implementation and enforcement, and (4) conformation of laws and regulations related to cross-border data flow and online dispute resolution facility. Policy recommendations related to cloud security can be summarized as follows:
1. Understanding of data security for different deployment models: The level of data security and personal data protection varies, depending on service models. Public cloud has a
P a g e | 57
lower level of security compared to that of private cloud, be they architecture, hierarchical access control, data priority, technical protection for database or network, and physical protection. Users need to have sufficient knowledge and understanding of different cloud deployment models to be able to choose a suitable deployment model to fit their needs. For this reason, a measure to provide users with the necessary information and understanding of cloud computing will help relieve service providers of an inappropriate level of expectation regarding cloud security.
2. Privacy protection and consumer protection mechanisms: Protection of privacy is inseparable from the government’s policy. Most developed countries have in place data privacy laws. Developing countries, on the other hand, do not yet have a sufficient privacy protection and enforcement mechanism. Also, other privacy issues to be addressed here include unauthorized access and use of data (for example, the wide-spread unauthorized use of data stored on the cloud for business analytics), data transfer, and data backup. These issues require the government’s immediate attention as cloud-related consumer protection measures are crucial to building confidence and trust in cloud computing.
3. Balance between government intervention and self-regulation: The importance of security issues has attracted many regulatory agencies to take part in drafting relevant legislation. Some examples include the Electronic Transaction Act, the Computer-Related Crime Act and specific legislation for the financial and insurance sectors. Nonetheless, given the extended length of time for legislative process, existing legal infrastructure cannot keep up with fast-paced technological advances (for instance, new techniques to attack, intercept and forge data and to gain unauthorized access to data on the cloud). The concept of self-regulation has, thus, emerged in response to this regulatory dilemma as it allows the bypass of government’s prolonged legislative process and the handling of the most current technological problems in an expedite manner. Nevertheless, careful consideration must be given regarding the scope of this self-regulatory approach. Whether or not and to what extent the government should intervene is a big question to ponder.
5. Cloud Computing Country Profile:
5.1. Brunei
Information and Communication Technology (ICT) Development
To encourage cloud computing adoption, one of the ingenious strategies is investing in its infrastructure for increasing accessibility and facilitating ICT usage as a pillar for demand boosting. In Brunei, cloud computing development has swiftly growth especially in e-government established with strong competencies on ICT infrastructure,
P a g e | 58
particularly internet broadband both of fixed and mobile broadband. Brunei set up knowledge hub based on cloud system to boost up national ICT capability. The Ministry of Communications (MoC) consented to budget B$230 million ($187.3 million) to implement a national broadband initiative through a fiber-to-the-home (FTTH) program as a five year plan (2012-2017). To thrive internet broadband as an key accelerator, the FTTH initiative intends to provide internet speed up to 20 megabytes per second (Mbps) with 85% coverage all over country aiming to develop e-learning, e-health, and e-government based on cloud computing system. Brunei is one of top rank in ASEAN in terms of telecommunication penetration and infrastructure facilities. It ensures that communication services delivered up to date to citizen, particularly in internet broadband. It can be noted that an internet adoption is a significant potential development in the region with high rate of individual using the internet (64.5%). Despite its fixed telephone subscriptions has been overwhelmed by emergence of a mobile sector, fixed broadband subscriptions is not much different with mobile broadband as shown in Figure 37.
Figure 33 : ICT Development in Brunei (2013) Source: ITU (2013)
Due to a great potential of internet subscribers, mobile broadband has continued to expand relatively slowly with fixed broadband owning to fixed broadband initiative to increase fixed broadband coverage following ICT 2000 provision. As shown in Figure 38 and 39, in 2014, dial up subscribers had been vanished from the chart in the meanwhile fixed broadband subscribers had increased since mobile broadband had reached a penetration of 115% by 2014[26].
P a g e | 59
Figure 34 Brunei Internet Subscribers Source: Brunei Information Technology Council, 2014
Figure 35 Brunei Internet Subscribers Penetration Source: Brunei Information Technology
Council, 2014
Government Policies Related to Cloud Computing
The Ministry of Communications is responsible for the national policy related to cloud computing in Brunei while related regulations fall upon the Authority for Info-
P a g e | 60
Communications Technology Industry (AITI). Three main agencies have initiatives towards promoting ICT adoption including (1) E-Government National Committee (EGNC) is the main national center which its task is to provide e-government services to citizen in terms of operation, acquisition and human resource development in the field of ICT related to e-government initiatives, especially in civil service [27] ; (2) E-Business Leadership Forum (EBLF), its mission is public sector modernization towards meeting the public expectation and challenging requirements for effective and efficient services in the dynamic environment by increasing the usage of ICT; and (3) E-Government Technical Authority Body (EGTAB) was formed to function as the regulatory and also as the technical think tank experts in handling e-government projects[27]. To further the IT 2000 and beyond core strategies, e-Brunei is one of the three drives in the effort to move Brunei into a paperless governance and information/data exchange through multimedia technologies, together with the public sector drives towards e-government and private sector drive towards e-business programs[28].
In terms of ICT promotion, the AITI not only takes an important role in the regulatory scheme, but also plays an outstanding ICT promotion associated with driving ICT savvy. The AITI's grant offers partial funding opportunities for local businesses as well as foreign corporates with Local partners related in ICT industry contributed more than 50% equity sharing.[29] There are three grant types available, namely (1) Enhancement grant – for improving and upgrading existing products; (2) Ownership grant – for obtaining certification and quality management systems such as trademarks, patent, and IPR; (3) Marketing Grant - for marketing and improving existing branding, packaging, design or labeling. Under the national development plan, AITI has funded grants and joint ventures worth up to B$1.9 million aiming for increasing the competitiveness of ICT industry as a whole [29].
The Brunei Darussalam National IT Council (BIT Council), a further government agency that its mission is related to promoting IT businesses including cloud computing. It was formed with the purpose of bestowing the national direction both of core strategies and action plans towards Ministry of Communications. BIT Council is also the main agency to bridge between government sector and private sector thereby collaborating to drive nation to the forefront of ICT development. In this aspect, BIT main tasks focus on how to synergy the various ICT initiatives carried out by various government agencies and private sectors' requirement.
P a g e | 61
5.2. Indonesia
Information and Communication Technology (ICT) Development
In recent years, Indonesian phenomenon in the telecommunications sector development is mainly due to the growth of cellular telephony with subscriptions (per 100 inhabitants) equaled 121.5 and mobile broadband as 31.6 subscriptions (per 100 inhabitants) while 48% of users connect to the internet through mobile device [27]. Mobile subscription in Indonesia has expanded greatly since 2012 and government aims to push mobile broadband penetration to 40% by 2014. In contrast the fixed line penetration rate slow down since 2009 and equaled 16.1 subscriptions (per 100 inhabitants) Nevertheless Indonesian government pushes an effort to improve broadband accessibility through fixed line broadband network, particularly in border and rural areas; for example the fiber optic Palapa Ring Initiative. The major telcos in Indonesia, such as PT Telkom and PT Indosat, have involved in the project to increase internet connectivity.
Figure 36 ICT Development in Indonesia (2013) Source: ITU 2013.
According to Indonesia's Internet Provider Association (APJII), internet users has rapidly grown up as Internet penetration has increased expeditiously with double digits since 2010. At the end of 2011, internet users expanded to 45 million people and reached at least 55 million in 2012. Simultaneously, Indonesian internet users has continuously grown to 80 million by the end of 2013 with 33.3% penetration rate. With respect to a robust growth of internet users, Indonesia becomes a potential market for ICT related business including cloud computing compared to other countries in the region. The internet contribution in Indonesia, according to Deloitte Access Economics, is at 1.6% of GDP, bigger than liquefied natural gas exports, expected to growth at least three times the pace of the overall economy to 2.5% of GDP in 2015.
P a g e | 62
Figure 37 Internet Users in Indonesia (1998-2014) Remarks: the 2014 figure is estimated. Source: APJII
Cloud Computing Adoption
As mentioned above, Indonesia has a huge potential market for cloud computing in terms of swiftly growth of internet users and a nascent stage of business transformation based on cloud computing technology. As for the expansion to cloud computing provision, the former group of SaaS adopters appears to have greater agility to transform their businesses. According to VMWare cloud index 2013, 41% of businesses have adopted cloud technology while 34% are planning to implement cloud initiatives in their organization within 12 months [28]. Simultaneously, due to ACCA's report, the top early adopters of cloud computing can be identified as: (1) financial institutions; (2) wholesale and retail trade (especially restaurants and hotels); (3) transportation, warehouse and communications; and (4) creative industry.
In addition to cloud computing market, a report by Frost and Sullivan revealed that cloud market grew 43% or estimated to $31.4 million in 2012 and projected to increase to 48% in 2014 (See Figure 42) [29]. The growth in adoption rate for cloud services is outstanding compared to other ASEAN countries. The initial adoption was driven by MNCs, similar to other developing countries, catered to local business looking to gain an opportunity to transform their business model. Another key driver for compounded growth
P a g e | 63
of cloud computing market in Indonesia is government initiative to develop cloud ecosystem through supporting cloud data center, aiming to deploy consolidated and distributed data infrastructure with strong disaster recovery capabilities[30].
Figure 38 Indonesian Cloud Computing Market Growth Forecast (2010-2014) Source: Frost and Sullivan
In terms of cloud service models, the SaaS market is a market with a great prospect than the IaaS and PaaS markets as shown in Figure 43. SaaS accounted for a dominant share of the market with approximately 95% share of the market in 2012, meanwhile IaaS and PaaS hold the market share at 3.8% and 0.7% respectively. With regard to Indonesian government facilities based on data center and virtualization technology, the IaaS has predicted as leap frog expansion in the next few years, despite its market share comparatively lower than SaaS. Identifying this as an opportunity, local data center services providers collaborated with Telcos to provide IaaS service. As a developing country, Indonesian businesses are implementing various methods and technologies for adoption by various purposes, one of those is public cloud. Public cloud in Indonesia continue to be perceived as less secure compare to private cloud, despite their advantages in reducing costs and enhancing business agility. It should be noted that most of SMEs prefer to apply public cloud aiming to reduce operational costs while medium and large enterprises spend to private cloud due to data security and reliability. In 2012, private cloud seized 60.2% share of cloud service deployment the bigger share in the latter category as shown in Figure 44.
P a g e | 64
Figure 39: Indonesian Cloud Computing Market Share Source: Frost & Sullivan
Figure 40 Indonesian Cloud Computing Deployment Model Adoption Source: Frost & Sullivan
Government Policies Related to Cloud Computing
P a g e | 65
One of the great challenges to provide cloud computing service in Indonesia is quality of internet infrastructure both domestic coverage and international connectivity due to its complex geographical island structure. With respect to improving quality of internet services and boost up an auspice of the economy, national policies related to communications, information, multimedia services and cloud computing fall upon to the Ministry of Communications and Information Technology (MCIT) [31], handling to formulate both of national policy and policy implementation. At the same time, the Indonesian Telecommunications Regulatory Body or BadanRegulasi Telekomunikasi Indonesia (BRTI) supervises both domestic and international regulations of ICT and broadcasting. The BRTI is responsible for issuing licenses, resolving disputes, and legal frameworks in the telecommunications and information businesses, even though, its chair engages with the Directorate General of Post and Telecommunication (DGPT) has been overruled by MCIT since 2005[32].
In terms of infrastructure development, MCIT has launched the Indonesia connected program improving the quality and coverage of broadband internet across the whole country known as the Palapa Ring Network aiming to connect various islands with fiber optic undersea for 35,280 kilometers [33]. Following Presidential Decree No 96 year 2014, the Indonesia National Development Planning Agency (BAPENNAS) launched the Indonesian Broadband Plan (IBP) 2014-2019. This goal is to be achieved through linking broadband with other priority sectors in the economy, namely e-Government, e-Health, e-Education, e-Logistics and e-Procurement [34].
Considering policy related to cloud computing promotion, the Indonesian government has envisaged cloud computing as a key success to boost up the wealth of economy in terms of business transformation and public services. The Master Plan for Acceleration and Expansion of Indonesia Economic Development, namely MP3EI, has been established to ensure the leap frog of potential and capabilities for private sector, particularly in enabling ICT technology with the SMEs and utilizing technology as the main driver for SMEs adopted cloud computing in the country. Furthermore, Indonesian government has launched the issuance of Government Regulation No.82/2012 to mandate conducting electronic transaction and establishing data center sites in the country. Despite the purpose of this policy supported cloud security and consumer protection mechanism, the international cloud service providers consider it as a huge obstacle to provide cloud computing in Indonesia.
5.3. Malaysia
Information and Communication Technology (ICT) Development
P a g e | 66
Malaysia ranks in ASEAN, after Singapore, when it comes to advanced ICT infrastructure and utilization. Following to ITU statistics, in 2013, 67% of the population in Malaysia used the internet and reached 144.7% of mobile subscriptions (per 100 inhabitants), or nearly 1.5 mobile subscriptions per person. In contrast to mobile subscriptions, broadband usage for fixed broadband and wireless broadband was merely 8.2% and 12.5% of penetration, respectively (See Figure 45). Taking into account a government provision improving broadband infrastructure, by 2015, 75% of households is expected to access high speed broadband with speed greater than 10 Mbps, expediting significantly high economic growth.
Figure 41 ICT Development in Malaysia (2013) Source: ITU (2013)
According to the proliferation of mobile user, internet penetration pale in comparison, with only 1% growth of internet penetration over year to year since 2012, due to World bank Database as shown in Figure 46. Hence, Malaysian government urged to drive internet penetration to hit 75% of households with access to high speed broadband by 2015. Corresponding to mobile phone and computer usage, the amount of mobile transactions and solutions have increased exponentially. As internet broadband becomes more readily available and connectivity becomes more pervasive, the demand for mobile broadband will grow even more.
P a g e | 67
Figure 42 Malaysian Internet Users (per 100 people) 2010-2014 Source: World Development Indicator, World Bank Database
Cloud Computing Adoption
Cloud computing aggregates demand for ICT services from various users, allowing for economies of scale through the efficient delivery of computing resources from a shared computing platform. Malaysia has seen cloud computing as the next wave of ICT development due to a lucrative economic impact from enabling cloud computing. Taking into account cloud computing as a key accelerator for economic growth, cloud investment in Malaysia is expected to expand more than 20 times over the next eight years to hit US$873 million from US$ 29 million in 2010, according to Frost and Sullivan. To further understand cloud computing market in Malaysia, as shown in Figure 47, SaaS overwhelmed cloud computing services with 91% of cloud adoption, following by 8% of IaaS and 1% of PaaS, respectively. Despite SaaS is a majority adoption in terms of cloud service model, IaaS is expected to be the fastest enhancement of the market in the near future, with 59.4% growth rate for the 2010-2014 (See Figure 48).
P a g e | 68
Figure 43 Malaysia Cloud Computing Market Size, 2010Source: Frost & Sullivan (2011)
Figure 44 Malaysia IaaS Market Forecast, 2010-2014Source: Frost & Sullivan (2011)
The report also revealed that 33% of businesses has already adopted cloud computing transforming their traditional IT system to cloud-based services, of which 14% is hybrid cloud following by 13% of public cloud and 6% of private cloud (See Figure 49). It can be noted that
P a g e | 69
hybrid cloud witnessed highest adoption among various cloud deployments offering a blend of cost savings and security.
Figure 45 Adoption of Cloud Computing in Malaysia by Delivery Model Source: Frost & Sullivan (2011)
In terms of SMEs adoption, according to ACCA, Malaysia is an emerging country that has a potential for cloud computing adoption, particularly in mobile cloud computing. Although only 27% of businesses use ICT in their businesses, Malaysia, however, continues its transformation to a digital economy, resulting in more of these traditional businesses are being replaced by modern companies. The report also said that the services sector which accounts for 90% of SMEs will likely be the most attractive sector to target for increasing adoption of cloud computing services. Within these service sectors, the early adopters of cloud computing service identified as (1) transportation and storage; (2) wholesale and retail trade; (3) repair of motor vehicles and motorcycles; and (4) recreation, arts and entertainment.
Government Policies Related to Cloud Computing
Proactive initiatives have been taken by the government in promoting and developing ICT as a sector and enabler through successive economic development plans as well as various strategic policies and programs. One of those provisions is the National Strategic ICT Roadmap falling upon to the responsibility of Minister of Science, Technology and Innovation (MOSTI) [35]. However, another key government agency related with an overall ICT promotion is Ministry of Information Communication and Culture (MCC), in the meantime the regulatory body in the field of communication, information and multimedia belong to the responsibility of Malaysia
P a g e | 70
Communications and Multimedia Commission (MCMC) [36]. Under the 10th Malaysia Plan and Government Transformation Framework, ICT continues to be the critical foundation for enabling delivery and creating advanced solutions for many initiatives identified under the Economic Transformation Program (ETP) and The Government Transformation Program (GTP) [37].
To further promote cloud computing adoption, the Multimedia Development Corporation (MdeC) has launched the Digital Malaysia Initiative aiming to accelerating the adoption of cloud computing solutions among local and medium enterprises and to elevate the competitiveness and efficiency of local businesses [38]. Through a cohesive national effort to develop a conducive cloud ecosystem in Malaysia, MDeC is driving the awareness of cloud computing ecosystem towards the implementation of software as a service (SaaS) along with future rollouts of infrastructure as a service (IaaS) and platform as a service (PaaS). With respect to the Digital Malaysia, government has bestowed promotion provisions related to innovation and technology adoption under the SME Masterplan 2012-2020 through various measurements: for instance; waiving subscription fee for any SaaS solutions that provided by Malaysia Status Companies (MSC); and setting up the Product Development and Commercialization Fund (PCF) by to help local MSC enhance their competitiveness to commercialization.
5.4. Philippines
Information and Communication Technology (ICT) Development
ICT infrastructure in Philippines has sustainably developed for the last few years, however, internet broadband considered as the key success of economy's growth in various countries ongoing enlarge in a steady pace compared with other countries in ASEAN. Despite the fact that Philippines is the third largest market for smart phones in the region with the ratio 47% in 2014, according to IDC, the internet penetration is increasing slowly to 36% in 2013[42]. The disparities in ICT uptake remain substantial, with great level of individuals using the mobile internet and low level of fixed broadband deployment (See Figure 50).
Philippine's mobile market has reached its saturation point at 104.5 subscriptions (per 100 inhabitants) by 2013. The national broadband policy established to accelerate broadband infrastructure deployment and to ensure that broadband service reached all parts of the country, as well as to promote the adoption of broadband usage among household, business, industry sectors and public/government institutions. With respect to government initiative to promote ICT
P a g e | 71
enabling, the more mobile solutions (such as mobile financial services and m-commerce) utilize the more mobile broadband network is required particularly in high-speed bandwidth.
Figure 46 ICT Development in Philippines (2013) Source: ITU (2013).
In particular, Figure 51 shows that internet penetration is rising up from 36.62% by 2013 to 39.43% by 2014, of which 3.4 million is defined as new users. In 2014, Philippines is ranked 14thglobal internet users. Although internet users increase only 3% from year to year, its internet penetration rate still remains its top three of the ASEAN economies following Singapore and Malaysia.
* Estimate Figure 47: Internet Statistic in Philippines (2007-2014) Source: Internet Live Stats [43]
P a g e | 72
Cloud Computing Adoption
In 2013, cloud computing adoption in Philippines was estimated at 35% of business usage, according to VMWare Cloud Index 2013. However, in terms of technology adoption, Philippines still lacks standard for ICT and information exchange and handling, even though government has established the data privacy law and cybercrime law in 2012. With reference to ACCA's report[44], Philippine government has launched government cloud or GovCloud initiative, a private cloud computing system for government agencies to use basic cloud applications (such as email, web hosting, and payment gateway applications), to advocate cloud computing adoption and boost cloud ecosystem in the country, gaining higher score rank following ACCA's index 2014, in particular, through the passage of a new data privacy law and the dropping of libel provisions originally included in its draft cybercrime law. It is one of the stronger ASEAN countries in terms of freedom of information access. Following a World Bank study on the Interoperability Readiness and Demand Assessment of government agencies, most government agencies in Philippines favorably adopt cloud computing and consolidate cloud technology to provide public services4.
Regarding cloud service providers, the leading local provider, PLDT, has significantly developed cloud infrastructure and has recently emerged in this line of business and well-established cloud solutions to rising up cloud adoption mainly in business sectors through investing its own public cloud infrastructure5. Corresponding to cloud adoption trend across enterprises in Philippines has been growing rapidly, private cloud still occupied the cloud computing market alongside with public cloud deployment. Furthermore, in terms of cloud adoption varied by sectors, ACCA reported the sectors defined as an early adopter consists of three main sectors, Business Process Outsourcing, Technology Startup, and Retail Services.
Government Policies Related to Cloud Computing
It can be noted that Philippine government has encouraged GovCloud to drive cloud computing adoption through the promotion scheme responsible by National Computer Center (NCC) [44]. The Integrated Government Philippines (iGovPhil) is a flagship project collaborated among the Department of Science and Technology, the Advanced Science and Technology
4 Source: http://i.gov.ph/govcloud/about-govcloud/. Retrieve on 16th May 2015.
5Source: http://www.pldt.com/news-center/article/2012/10/16/pldt-cloud-to-boost-local-adoption-of-cloud-computing#.Vbzd9_nhBs8. Retrieve on 28thMay 2015.
P a g e | 73
Institute (ASTI), and the Information and Communications Technology Office (ICTO) [45] aiming to provide cloud IaaS for government agencies to develop their own applications to public services.
The Philippines continues its pursuit of a digital empower and integrated government through the E-Government Master Plan (EGMP). The EGMP adopts a government approach that support the Philippine Development Plan (2011-2016). As the EGMP’s implementation strategy, the Medium Term ICT Harmonization Initiative (MITHI) places an excellence on government interoperability, collaboration and shared resources. To operationalize this, the government also developed the Philippine Strategic ICT Roadmap 2006-2010 focused on four key areas; ICT infrastructure, security services, human capital development, and e-Governance. In a similar manner, the Philippine Digital Strategy (PDS) 2011-2016 implemented by The Commission on Information and Communications Technology (CICT) illustrated the government's resolve to link its development priority for inclusive growth and sustainable development with its ICT plans [46]. The PDS defined ICT as a critical infrastructure as well as transportation, water, and electricity and focused on ICT enabling in government and governance, education, and industries especially small businesses.
5.5. Singapore
Information and Communication Technology (ICT) Development
Singapore is considered an advanced ICT leader among ASEAN countries in respect to ICT infrastructure development, innovation creation, and technology adoption. To encourage cloud computing ecosystem, quality infrastructure play a critical role as a foundation of a robust internet ecosystem. With the vision to leverage ICT to foster economic growth, the country has developed continuously ICT infrastructure over decades. According to ITU, Singapore, in 2013, has mobile subscription at the penetration rate of 155.6%, equaled to 8.4 million mobile subscriptions. The country's robust internet penetration witnessed with such high internet penetration rate especially mobile broadband, a 135.1% penetration rate, meanwhile fixed broadband subscription pale in comparison, a 25.7% penetration rate. Further, percentage of individual using the internet recorded at 73% penetration rate as high as developed countries with the average of internet users up to 70% penetration rate (See Figure 52).
P a g e | 74
Figure 48 ICT Development in Singapore (2013) Source: ITU (2013)
Singapore has seen ICT infrastructure as a key enabler in boosting the overall competitiveness based on creating new industries and new businesses encouraging economic growth. The country continues to make strategic investment to deploy a seamless, trusted and intelligent Next Generation National Infocomm Infrastructure (Next Gen NII) [47]. As a new generation super high speed broadband, up to 1Gbps, comprising wired and wireless connectivity. Besides, the rate of household access to internet increased dramatically from 65% in 2004 to 88% in 2014, however, after 2011 the rate grew slightly only an average 1-2% growth over year to year (Figure 53). Consequently, the penetration of internet broadband had grown rapidly from 45% in 2004 to 85% in 2011, with slower growth after 2011 (Figure 54).
Figure 49 Household Access to Internet, 2004-2014Source: IDA, 2014[48].
Figure 22:
P a g e | 75
Figure 50 Household Access to Broadband, 2004-2014Source: IDA, 2014[49].
In terms of business usage of internet, according to IDA survey namely “Survey on Infocomm Use by Enterprises 2012”, 87% of overall businesses are expected to apply ICT enabling with their business process in 2014, of which 82% of enterprises of less than 10 people used the internet at work at least once a week while 97% of enterprise of more than 10 people used the internet at work daily [50]. (See Figure 55).
Figure 51 Business Usage of Internet 2012-2014 Source: IDA, 2012
P a g e | 76
Cloud Computing Adoption
According to IDA's cloud adoption survey, Singapore is far ahead from all ASEAN countries in terms of technology adoption, including cloud computing. In particular, the market adoption of SaaS is projected to grow at a compound annual growth of 22% with three-quarters of all businesses in Singapore adopting SaaS by 2018. IaaS, on the other hand, is projected to have a higher compound annual growth rate of 26% as more businesses adopt IaaS. The demand for cloud services remain strong in Singapore with the results showing cloud spending among the enterprises is S$512 million in 2013 and is expected to rise up to S$920 million by 2018[51]. In addition, 94% of Singapore enterprises surveyed plans to deploy cloud-based offering over the next 12 months as compared to the global average of 90%. As for the early adopter in terms of business usage by sectors are identified as follows: (1) commerce both of wholesale and retail; (2) accommodation and food services; and (3) property sectors.
IDC's report also shows that most of Small and Medium Businesses (SMBs) has utilized more in private cloud than public cloud, however, multiple cloud or hybrid cloud is expected to catch up the pace faster in the next few years, with 89% plan on using multiple clouds over the global average of 83% (See Figure 56).
P a g e | 77
Figure 52 Intended Use of Public and Private Cloud Services in Singapore, 2010-2013Source: IDC, 2010
It should be noted that Singapore not only promotes cloud adoption in business usage, but also government usage as well. Singapore approach consists of three main programs (1) promoting government adoption, (2) cultivating flagship projects across industry verticals, and (3) creating awareness and industry outreach. Singapore has established the Government Cloud (G-Cloud) since 2010 aiming to provide a cloud infrastructure for the overall government use where security and governance requirements cannot be fulfilled by public cloud.
Government Policies Related to Cloud Computing
The Infocomm Development Authority (IDA) of Singapore plays a critical role in promotion and regulation related to cloud computing and technology adoption in Singapore Singapore’s cloud vision is to sharpen the overall economic competitiveness through adoption of cloud computing and enhance the vibrancy and growth of the infocomm sector through the development of a cloud ecosystem. To achieve these objectives, IDA has identified six key thrusts: (1) supporting flagship users of cloud services, (2) attracting cloud players, (3) developing manpower competency for industry (4) forging R&D relationships and building knowledge capital assets, (5) providing enabling infrastructure, and (6) building a trusted environment through policy and legislations.
Under its supporting flagship users strategy, the government has introduced the following projects: (1) iSPRINT Scheme to increase SME productivity, promote packaged and customized solutions prequalified by IDA, and harness cloud technology to enhance business.operations; (2) SaaS Enablement Program (SEP) to provide funding for SaaS enablement in specific industry verticals (3) Cloud Innovation Centre (CIC) to boost the adoption of cloud services among small or newly established businesses and encourage businesses to use a private cloud; (4) Productivity and Innovation Credit (PIC) scheme to grant businesses in order to 400% tax deductions for five years against the acquisition of IT equipment, acquisition and licensing of intellectual property rights, staff training, research and development, registration of patents and trademarks, and design projects; and (4) Initiatives to promote adoption such as the Call for Cloud Computing Proposals and the seminar series for public education on cloud computing.
Cloud computing development is further underpinned by Singapore human resource development strategy called the Competency Development for Industry and Manpower. The strategy encompasses a number of projects such as (1) the Infocomm Manpower Development Roadmap v2.0, aimed at capacity building and equipping students with cloud
P a g e | 78
computing knowledge and skills; (2) Development of competency standards, aimed at identifying job roles, with a strong focus on cloud computing; (3) Training programs, achieved through short training courses for IT personnel to help them develop skills for cloud computing; and (4) Building a talent pipeline project, in which the IDA will work with IT schools to offer both diploma and degree courses to provide education and practical training relevant to cloud computing to students.
5.6. Thailand
Information and Communication Technology (ICT) Development
Despite the fact that the government has encouraged an investment in the fixed-line and wireless high-speed network in order to expand the broadband network to become universally accessible for people throughout the country, the penetration rate was only 7.4 subscriptions per 100 inhabitants for fixed broadband. In contrast, mobile broadband catch-up in the penetration rate is more impressive with 52.3 subscriptions per 100 inhabitants. Thailand also has high mobile penetration rate, with 138 subscriptions per 100 inhabitants (See Figure 57).
Figure 53 ICT Development in Thailand (2013) Source: ITU (2013)
The data from the National Broadcasting and Telecommunications Commission (NBTC) reveals merely slight growth when it comes to internet broadband penetration, increasing from 2.9% in 2005 to 16.1% in 2010 to 29.6% in 2015 (as shown in Figure 59). This is despite the fact that mobile operators continued to invest in related Wi-Fi Hot Spot and expand their wireless broadband network, especially the 3G backbones and networks for higher penetration of coverage areas. Mobile operators, however, were reluctant to invest in the wireless broadband network due to uncertainty over the policy and regulations regarding for the allocation 4G frequency, expected to be launched during the next year.
P a g e | 79
Figure 54 Broadband Penetration per Household in Thailand (2003-2015) [52]
Due to the NBTC's market survey in 2014, the overall value of the Internet service market was estimated at ฿42,954 million baht with a 7% growth rate by 2013. In 2014, the market value, however, will be as high as ฿ 47,076 million, growing by 9.6% from 2013. The main driving force of this market came from the expansion of backbones and networks of Internet gateway to foreign countries and the availability of bandwidth for international connectivity that plays a part in lowing the prices of domestic connection. In addition, corporates and enterprises are now considering investments in cloud technology such as Infrastructure as a Service (IaaS) to strengthen their competitiveness while consumers are gaining more experience in using public cloud, especially for personal storage over the Internet. The introduction of cloud computing in turn raises demands for high speed bandwidth, especially in commercial zones at a regional level. As for Bangkok and vicinity, broadband Internet via ADSL has almost reached its saturation point while, however, mobile Internet is on the rise.
Cloud Computing Adoption
In Thailand, cloud computing users could be categorized into two groups: large enterprises and SMEs. The approach to adopt cloud computing in IT business transformation from traditional to cloud computing infrastructure and services can also divided into 3 cases: (1) To use specific tools and applications. In this case, small service provider have chance to reach niche market more than major provider; (2) To use cloud service that can integrate with the organization's IT system. In this way, cloud aggregator and vendor will have opportunity to access the corporates
P a g e | 80
more than cloud providers; and (3) to use more than one type of cloud services or hybrid cloud both of cloud infrastructure and cloud platform. In this case, enterprise will look for cloud service aggregator which can combine various types of cloud services (IaaS, PaaS, SaaS and BpaaS). Therefore, major providers who have economies of scope will take more advantage for this case.
With respect to analysis cloud computing adoption by business size, large-scale enterprise and SMEs, each group has different requirements for cloud computing services as summarized in Table 7.
Table 3 Cloud computing service deployment models by size of business
Business size Service requirements Deployment models
Enterprise Requires warranty for data and network security, with huge budget for the service and in-house IT personnel.
IaaS: Private Cloud
SaaS: Private Cloud
Medium Requires customized system suitable for company-specific businesses operations with a real time management system.
SaaS: Private Cloud
IaaS: Public Cloud
Small Employs cloud computing to reduce operational costs, improve workflow and remove concerns over IT management.
SaaS: Public Cloud
IaaS: Public Cloud
Remark: an analysis based on local service provider and domestic cloud user.
Source: Ministry of Information and Communication Technology, 2013
P a g e | 81
As shown in the table, large enterprises show great potential as cloud computing users in all aspects, including investment budget, understanding of the service, and IT personnel. However, this type of clients requires over-the-top data and network security. Their existing IT systems are also complex and thus difficult to transfer onto the cloud, especially the public cloud. For these reasons, the enterprise’s change to the cloud tends to be slower than that of small businesses with less complex IT systems and strong incentives to switch to cloud in order to cut their IT expenses. As for the medium-sized businesses, customized software suitable for their business operations as well as development of specific applications for their internal use are most crucial. Lastly, the smallest-sized businesses tend to move to the public cloud to reduce operational costs, improve work flow and remove concerns over IT management.
Furthermore, users in different vertical sectors have different expectations of cloud computing both of deployment model and add-on requirements. For example, healthcare users often make use of public cloud for basic office applications while banking users prefer a private cloud. However, the early adopter for cloud technology in vertical sectors can defined as telecommunications and finance, trade (both of wholesale and retail), logistic, and education sectors.
Considering the cloud computing market conditions, cloud computing market is dominated by Software as a Service (SaaS) which several domestic providers in place, most of which are SMEs. Infrastructure as a Service (IaaS), on the other hand, tends to be offered by major domestic cloud enterprises. Most IaaS service providers in Thailand appear to have transformed their service model from that of data center to IaaS. It is also worth noting that Thailand's domestic market remains devoid of local Platform as a Service (PaaS) providers. Most local users of PaaS rely on the service from multinational companies (MNCs).
For the last few years, the development of the IaaS market appears to be more mature than other cloud computing service models. The IaaS market structure is considered as an oligopoly market that transform from data center business. Hence, telecommunication operators and major computer service providers has adapted their strategy to claim IaaS market share from international service providers. Nonetheless, the ability of major service providers to reach SME users is not as good as that of small providers that have been offering web hosting services, as the niche customer base of these web hosting service providers is SMEs, especially which are outside of Bangkok. Many web hosting service providers have become increasingly interested in IaaS provision but their low investment budget have set limits to their IaaS offering.
Currently, the IaaS adoption is mainly devoting to private cloud due to a data security concern, at the same time service providers try to expand their service to hybrid cloud and public
P a g e | 82
cloud but still struggle with service provision and management, particularly in the areas of usage metering and billing. Within the next 1-2 years, cloud providers will expand their cloud services to platform service both in terms of cloud platforms and the various mobile platforms even at this stage none of the local IaaS providers in Thailand has a tendency to venture into providing PaaS.
As for the PaaS in Thailand is dominated by international PaaS providers. A local providers do not fully commercial launch their service in terms of a lack of expertise in cloud platform. Thailand's cloud service maturity remains in an initial state where most cloud service provision is an add-on service to the providers' existing services or core businesses. Nonetheless, PaaS usage in Thailand divides into two categories; business tools and developer tools. Large service providers have greater expertise in cloud platform development for multi-tenant platform based on an interoperability between various cloud deployments. Local cloud providers, on the other hand, are an early stage to develop cloud platform using open source tools. PaaS need a high technology expertise as well as a business process experience using a large amount of investment. The reliability and security of the cloud infrastructure is also another important factor to consider to use PaaS including cloud standardization which is developing concept and provision.
With respect to the SaaS market, as mentioned above, the majority of local providers of software as a service in Thailand are SMEs, which can be further classified into 2 groups: start-up businesses, comprising Independent Software Vendors (ISVs) that have recently emerged in this line of business and well-established software and application development companies that are mostly medium-sized (or larger) businesses. For the expansion to cloud computing provision, the former group of SaaS providers appears to have greater agility to transform their provision model. This advantage results from the compact size of their businesses, which means that the internal management within the organization is less complex than that of the bigger businesses in the latter category. The startup SaaS providers favour in PaaS provided by foreign providers because local providers have not yet achieved the required capacities, particularly in terms of flexibility and scalability, to provide a supportive service platform for developing customized software.
Government Policies Related to Cloud Computing
National policies related to the promotion of cloud computing fall under the responsibility of the Ministry of Information and Communications Technology (MICT), under which the ICT Industry Promotion Bureau takes care of the promotion of the country’s ICT industry as a whole; the Electronic Government Agency (EGA) is the key agency responsible for the implementation of government cloud services; the Software Industry Promotion Agency (SIPA) is responsible for
P a g e | 83
promoting Thailand’s software industry; and the Electronic Transactions Development Agency (ETDA) handles the development related to electronic transactions. Therefore, it can be said that the comprehensive coverage of policy functions by these agencies has contributed to the development of cloud computing in the country. However, access to information about supportive government policy remains a challenge to businesses. Not many know of existing cloud computing promotion measures, including SIPA’s cloud business promotion through joint ventures or grants (SaaS and other cloud services included); SME loans through the SME Bank for SMEs to use domestic software products; and an IT promotion measure introduced by the Department of Industrial Promotion to encourage the use of IT for SMEs, for instance.
Despite all these efforts to promote the provision and adoption of cloud computing, the existing legal infrastructure remains a worrying issue for Thailand. Service providers perceive the Computer Crime Act B.E. 2550 to be disruptive and inconsistent with current cloud computing practice. With cloud, the data that these providers are required to store by the Act will amount to the level of Big Data, adding more challenges for providers to inspect it. However, the Act specifies that any service provider intentionally supporting or consenting to a crime involving dissemination or forwarding of forged or false computer data in a manner that is likely to cause damage to a third party or the public or to the country’s security or data of a pornographic nature shall be subject to the same penalty as that of a person committing the crime. This section of the law has strong negative effects on public cloud service provision, especially in the areas of video streaming and social network applications on cloud infrastructure.
5.7. Vietnam
Information and Communication Technology (ICT) Development
Vietnam is one of the major emerging markets of ASEAN and one of the drive forces of its growth has been the expansion in ICT infrastructure especially mobile network. In the last few years, mobile subscribers in Vietnam has continuously enlarged and reached 130.9% of penetration rate in 2013. In the meanwhile, the country domestic mobile network has grown rapidly, fixed line network development are less impressive. Despite the fact that fixed line network has existed in national broadband initiative since 2000s, and even though it is one of the first parts of the sector where government supported ICT development program. The penetration of fixed broadband internet subscribers (per 100 inhabitants) is 5.6% as of 2013, while wireless broadband grows at 18.8% penetration rate. Therefore, Vietnam has one of the low ratios of fixed line to mobile subscribers in ASEAN as shown in Figure 28. Recently, IDC predicts that ICT spending in Vietnam projects a
P a g e | 84
growth rate of 15.5% in 2014, following a modest growth of 8.4% in 2013. The total ICT market in Vietnam is expected to reach US$13.05 billion in 2014. If market forecast materializes, Vietnam will be among the top ICT spenders in Asia/Pacific in 2014[53].
Figure 55 ICT Development in Vietnam (2013) Source: ITU (2013)
The rate of ICT penetration, however, increased rapidly, especially mobile phone penetration as mentioned above, and also internet penetration has swiftly grown, at a consistent pace, increasing from 26.55% in 2009 to 37% in 2013 ( Figure 61) [54]. As for the robustness of an internet ecosystem, the internet user population in Vietnam has exceeded 35 million since 2011. The Vietnam E-Commerce and Information Technology Agency (VECITA) revealed some patterns of internet users, of which 92% accessed the internet on a daily basis to read news and email and even interact with social networks [55]. Compared to other ASEAN member countries, its performance of ICT development is outstanding catching up in ICT penetrations (mobile phone, internet and broadband penetration).
Figure 56: Internet Users in Vietnam (2009-2013) Source: Vietnam White Book 2014
P a g e | 85
Cloud Computing Adoption
Cloud computing enables internet users, through digital networks, to access on demand, a scalable and elastic pool of data storage and processing resources. According to the Information Economy Report 2013[56], cloud computing can offer the reduction cost on IT spending, scalability, flexibility and mobility. It is apparent that the advantages provided by cloud computing are particularly valuable for developing countries and small businesses to enclose their gap. Even though cloud computing adoption is expected to be a next wave trend in the years to come, in 2014 Vietnam’s cloud readiness remained modest, compared to other countries in the region. Based on the Cloud Readiness Index 2014, Vietnam is ranked at the lowest place among the ASEAN economies, with lagging behind other countries on privacy, IP protection, and business sophistication.
According to ACCA's report, The Asia Pacific SME Cloud Computing Attractiveness Index 2015[57] revealed that Vietnam is one of the emerging market for cloud computing, especially for large enterprises as the MNCs are early adopter for cloud computing usage in Vietnam, of which across the areas of insurance, IT, real estate and other finance areas. In addition to the report, top three of the industries that have a tendency to adopt cloud computing are commerce (both of wholesale and retail), banking and financial institutions, and tourism and hospitality services. As for cloud computing usage, there are 4.5 million cloud accounts to be established in 2014 estimated to be 25% of businesses that can be note as the immediate potential for cloud computing adoption while 5% of which already subscribed to use cloud computing. Besides, cloud computing is becoming a top priority with up to 83% of Vietnamese enterprises considering cloud computing as a key focus and 67% indicating that cloud computing has a significant influence on their businesses.
VMWare Cloud Index 2013 revealed that 39% of Vietnamese IT enterprises already adopted cloud computing and around 83% responded that cloud technology would have significant impact on their operations [58]. Furthermore, the PasserellesNumériques Vietnam (PNV) [59], the IT market consultant, illustrated a survey result for cloud adoption that not much different form VMWare, with 41% of enterprise currently use cloud technology, of which 75% use IaaS, 50% use SaaS and 42% use PaaS as shown in Figure 62.
P a g e | 86
Figure 57Cloud Computing Usage Source: PasserellesNumériques Vietnam
In the meantime cloud service providers in Vietnam are major cloud companies such as IBM, Google and Microsoft. Telco companies are also collaborating with those global firms to offer computing technology-based services utilizing an advantages of mobile broadband infrastructure. As for cloud computing is considering as the key accelerator for domestic businesses, its government encourages cloud computing investment through joint venture model while promote local cloud service providers launching their services based on open cloud operating system as CloudLinux OS.
In terms of demand driver to use cloud computing can be summarized as follows: (1) E-commerce trend is growing rapidly propelling cloud computing usage particularly in SME, (2) Most of businesses utilize cloud basic services such as email at the initial stage and then expanding into collaborative uses such as interacting real time collaboration and integration with the company's social network, and (3) Skill training bundling with cloud services is the key success for cloud service providers.
Government Policies Related to Cloud Computing
The Ministry of Information and Communications (MIC) of the Socialist Republic of Vietnam plays an important role both of policy maker and regulatory body related to ICT and cloud computing areas. Since 2005, MIC had established national master plan and strategy on development of information and communication technology of Vietnam to 2010 and orientations toward 2020[60]. Then in 2010, it had announced the national program on information technology application in the operations of state agencies during the period 2011-2015[61]. As for the government program directly promote a domestic
P a g e | 87
cloud computing adoption in Vietnam can divided to 2 main strategies. Firstly, Vietnam has planned to boost its competitiveness and business capability with digital technology through IT Park Initiative following the national strategy on transforming Vietnam into an advanced ICT country commenced in 2010[62]. Secondly, it can be noted that Vietnam is one of the country in the region where government opens its domestic market for MNCs through joint venture scheme sealing the technology gap.
Vietnamese government has also undertaken various initiatives to support cloud computing ecosystem and boosting demand in the country. It has formed a committee on e-government in 2013 and has awarded a contract to IBM to provide cloud platform for government or G-cloud, and also established the IBM Cloud Lab for the universities and research institutions to help the country leverage the power of cloud computing across the public and private sectors [63]. Simultaneously, the Ministry of Natural Resources and the Environment has started using IBM CloudBurst technology to integrate data relating to Vietnam’s resources and environment. It has claimed that it has realized 20% cost saving by virtualizing their IT infrastructure. Not only collaboration with private company, but also MIC has jointly developed cloud-based academic programs, which offer training courses, tools, and best practices with other government agencies, the Ministry of Education and Training and the Ministry of Science and Technology, for instance.
6. Conclusions and Policy Recommendations
The report has identified the situation of cloud computing usage and development in individual ASEAN country as well as provided comparative analysis on important factors. Government policies, legal framework, and initiatives are highlighted. However, as Cloud Computing is borderless in nature, ASEAN should start the discussion on the collective efforts/initiatives which might boost up Cloud Computing for the region as a whole.
To sum up, issues which need to be looked at on national and regional levels include:
Infrastructure: A strive for a complete universal broadband service is fundamental for cloud computing provision and deployment. As for legal infrastructure, there are numerous issues demanding attention, particularly data protection; IPR and cyber-crime acts. There is also an on-going policy debate on such subjects as localization rules in each country. In addition, there is a need to identify specific rules and regulations for data security on cloud infrastructure in data sensitive sectors, such as finance and healthcare.
P a g e | 88
Strategy development: Since cloud computing provision relies heavily on economies of scale, small providers tend to find it challenging to compete in the market. It is therefore important for each country to find and devote necessary resources and attention to strengthen its niche, namely its vertical sector. The government will need to promote and support local service providers in order for them to become more competitive in the market.
Cloud industry promotion and demand boost: ASEAN may promote its cloud industry by using government cloud as an exemplar for cloud service provision in order to generate awareness and boost adoption among potential users in the private sector. Besides, ASEAN countries can learn from the best practice from developing countries or even Singapore in order how to encourage cloud adoption throughout the promotion scheme to boost both service demands and supplies of cloud computing.
Research and human resource development: A strategic plan for cloud computing research and development is needed in order to effectively respond to issues concerning cloud computing deployment and service models. Moreover, the emerging countries need to develop a long-term human resource plan to ensure that there will be sufficient suppliers of specialists in cloud computing development in the coming future. This plan needs to include incentives to attract more highly skilled workers into the industry throughout this long-term development process.
I. Preliminary Current Status: the main challenges
Based on ACCA Cloud Readiness and BSA Scorecard, there is a serious lack of information on Cloud Computing in ASEAN. The study, therefore, faces a daunting task to obtain required information. Without strong collaboration among ASEAN countries, it is deemed impossible to complete the task meaningfully.
BSA (2013) ASEAN (2014)
Rank Score Rank Score
Singapore 5 78.5 4 74.8
P a g e | 89
Malaysia 13 69.5 8 66.2
Thailand 23 44 9 59.3
Philippines Na. Na. 10 56.1
Indonesia 21 48.4 12 52.4
Vietnam 24 40.1 14 47.8
Cambodia Na. Na. Na. Na.
Laos Na. Na. Na. Na.
Myanmar Na. Na. Na. Na.
Brunei Na. Na. Na. Na.
7. Appendix
List of questions that evaluating cloud sector consensus standards for standards selection:
Applicability of standard
Is it clear who should use the standard and for what applications?
How does the standard fit into the Federal Enterprise Architecture (FEA)?
What was done to investigate viable alternative standards (i.e., due diligence) before
selecting this standard?
Availability of standard
Is the standard published and publicly available?
Is a copy of the standard free or must it be purchased?
Are there any licensing requirements for using the standard?
Completeness of standard
To what degree does the candidate standard define and cover the key features necessary
to support the specific E-Gov functional area or service?
Implementations on standard
P a g e | 90
Does the standard have strong support in the commercial marketplace?
What commercial products exist for this standard?
Are there products from different vendors in the market to implement this standard?
Are there any existing or planned mechanisms to assess conformity of implementations
to the standard?
Interoperability of implementations
How does this standard provide users the ability to access applications and services
through web services?
What are the existing or planned mechanisms to assess the interoperability of different
vendor implementations?
Legal considerations
Are there any patent assertions made to this standard?
Are there any IPR assertions that will hinder USG distribution of the standard?
Maturity of standard
How technically mature is the standard?
Is the underlying technology of the standard well-understood (e.g., a reference model is
well-defined, appropriate concepts of the technology are in widespread use, the
technology may have been in use for many years, a formal mathematical model is
defined, etc.)?
Is the standard based upon technology that has not been well-defined and may be
relatively new?
Source of standard
What standards body developed and now maintains this standard?
Is this standard a de jure or de facto national or international standard?
Is there an open process for revising or amending this standard?
Stability of standard
P a g e | 91
How long has this standard been used?
Is the standard stable (e.g., its technical content is mature)?
Are major revisions or amendments in progress that will affect backward compatibility
with the approved standard?
When is the estimated completion date for the next version?
7.1 Security Standards Mapping
P a g e | 92
7.2 Interoperability Standards Mapping
7.3 Portability Standards Mapping
7.4 Use Case Analysis
P a g e | 93
There are several facets of cloud service interfaces that are candidates for standardization
including:
Management APIs;
Data Exchange Formats;
Federated Identity and Security Policy APIs;
Resource Descriptions; and
Data Storage APIs.
With these candidate areas in mind, the following business use cases can be analyzed with regard
to their possible deployment modes to identify required standards. This analysis, in conjunction
with the NIST Cloud Standards Inventory, enables the availability of relevant existing and emerging
standards to be evaluated. Where no suitable standards of any kind exist, this is a gap. As part of
this use case analysis, the priority of the standards or requirements in question is also identified.
7.4.1 Use Case: Creating, accessing, updating, deleting data objects in clouds
Benefits: Cross-cloud applications.
Deployment Mode Considerations: Basic Create-Read-Update-Delete (CRUD) operations on data
objects will primarily be done between a single client and provider, and should observe any
required standards for authentication and authorization.
Standardizations Needed: Standard interfaces to metadata and data objects
Possible Standards: CDMI from SNIA
7.4.2 Use Case: Moving VMs and virtual appliances between clouds
Benefits: Migration, Hybrid Clouds, Disaster Recovery, Cloud bursting
Deployment Mode Considerations: When moving a VM out of one cloud and into another as two
separate actions, conceivably two different ID management systems could be used. When moving
VMs in a truly hybrid cloud, however, federated ID management standards will be needed.
Standardizations Needed: Common VM description form
Possible Standards: OVF from DMTF; OpenID, Oauth
P a g e | 94
7.4.3 Use Case: Selecting the best IaaS cloud vendor, public or private
Benefits: Provide cost-effective reliable deployments
Deployment Mode Considerations: When considering hybrid or distributed (inter)cloud
deployments, uniform and consistent resource, performance, and policy descriptions are needed.
Standardizations Needed: Resource and performance requirements description languages.
Possible Standards: For basic resource descriptions, DMTF CIM and OGF GLUE are candidates.
Other, more extensive description languages for performance or policy enforcement are to be
determined.
7.4.4 Use Case: Portable tools for monitoring and managing clouds
Benefits: Simplifies operations as opposed to individual tools for each cloud
Deployment Mode Considerations: Monitoring and managing are separate but closely related
tasks. The standards required will differ depending on whether the monitoring and managing must
be done across trust boundaries or across distributed environments.
Standardizations Needed: Standard monitoring and management interfaces to IaaS resources
Possible Standards: Basic monitoring standards exist, such as the Syslog Protocol (IETF RFC 5424),
which can be used with the Transport Layer Security (TLS) Transport Mapping for Syslog (IETF RFC
5 4 25 ) . Basic management standards include the Cloud Management WG from DMTF, and OCCI
from OGF.
7.4.5 Use Case: Moving data between clouds
Benefits: Migration between Clouds, cross-cloud application and B2B integration
Deployment Mode Considerations: Migrating data from one cloud to another in two separate
moves through the client is a simpler case. Migrating data directly from one cloud to another will
require standards for federated identity, delegation of trust, and secure, third-party data transfers.
Standardizations Needed: Standard metadata/data formats for movement between clouds
Standardized query languages (e.g., for NoSQL for IaaS)
Possible Standards: AS4, OAGIS, NoSQL, GridFTP
7.4.6 Use Case: Single sign-on access to multiple clouds
P a g e | 95
Benefits: Simplified access, Cross-cloud applications
Deployment Mode Considerations: Single sign-on can mean using the same credentials to access
different clouds independently at different times. Single sign-on to access an inter-cloud
application that spans multiple clouds will require federated identity management, delegation of
trust, and virtual organizations.
Standardizations Needed: Federated identity, authorization, and virtual organizations
Possible Standards: OpenID, OAuth, SAML, WS-Federation and WS-Trust, CSA outputs; Virtual
Organization Management System (VOMS) is under development at OGF.
7.4.7 Use Case: Orchestrated processes across clouds and Enterprise Systems
Benefits: Direct support for necessarily distributed systems
Deployment Mode Considerations: This use case is inherently distributed and across trust
boundaries. This can be generally termed federated resource management and is a central
concept in the grid computing community. The term inter-cloud can also be used to denote this
concept.
Standardizations Needed: To address this use case completely, an entire set of capabilities
need to be standardized, e.g.,
Infrastructure services ;
Execution Management services ;
Data services ;
Resource Management services ;
Security services;
Self-management services; and
Information services.
Possible Standards: SOA standards (such as WS-I) and grid standards (such as the OGSA WSRF
Basic Profile, OGF GFD-R-P.072) exist that cover these areas, but issues around stateful resources,
callbacks/notifications, and remote content lifetime management has caused these to be
eclipsed by the simplicity of Representational State Transfer (REST). Hence, standard, REST-based
versions of these capabilities must be developed. Such work is being done in several
P a g e | 96
organizations, including the IEEE. DMTF and OGF. The OGF Distributed Computing Infrastructure
Federations Working Group (DCI Federal [DCIfed]-WG) is addressing two usage scenarios: (1 )
delegation of workload from one domain into the other, covering job description, submission, and
monitoring; and (2) leasing of resources, including resource definition, provisioning, and monitoring.
Existing standards to support this include WS-Agreement, Job Submission Description Language,
GLUE, OGSA Basic Execution Service, OCCI, and Usage Record. Specific business application data
formats may be supported by OAGIS. Workflow and workflow engines will also need
standardization and adoption in the cloud arena. BPEL is one existing standard but extensions
might be needed to efficiently support scientific and engineering workflows.
7.4.8 Use Case: Discovering cloud resources
Benefits: Selection of appropriate clouds for applications Deployment Mode Considerations: To
support inter-cloud resource discovery, secure federated catalog standards are needed.
Standardizations Needed: Description languages for available resources, Catalog interfaces
Possible Standards: This use case actually requires two areas of standardization: (1 ) description
languages for the resources to be discovered, and (2) the discovery APIs for the discovery process
itself. Some existing standards and tools cover both areas.
RDF is a standard formalism for describing resources as triples consisting of subject-predicate-
object. The Dublin Core is a small, fundamental set of text elements for describing resources of
all types. It is commonly expressed in RDF. Since the Dublin Core is a “core” set, it is intended
to be extensible for a broad range of application domains.
Such work is being pursued by the Dublin Core Metadata Initiative. ebXML Registry Information
Model (ebRIM) actually defines both a description language and a discovery method, ebXML
Registry Services (ebRS). ID-WSF also defines both a discovery information model and discovery
services that cover federated identity and access management. LDAP is an existing standard that
has been used to build catalogue and discovery services, but issues might occur with regards to
read vs. write optimization. UDDI is another existing standard from OASIS. A third existing standard
is CSW from OGC that uses ebRIM. While this was originally developed to support geospatial
applications, it is widely used in distributed catalogues that include services. All of these existing
standards need to be evaluated
7.4.9 Use Case: Evaluating SLAs and penalties
P a g e | 97
Benefits: Selection of appropriate cloud resources
Deployment Mode Considerations: SLAs will be primarily established between a single client and
provider, and should observe any required standards for authentication, authorization, and non-
repudiation. The need for SLAs between a single clients but across multiple providers will be
much less common. The difficulty in effectively implementing distributed SLAs will also
discourage their development.
Standardizations Needed: SLA description language
Possible Standards: WS-Agreement (GFD.1 0 7 ) defines a language and a protocol for advertising
the capabilities of service providers and creating agreements based on creational offers, and for
monitoring agreement compliance at runtime. This is supported by WS-Agreement Negotiation
(OGF), which defines a protocol for automated negotiation of offers, counter-offers, and terms of
agreements defined under WS-Agreement-based service agreements.
7.4.10 Use Case: Auditing clouds
Benefits: Ensure regulatory compliance. Verify information assurance.
Deployment Mode Considerations: Auditing will be done primarily between a single client and
provider, and should observe any required standards for authentication, authorization, integrity,
and non-repudiation.
Standardizations Needed: Auditing standards and verification check lists
Possible Standards: CSA Cloud Audit. Relevant informational work can be found in Guidelines for
Auditing Grid Certificate Authorities (OGF GFD.1 6 9 ) . Ongoing Roadmap analysis should track the
development of the standards and update the Standards Inventory as necessary.
8. References
1. Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L. and Leaf, D. (2012). NIST Cloud Computing Reference Architecture: Recommendations of the National Institute of Standards and Technology (Special Publication 500-292). CreateSpace Independent
P a g e | 98
Publishing Platform, USA. September 2011. Retrieved from http://bigdatawg.nist.gov/_uploadfiles/M0008_v1_7256814129.pdf
2. National Institute of Standards and Technology. (2013). NIST Cloud Computing Standards Roadmap (Special Publication 500-291, Version 2). U. S. Department of Commerce. July 2013. Retrieved from http://www.nist.gov/itl/cloud/upload/NIST_SP-500-291_Version-2_2013_June18_FINAL.pdf
3. Wilkes, L.(2011, June 13).Cloud Computing Reference Architectures, Models and Frameworks. Message posted to http://lwsoa.blogspot.com/2011/06/cloud-computing-reference-architectures.html
4. Distributed Management Task Force, Inc. (DMTF). (2010). Architecture for Managing Clouds. (Document Number: DSP-IS0102). Retrieved from http://www.dmtf.org/sites/default/files/standards/documents/DSP-IS0102_1.0.0.pdf
5. Cloud Security Alliance. (CSA). (2011). Security Guidance for Critical Areas of Focus in Cloud Computing V3.0. Retrieved from https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf
6. Internet Engineering Task Force (IETF). (2012). Cloud Reference Framework. Retrieved from http://tools.ietf.org/pdf/draft-khasnabish-cloud-reference-framework-02.pdf
7. Kak, A. (2013). IBM Cloud Computing Reference Architecture 3.0.Retrieved from https://www.ibm.com/developerworks/community/wikis/
8. Cisco White Paper. (2009). Cisco Cloud Computing - Data Center Strategy, Architecture, and Solutions. Retrieved from http://www.cisco.com/web/strategy/docs/gov/CiscoCloudComputing_WP.pdf
9. Oracle White Paper. (November 2012). Cloud Reference Architecture. Retrieved from http://www.oracle.com/technetwork/topics/entarch/oracle-wp-cloud-ref-arch-1883533.pdf
10. VMware Technical White Paper. VMware vCloudArchitecting a vCloud. Retrieved from http://www.vmware.com/files/pdf/VMware-Architecting-vCloud-WP.pdf
11. Amazon White Paper. (May 2010). Architecting for the Cloud: Best Practices. Retrieved fromhttp://aws.amazon.com/whitepapers/architecting-for-the-aws-cloud-best-practices/
12. Hui, K., (2013, Feb 8).Delivering the Cloud on a vBlock: a Story in Pictures. Message posted to http://cloudarchitectmusings.com/2013/02/08/delivering-the-cloud-on-a-vblock-a-story-in-pictures/
13. Chou, D.C., (2011, Jan 23).Designing for Cloud-Optimized Architecture. Message posted to http://blogs.msdn.com/b/dachou/archive/2011/01/23/designing-for-cloud-optimized-architecture.aspx
P a g e | 99
14. Cherkis, J., (2012, Feb 10). Three Factors Driving Cloud Adoption in Government. Message posted to http://www.microsoft.com/en-us/government/blogs/three-factors-driving-cloud-adoption-in-government/default.aspx#fbid=R6IEKtWSzT2
15. Lewin, K., (2009, Aug 3). Federal Cloud Computing Initiative Overview. Retrieved from http://www.slideshare.net/kvjacksn/federal-cloud-computing-initiative?related=1
16. Kundra, V., (2011, Feb 8). Federal Cloud Computing Strategy. Retrieved from http://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/federal-cloud-computing-strategy.pdf
17. The Federal Risk and Authorization Management Program (FedRAMP). Retrieved Dec 10, 2014 from http://cloud.cio.gov/fedramp
18. Malykhina, E., (2014, Aug 22). Five Early Cloud Adopters in Federal Government.Message posted to http://www.informationweek.com/government/cloud-computing/5-early-cloud-adopters-in-federal-government/d/d-id/1315911
19. UK Government G-Cloud. Retrieved Dec 10, 2014 from http://en.wikipedia.org/wiki/UK_Government_G-Cloud
20. Singapore Government Cloud. Retrieved Dec 10, 2014 from http://www.egov.gov.sg/egov-masterplans/egov-2015/programmes/cloud-computing-for-government
21. Thailand Electronic Government Cloud Model. Retrieved Dec 10, 2014 fromhttp://www.ega.or.th/Content.aspx?m_id=94
22. Establishing a Trusted Cloud Europe: Final Report. 2014)http://www.kowi.de/Portaldata/2/Resources/horizon2020/coop/Report-Establishing-trusted-cloud-Europe.pdf
23. Source: http://reports.webforum.org/global-information-technology-report-2015/structure-and-methodology. Retrieve on 17th May 2015.
24. Source: http://www.itu.int/net/pressoffice/press_releases/2014/68.aspx#.Vais70bhBs8, Retrieve on 10th May 2015.
25. Source: Council of Europe. (2001). Convention on Cybercrime CETS No.: 185. Budapest. Retrieved 14th May, 2015 from http://www.europarl.europa.eu/meetdocs/2014_2019/documents/libe/dv/7_conv_budapest_/7_conv_budapest_en.pdf
26. Source: ITU-T X.1205, Overview of cybersecurity, http://www.itu.in/en/ITU-T/studygroups/com17/pages/cybersecurity.aspx. Retrieve on 17th May 2015.
P a g e | 100
27. Oxford Business Group. (2013). The Report: Brunei Darussalam 2013. Retrieve 14th June 2015.
28. Brunei Information Technology Council (BIT). http://www.bit.gov.bn/eBrunei.html. Retrieve on 14th June 2015.
29. Source: http://www.egnc.gov.bn/Theme/index.aspx. Retrieve on 11st June 2015. 30. Source: www.egtab.gov.bn. Retrieve on 11st June 2015. 31. Source: http://www.bit.gov.bn/eBrunei.html 32. Source:
http://www.aiti.gov.bn/nationalbroadband/service_development_promotion/Pages/default.aspx. Retrieve on 11st June 2015.
33. Source: http://www.aiti.gov.bn/news/events/Pages/AITI-Grant-2014.aspx. Retrieve on 11st June 2015.
34. Source: https://citizenlab.org/2013/10/igf-2013-an-overview-of-indonesian-internet-infrastructure-and-governance/. Retrieve on 29th May 2015.
35. Source: http://www.apjii.or.id/v2/read/page/halaman-data/9/statistik.html. Retrieve on
29th May 2015.
36. VMWare. (2013). The VMWare Cloud Index 2013. Retrieve on 25th May 2015. From http://campaign.vmware.com/imgs/apac/templates/AP_Misc/VMware_Cloud_Index_2013_-_AP_Summary_Report%28for_web%29.pdf
37. Frost & Sullivan. (2013). The Rise of Cloud Computing in Indonesia. Retrieve on 27th May 2015.
38. Source: https://www.cloudswave.com/blog/the-growth-of-cloud-computing-in-emerging-asian-market/. Retrieve on 27th May 2015.
39. Source: http://www.indonesia.go.id/en/ministries/ministers/ministry-of-communication-
and-informatics/1663-profile/178-kementeriandepartemen-komunikasi-dan-
informatika.html. Retrieve on 29th May 2015.
40. Source: http://www.brti.or.id/. Retrieve on 29th May 2015.
41. Source: http://www.itu.int/ITU-D/treg/Events/Seminars/GSR/GSR08/Documents_presentations/Basuki_Yusuf_Iskandar.pdf. Retrieve on 29th May 2015
42. Ministry of Planning. (Oct, 2014). BAPPENAS Indonesia Broadband Plan 2014-2019. Retrieve from http://www.ictd-asp.org/usoforum/wp-content/uploads/2015/03/Session-2a-p2-MiraTayyiba-Indonesia-Broadband.pdf. Retrieve on 29th May 2015
P a g e | 101
43. Source: http://www.mosti.gov.my/wp-content/uploads/policy/ict-roadmap.pdf. Retrieve on 8th April 2015.
44. Source: http://www.kkmm.gov.my/index.php?option=com_content&view=article&id=292&Itemid=135&lang=en. Retrieve on 8th April 2015.
45. MOSTI. (2011). Blueprint for the implementation of Strategic ICT Roadmap for Malaysia Handbook. http://www.pikom.org.my/2014/Useful-Govt_Link/ICT_Roadmap_Handbook_MOSTI.pdf. Retrieve on 10th April 2015.
46. Source: http://www.mscmalaysia.my/cloud_sme. Retrieve on 10th April 2015. 47. Source: http://cloudnewsasia.com/2015/03/26/philippines-moves-up-to-become-3rd-
largest-smartphone-market-in-southeast-asia-cloud-cloudcomputing-philippines-mobile/. Retrieve on 26th April 2015.
48. Source: http://www.internetlivestats.com/internet-users/philippines/. Retrieve on 26th April 2015.
49. ACCA. (2014). The Asia Pacific SME Cloud Computing Attractiveness Index 2015. Retrieve on 16th May 2015.
50. Source: http://i.gov.ph/govcloud/about-govcloud/. Retrieve on 16th May 2015. 51. Source: http://www.pldt.com/news-center/article/2012/10/16/pldt-cloud-to-boost-local-
adoption-of-cloud-computing#.Vbzd9_nhBs8. Retrieve on 28thMay 2015. 52. Source: http://www.ncc.gov.ph/files/PDS.pdf. Retrieve on 28thMay 2015. 53. Source: http://i.gov.ph/govcloud/. Retrieve on 28thMay 2015. 54. Source: http://www.ncc.gov.ph/files/PDS.pdf. Retrieve on 28thMay 2015. 55. Source: http://www.egov.gov.sg/c/document_library/get_file?uuid=039cf31c-af0e-4236-
b96f-447d90d8e963&groupId=10157. Retrieve on 1st June 2015. 56. Source: http://www.ida.gov.sg/Tech-Scene-News/Facts-and-Figures/Infocomm-Usage-
Households-and-Individuals. Retrieve on 1st June 2015. 57. Source: http://www.ida.gov.sg/Tech-Scene-News/Facts-and-Figures/Infocomm-Usage-
Households-and-Individuals. Retrieve on 1st June 2015. 58. Source:
http://www.ida.gov.sg/~/media/Files/Infocomm%20Landscape/Facts%20and%20Figures/SurveyReport/2013/Infocomm_Industry_2013_Report.pdf. Retrieve on 1st June 2015.
59. Infocomm Development Authority. (2015). Cloud Computing in Singapore 2015 edition. Retrieve on 1st June 2015.
60. Source: http://www2.nbtc.go.th/TTID/Internet_market/penetration_per_household/. Retrieve 24th April 2015.
P a g e | 102
61. Source: http://www.idc.com/getdoc.jsp?containerId=prVN24549713. Retrieve on 27th May 2015.
62. Vietnam Whitebook 2014http://qtsc.com.vn/web/qtsc-english/vietnam-it-white-paper. Retrieve on 27th May 2015.
63. VECITA. (2014). Theresulsts of the Internet Users Survey. http://www.vecita.gov.vn/Home. Retrieve on 27th May 2015.
64. UNCTAD (2013). Information Economy Report 2013: The Cloud Economy and Developing Countries.New York: United Nations. Retrieve on 7th June 2015.
65. ACCA. (2014). The Asia Pacific SME Cloud Computing Attractiveness Index 2015.Retrieve on 7th June 2015.
66. VMWare. (2013). The VMWare Cloud Index 2013. Retrieve on 10th June 2015.from http://campaign.vmware.com/imgs/apac/templates/AP_Misc/VMware_Cloud_Index_2013_-_AP_Summary_Report%28for_web%29.pdf
67. Nabilla Sharil. PasserellesNumériques Vietnam. (2013). Danang IT Market Survey 2013. Retrieve on 10th June 2015. From http://www.passerellesnumeriques.org/vietnam/
68. Prime Minister’s Decision No. 246/2005/QD-TTg dated Oct 6th, 2005. Retrieve on 10th June 2015.
69. Prime Minister’s Decision No. 1605/QD-TTg dated Aug 27th, 2010. Retrieve on 10th June 2015.
70. Prime Minister’s Decision No. 1755/QD-TTg dated Sep 22nd, 2010. Retrieve on 10th June 2015.
71. IBM. (2013). IBM in Vietnam – An Overview. http://www-07.ibm.com/my/media/pdf/IBM-Brochure-Vietnam.pdf