Remi Adejumo, the Managing Director of Cloudflex Computing Services, in this interview with EHIME ALEX, speaks on issues surrounding data localisation, enforcement and lots of data sitting out Nigeria
Cloud-based solutions are becoming popular in Nigeria. However, not many people know how it works. How can a layman easily understand it?
When you buy a server, you have to provide the infrastructure that goes with it – the cooling, networking and power. There must be constant power. This is, sometimes, difficult for some organisations because providing enough power for computing is not easy. You also need to have qualified staff that will be able to look after the server 24/7.
Cloud computing basically means that you are sitting on somebody’s infrastructure and only have to worry about connecting to the server and doing your work. This is opposed to having to set up the whole infrastructure yourself. This is the difference between on-premise server and cloud server. Also, the fact that nobody knows the location of your server means that you have added security.
You made a good point that there is popularity in the cloud. This came with the Coronavirus Disease era, when there was uncertainty, lockdown and restriction, which made it very difficult for individuals to manage their infrastructure. Another aspect with the server is that you are paying what we call ‘the carpet’, which means you are buying it right and tying up funds for the next five years.
In cloud computing, you pay monthly and you only pay for what you use. But as you increase your space, you increase the cost. Overall, you could save up to 70 per cent of the total cost of ownership. So, moving from on-premise into the cloud saves you about 70 per cent of user cost.
How reliable are data centres in Nigeria, considering the frequency of power outages?
It is one of the things that come to people’s minds. The first thing they think is, how can it be possible to give us power? Basically, a lot of data centres generate their own power, either by gas or diesel generator or by having multiple sources of power. Part of that, too, is to ensure that the power is uninterrupted. Now, think of a data centre like Rack Centre, which has been operating for seven years and has not had one second of downtime. It is one of the large data centres with some key customers and they have been able to keep it going. The ability to do that is because of the economy of scale. It is providing power for a large number of people – which is quite cost-effective – and distribute the cost among its customers.
Looking at data security, what are your major concerns as an expert?
Security is a joint responsibility. I am the cloud platform while you are the customer accessing your data. Using an analogy of a room; let us say I am renting your room and you are asking me how secure the room is. I say, if we lock the room and do not let anybody into it, the room is as secure as anything else in the world. But because you are going in and out of the room, every time you open the door, there is a risk. That risk is more on you than on the cloud provider. Just to give you a practical example of that, there are people who are involved in ransomware and all sorts, spying on your data and password, which they can use against you. That can come from the fact that you received a phishing mail and the minute you click on it, it runs the script, which gives them access to your system. They call it a ‘Trojan Horse’. What they have done is that they have gained access to your system. It is more likely to get an intruder from you (the customer) than me (the provider) because we have more control than you. We have more knowledge to spot intruders more easily than you had and we won’t allow such. So, that is the edge; that is what happens when people’s systems are intruded on.
The other thing is that, naturally, a cloud platform is extremely secure. Somebody, who wants your data as a customer, does not know where your data is hosted. Even if they know the data centre and where those computers are, they cannot pick-point the exact one that houses your data. This makes it very difficult for them to get to you, as opposed to when you have the server in your premises, which they know and can access. That is the difference in terms of security. On top of that is the tendency that in-house people and other things go on where your servers are; but in a cloud platform, they have no business with where your servers are and will never get near. This is what makes the cloud platform far more secure.
Most importantly, there is encryption now. Encryption means that the data that is flowing between you and your endpoint are protected. Even I, your host or landlord on the cloud platform, cannot see your data and cannot do anything about it. That is the beauty! I cannot see your data, even if I wanted to. Unless I have your key, I cannot get to your data and it is impossible for me to get your key.
How are local cloud solutions providers leveraging the Nigerian National Broadband Plan of 2020-2025?
This framework does not affect us directly. We have other policies and documents that are more related to data. I just realised that I did not fully answer your question because you were asking about the security of data. Apart from the physical security, there are other aspects like data localisation and sovereignty.
The legal authority on your data is dependent on where the data sits. If the data sits outside Nigeria, it means that the Nigerian regulatory authorities have no jurisdiction over your data. That is quite an important gap, a fact which I believe needs to be closed up, otherwise it is going to create a lot more problems. For instance, the government is investigating and wants to get to a particular data and that data sits outside Nigeria where they cannot get to it. The problem today is that we have no legislation to enforce data localisation, which is important to protect both our intellectual properties and our personal data as well as to protect the country. At the moment, this is a big problem that needs to be legislated on, so that it can be enforced, and we can have comfort and be under the care of the Nigerian legal system or authority.
What other regulatory frameworks are supporting cloud infrastructure solutions in Nigeria?
First of all, we have the Nigerian Data Protection Regulation, which just talks about the fact that data is owned by the owner and you cannot touch or take their data without their permission. In the world today, there is a conflict in this. For example, America has two laws: the Patriot Act and the Cloud Act. The former, a post-9/11 Act, came as a fact that the Americans wanted to be more proactive in preventing any terrorist act or anything that endangers them. The Cloud Act is more advanced and brings the data up-to-date because of their advancement in technology. Basically, the Americans are saying, ‘we can get data irrespective of where it is, as long as it is seated within America.’ The General Data Protection Regulation, which is the European Union’s equivalent of NPDR, says that data belongs to the owner and you can touch the data without the owner’s permission. These two are in conflict, although conversations are on to try and find a way of having a middle ground.
For us in Nigeria, when the NDPR was promulgated, it did not have any legal backing; hence not enforceable. The GDPR, on the other hand, is enforceable and has legal backing. This is what is missing in Nigeria, the legal backing to the data protection that the data belongs to the owner and which is quite important to enforce. Beyond that, from our point of view, a lot of data are sitting outside Nigeria, even government’s data. That is a problem because it means that the government is putting sensitive data outside the country, which is outside its control or outside its legal framework. It means, in the event of dispute, it is powerless to do anything.
As an expert, is there any other issue you would like to add?
First, the key thing is that when somebody like myself, who is in the cloud business, goes on about the fact of legal framework and enforcing it, people think it is purely a financial sort of motivation. But it is not! What we are looking at is to say to ourselves, we want Nigeria to develop. You cannot develop if the money you are supposed to be spending in Nigeria you are spending it abroad. That is the basic fact. If you spend the money in Nigeria, it goes round to develop us. Our development is stunted at the moment, simply because of what we can describe as capital flight. Sometimes, people think that you are being dramatic about it. But it is so important, and I feel that there are many more key things that need to be done by the practitioners, business owners and the authorities to ensure growth in our country. That is a key gap. We won’t have sufficient growth if we are putting potential investment funds outside Nigeria. This is something I am passionate about. I am passionate about Nigeria, and not as a cloud platform or that of making money. I am passionate about the development of Nigeria, which I would like to see grow faster, especially at this time of a depressed economy. We need every help we can get to turn around the fortunes of the economy and see it real good.
