The Philippines has updated its cloud-first policy and suggested that in a post-pandemic world clouds should be just-about mandatory across government.
The revised policy [PDF] tidies up vague wording in the previous document by making it plain that all government agencies must consider the cloud first, either the nation’s own GovCloud or an external provider’s rig. Congress and the judiciary are explicitly named as strongly suggested to adopt the policy after being omitted last time around.
Even suppliers to Philippines government agencies must henceforth put cloud at the top of their shopping lists. Suppliers have also been given a new requirement to match international skills and certifications standards if they want to work with GovCloud, giving the revised policy an industry development angle.
But the policy is also aware that cloud doesn’t always mean a hyperscaler: it mentions private, hybrid and pure-play clouds as options to consider. Which is sensible as among the big five clouds on AWS has infrastructure in the nation, and even then only an edge location rather than a fully-fledged bit barn.
The policy also offers exceptions to cloud-first if an agency can show that an on-prem solution would be more secure, offer better features, be cheaper or make deployment easier. Data rated “Secret” or “Top Secret” must be stored on clouds located either on local soil or in spots like embassies where the Philippines can exercise sovereignty.
Intriguingly, the new policy took immediate effect upon publication “In view of the declared public health emergency and the imposition of enhanced community quarantine” imposed during the COVID-19 pandemic. That won’t stop sysadmins having to visit hardware that’s not yet in the cloud. But is an unusual justification for a policy. ®