Kokhanevich Artem, CEO at GigaCloud

 

Corruption is a good old friend of any bureaucracy. Modern digital tools minimize the interaction of people and information, they actually reduce the chance of corruption risks itself. At the same time, the bureaucratic system is struggling by all means against any sign of modernity, scared to lose such a familiar “feeder”.

In fact, all the above is the reason the bill 2655 “About Cloud Services”, prepared by the Ministry of Digital Transformation, couldn't even get to the first reading for a long time.

The “budget cuts” schemes that officials are got used to when purchasing server equipment at overpriced prices may disappear if the government agencies are allowed to use the cloud services of private providers. And with them, dozens, or even hundreds of paper copies of various documents, for which hectares of Ukrainian forest are cut down annually, will also disappear. Queues in reception rooms, created by the need to “scan and print” the next copy of the certificate for further hand-to-hand transfer and final storage on the archive shelf until better times, will disappear.

In order to carry out all of the above, the Ministry of Digital Transformation suggested implementing the so-called Cloud First principle, which determines the priority in purchasing cloud services for government agencies instead of their own server equipment. It also suggested introducing certain requirements for cloud service providers themselves, designed to guarantee the high quality and security of services provided to the state.

The first point caused the expected resistance of computer equipment scalpers. They have something to lose - corruption-kickback schemes while purchasing servers for state needs are estimated at hundreds of millions of hryvnias. Meanwhile, private cloud operators are able to give higher standards for digital infrastructure security, uninterrupted access and resource management flexibility than public company servers.

The officials call the server equipment of state-owned companies, purchased dozens of years ago, an alternative to work in the cloud. Such hardware is far behind in performance and reliability, it often fails, and the specialists who know how everything works in these system protocols twenty years out of date cannot be found.

The second point is already argued by the cloud service providers themselves, because this market in Ukraine is quite vast and heterogeneous in structure - only a third part of it belongs to national cloud providers, the rest is large foreign corporations.

State representatives comment on the bill very restrained. But even they do not deny that the law field in which the cloud business operates in Ukraine really needs settlement. And most of the comments on the text are easily removed by finalizing the wording in preparing the bill for a second reading.

Why do Ukrainian officials need cloud computing?

The answer to this question lies on the surface - the point is to simplify and speed up their work, which naturally leads to an improvement in public services for ordinary citizens. One of the key advantages of cloud technologies over traditional infrastructure is that clouds allow standardization of applied solutions. The benefits of standardization have long been understood by commercial structures: today, the situation when sales and marketing departments of the same company introduce different CRM systems is banally impossible. Standardization is one of the most common ways in business to optimize processes, resulting in significant cost savings and high-speed of launching new services.

And once again, an example: the problem with the recent data leak, which “Diya” was accused of, in fact, is the non-standardized “zoo of registries” that exists in our country today. Many of these registries do not fulfill the requirements of not just security, but also basic common sense. And some companies, due to their outdated infrastructure, are physically unable to securely store not only client information, but also their own data. For example, at the end of June 2019, the Ukrainian Cyber   Alliance published and sent to law enforcement agencies information on the critical data from a number of state-owned enterprises and even the water supply systems of Ukrainian cities which was indeed vulnerable to hackers.

The bill 2665 puts forward requirements for standardizing the activities of cloud service providers working with the state, guaranteeing provision of truly high-quality IT services and the safety of personal data. Developed countries that have implemented the Cloud First strategy have not just adopted the relevant law. They developed a large package of regulatory documents with requirements for operators and introduced mandatory certification for admission of cloud services operators to work with the government agencies. The Ukrainian system for regulating the cloud market, which exists today, does not contain such norms at all.

Therefore, the "cloud" bill situation suits all possible participants in the "invisible corruption front." Equipment sellers keep up the things as they are. Small cloud providers (not willing to invest in the development of a secure infrastructure) keep the ability to receive government orders. The state pretends that the problem does not exist, partially relieving itself of the responsibility for the future of IT services and the safety of personal data of its citizens.

No law, no problem. A situation familiar from other industries, isn't it?