The Government of Pakistan (GOP) has issued the Pakistan Cloud First Policy. The policy applies to all ministries, their attached departments, and public sector entities of the GOP (PSEs).
The objectives that the policy aims to achieve, inter alia, include improved public service delivery, increased transparency, enhanced information security, recourses optimization, and reduced carbon footprint.
The policy requires the PSEs to consider cloud solutions as the preferred option for their ICT procurements. A PSE that desires to employ a solution not based on cloud deployment or to set up a private cloud must satisfy certain stringent requirements and obtain the required approval.
The policy divides government data into the following five classes: open data, public data, restricted data, sensitive/confidential data, and secret data.
Four cloud deployment models are envisaged under the policy. These are public cloud, government cloud, private cloud, and hybrid cloud. The preferred cloud service models listed in the policy, in order of priority, are Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
A public cloud can be located within or outside Pakistan, and its resources can be shared by any number of individuals or entities from the public and private sectors. A public cloud can be used to store open data or public data. A public cloud can be owned, managed, and operated by a private sector entity.
A government cloud must be physically located in Pakistan. The resources of the government cloud can be shared among PSEs. A government cloud can be used to store restricted government data, sensitive/confidential government data, and secret government data. A government cloud can be owned, managed, and operated by a private sector entity.
A private cloud must also be physically located in Pakistan. The resources of a private cloud are exclusively dedicated to one PSE . A private cloud can be used to store secret government data. A private cloud can be owned, managed, and operated by the PSE, a third party, or both.
To act as a cloud service provider for government data, the private sector entity must be registered or accredited with the Cloud Office to be set up by the GOP. Registration is required for the deployment of a public cloud to host open data. Accreditation is required for the deployment of a public cloud, government cloud, private cloud, or hybrid cloud to host public data, restricted data, sensitive/confidential data, or secret data. There are different accreditation levels depending on the nature of government data to be stored on the cloud, and the security measures required to be deployed by the cloud service provider.
The policy, coupled with the recent tax incentives announced by the government for the IT companies, presents exciting business opportunities for domestic and foreign investors.