Data Centers and Cyber Security
More needs to be done on cybersecurity, while the government is set to ease data center requirements
By Tellisa Ramadhani
Wednesday, September 27, 2017
The Indonesian government has long been pushing foreign companies trading here to open data centers onshore. Government Regulation No. 82 of 2012 on the Organization of Electronic Systems and Transactions requires the establishment of a data center and disaster management site within Indonesian territory.
Critics are unsure if Indonesia is ready to accommodate what is required in the regulation. Infrastructure and data protection and safety are major considerations for many industries in establishing the centers, particularly for the financial sector.
Ardi Sutedja, Chairman of the Indonesia Cyber Security Forum, believes data centers are at the starting point here, with 15-18 data centers located in Indonesia. Alibaba is also said to be opening a cloud data center in Indonesia.
However, Indonesia still has much homework to be done to create a sophisticated system for data organization. Cyber security in Indonesia is still perceived as fragile. Inge Halim, Country Manager Financial Services Sector at IBM Indonesia, speaking at AmCham Indonesia’s Financial Services and Fintech Mission said that Indonesia’s financial services sector is prone to cyber attacks from Eastern European countries, and she urged Indonesia to elevate its efforts to increase national cyber security.
The mission included a series of meetings with government officials, under the US-Indonesia Investment Initiative 2017, organized by AmCham Indonesia and the US Chamber of Commerce.
Indonesia, said Ardi, has a huge talent pool, but it needs more preparation for the data privacy industry. Data privacy is such a sensitive sector and needs accountable people with good character to be involved. For example, Internet penetration in Indonesia is pretty high, but most Internet users are accessing the service on their mobile phones with prepaid cards, which are very easy to obtain with no identity checks.
Ardi said Indonesians need to nurture four values to be able to reach digital transformation and be prepared for the cyber security challenges: there needs to be an anticipative and preventive culture that means Indonesian talent needs to be able to think ahead instead of just solving existing problems; the value of security and safety; a collaborative or cooperation culture needs to be nurtured to put aside egos; and lastly, there needs to be an information sharing culture within communities.
The implementation of the government regulation needs collaborative efforts across all stakeholders. Risk management can no longer just fall under the jurisdiction of law enforcement, it must also become the responsibility of the users.
The first step to be able to work with the regulation and its implementation is getting a thorough understanding of the meaning of cyber security: know the cyber environment and physical environment — think before taking any action; and try to embrace a preventive culture, so in the end it is not about disaster management but more about disaster prevention.
Indonesia is also taking steps to shield itself from cyber attacks.
“We are in the process of establishing the National Cyber Security Agency which will be ready by 2018,” said Rudiantara, Minister of Information and Communication Technology (ICT), at one of the mission’s meetings. Rudiantara says his office is transferring the archive, and providing some of the personnel, systems and budget.
He also said that the government will amend the requirements of data centers, and such centers will no longer be mandatory for all sectors.
“It’s up to the sectors if data centers need to be established on the ground here,” he said, meaning the decision is with the line ministries.
“If the sector is strategic and important for the state, then data centers are mandatory.”