SECURITY CHALLENGES OF CLOUD COMPUTING: A CRITICAL REVIEW OF THE NIGERIAN CLOUD COMPUTING POLICY

Abstract

The Nigerian government through National Information Technology Development Agency(NITDA)put out a cloud computing policy which is expected to ensure a 30% increase in the adoption of cloud computing by 2024 among Federal Public Institutions (FPIs) and Small medium enterprise (SMEs) which provide digital enabled services to the citizens (Pantami, 2019). Cloud computing is a growing paradigm that proffers new solutions on ways to deliver computing services and resources over the internet. These services are managed by third parties at remote site and subscribers’ pay for services and resources using a pay as you use model. Information and Communication Technology (ICT) professionals in Nigerian government agencies are concerned with the security challenges of cloud computing and a decline in cloud adoption may prevent the government from taking advantage of the fast-growing technology. Information gathered from related literature on cloud computing identified security challenges as a major factorlimiting its adoption in Nigeria. The security challenges limiting cloud computing adoption can be categorized into cyber security threats resulting to data loss and violation of privacy,cloud administrator and user account hijacking, lack of Regulatory body to handle cases of accountability between cloud service providers and users. This research critically reviewed the Nigerian cloud computing policy with regards to security. The purpose of reviewing the Nigerian cloud computing policy is to identify strategies NITDA used to avoid the security challenges of cloud computing through the cloud computing policy. The United Kingdom (UK) cloud computing policy (one government cloud strategy) was also reviewed to identify strategies used to avoid the security challenges of cloud computing. NITDA used data classification to implement information security in cloud computing environment. The Nigerian cloud computing policy also highlighted some standard compliance certification for cloud service providers to help enforce security. Data was classified into four categories as regards to security. National security information holds the highest priority while sensitive government or business/citizen data, routine government business data and public or non-confidential data follows with diminishing priority. NITDA categorized classified data into three groups: Routine government business data, sensitive business and citizen data and public/non-confidential data. Protecting this data requires the use of industry standard security on public cloud solutions. Protecting sensitive government or business/citizen data requires the use of a private or hybrid cloud solution with enhanced security controls. Protecting national security information requires custom hardened on-premises systems (local data center). Review of the United Kingdom cloud computing policy (one government cloud strategy) identified ways used to mitigate the security challenges of cloud computing in the UK, Nigerian cloud policies can be enhanced from the lessons learnt from the UK experiences.