“e-Solid”: Constraints to Cloud Come-up, under the Current Nigerian System & Status-Quo.

April 12, 2013

Comment in the discussion chain: Data Centers and Disaster Recovery in Nigeria.

Started by moderator Christopher Odutola of the Linked in group: Cloud Computing, Virtualization and Disaster Recovery in Nigeria.

Online: http://www.linkedin.com/groups/Data-Centers-Disaster-Recovery-in-3785575.S.43550562?view=&srchtype=discussedNews&gid=3785575&item=43550562&type=member&trk=eml-anet_dig-b_pd-pmt-cn&ut=1tsF8girXdkBI1

**********

Thank you, all for your highly knowledgeable and astute comments in this discussion so far.  We all know that as Nijas, we have the talent and we have the skills to get things done – as you all show.  However … na conditions!!  I think 6 factors need to be addressed to some extent before the cloud can gain more credibility and traction in Nigeria, and even in Africa, and become “e-Solid”.

“E”nergy is number one.  Data centers need cooling (especially below the equator), and drives need energy to spin, access memory, and provide those virtual instances.  The idea of generators in series has merit, but I would say turbines are better – with all the natural gas we have flaring.  I always wonder why none of our unemployed Engineers have built scalable and modular mini-re refineries that can be used in the Niger Delta instead of all these open air burns; as used to feed or as combined with, modular and scalable mini-power stations.  We do have the labour, craftsmen, engineers, and natural resources.  Perhaps some of your banking and industrial contacts can be interested in seed funding.  Such machines will get plenty of interest in similarly challenged parts of the world.  It will take quite an effort to string functioning power lines everywhere, or bury them where there are already more people than spare ground.  I think localized modularity is the way to go, as opposed to regional and national power grids.

“S”ecurity has many facets.  One the one hand, it is the day to day matter of traveling to work while avoiding roadblocks, armed robbers, militants or les beaucoup-harmers, and drivers of trucks with no brakes, or of buses full of people and tankers full of petroleum or chemicals, who are not in their right minds due to some substance or other.  The 24/7 nature of IT will require people to travel back and forth at odd times,  unless you are there on 7-12 day on, and 7-12 day off shifts, or something like that.  Even then, you will have to switch-out at some point, and face the travel hazards.  The other facet of security is data security.  Are the sys-admins selling off data sniffed in transit; is the data entirely managed within Nigeria or are portions of the cloud external and therefore subjecting the data to the laws and sniffing of other jurisdictions; are Nigerians adequately protected from identity theft and loss of funds in the case of financial data transfers through the cloud?  These are all areas where Nigerian laws are pretty far behind, due to other priorities of our dear leaders – state and federal, and legislators.

“O”versight is also highly important.   There are a plethora of regulatory bodies, associations, commissions, and parastatals in Nigeria that have overlapping and complementary functions.  When people in position wake and realize that there is money to be made from taxing, regulating, and licensing the cloud, there will be a rush to assert jurisdiction.  Will it be from NCC (due to communications), CBN (due to financial transactions in the cloud), FRSC (due to data transportation on the information highway), NIMASA for the undersea telecommunications cables, each and every state government (due to data center location), EFCC (due to the potential problems within their competence), or any combination of the security agencies, due to the potential national security implications.  How easily can the Corporate Affairs Commission define which of the above types of business the CSP/CSV is engaging in, and how many lawsuits, pleas to the President, and examples public rudeness and misbehavior at the highest levels will Nigerian have to endure from those many competing regulatory interests?  I think a massive rationalization and realignment of Nigeria’s regulatory landscape is long overdue, but it may not happen while there are so many who benefit from the current alphabet soup of a conjoint twin octopus at a grand buffet, still eating to their heart’s content.  Other countries have established central fora, fusion centers, and similar councils where many bodies work together for the same goal.  In our case, that may take some time to achieve.

“L”egal is the logical follow-on, here.  There can be a self-regulatory body established for cloud service providers that enforces standards amongst peers, coordinates training and best practices, and works to lobby the government where and when needed.  Or, providers in the space can continue to work independently and accept whatever laws and regulations – no matter how contradictory, policy-somersault-laden, or otherwise non-conducive to sane and sustained business – are handed down from above.  Tips can be taken from what transpires with regard to the cloud outside Nigeria, but we should not be so fast to adopt things full force, that might not quite fit with our unique context.  We have seen many examples of this, as well as cases where countries accepted Constitutions and laws drafted by outsiders that were just plain wrong.

For example, the Warsaw Convention limits liability to air carriers in the case of a lost luggage, persons, or goods.  The Hamburg Rules perform a similar function with regard to carriage of goods by sea.  Those work well and are generally accepted for important service industries, when coupled with insurance.  Obviously, some lawyers can always be found to sue, despite the caps!  Attitudes change, however, when the protection is given to specialized industries and interests.  You have for example the Nuclear Liability Act in Canada, and the Price-Anderson Nuclear Industries Indemnity Act, in the United States – both limiting the liability of civilian nuclear installations for any incidents.  Most recently, on top of the refusal or inability of the United States Food and Drug Administration to force the labeling of genetically modified foods and food ingredients, President Obama still signed a Monsanto Protection Act on March 28, 2013 – http://rt.com/usa/monsanto-bill-blunt-agriculture-006/.

A time may well come when the cloud industry becomes so large and all-pervasive that it will merit similar protections for all the data breach and failings we see with it in the western world – the first adopters.  However, if this happens in Nigeria before deposit insurance is taken and managed seriously (towards fewer vanishing premiums), a national identity system is firmly in place (towards fewer unusually expensive ghost workers), and business insurance and industry best practices are firmly adhered to, someone may pull a Cyprus without the government involvement.  The supposedly un-hackable Bitcoin was recently pilfered, and government should not help itself to personal bank accounts just because someone tells it to.  If the industry itself is protected, but the protection is not there or woefully inadequate for customers/consumers, some major problems could very well result.

“I”nfrastructure also needs a lot of work – whether roads and rails, buildings within which mobiles may or may not function, encryption and security of data in transit against SQL insertion and other malware exploits, and a lot more attention to such basic security as keeping programs and systems patched and up to date.  BYOD can mean both bring your own device and bring your own destruction, depending on what the device owner is knowingly or unknowingly carrying within it, or something to which the device attaches.  It is no secret that many government websites in Africa (not just Nigeria) are Trojan-laden.  This needs to be fixed, before Nations are cut-off from the outside and just go dark, due to the increasingly powerful antivirus and anti-malware programs that just block access to swathes of e-Estate, due to the real or alleged vulnerabilities that they represent.  Come on, guys and gals, we need to be able to reach you …. and there is no guarantee that VOIP will remain unaffected.  I cannot count the number of times that my system has refused to go somewhere – somewhere legitimate thank you – and then, I had to decide whether or not to disable the meguard and go there anyway.  This trend is already well-underway.  Even with all or most of the cell towers up, there should be backups in hard lines and satellites, because towers can still be taken down.  We need to get our act together and put in the kind of backup and redundancy of critical infrastructure that gives people a greater sense of confidence that things will work and continue to work when they are needed most.   With the near total absence of landlines, what happens to emergency calls when the cloud-based cellular service goes down?  Our infrastructure needs some serious work if we are to have the necessary bandwidth for greater cloud uptake (by SMBEs and conglomerates), deployment (in SaaS, PaaS, and IaaS configurations), and uptake (by the public and the powers that be); along with the other deficiencies here identified.

“D”isaster prevention, planning, response, and recovery is an obviously-ignored competence at the higher levels in Nigeria, due to the abundance of buildings and homes in flood plains – recurrently lost; the lack of an organized, national ambulance and air and water ambulance service – let alone fully-equipped, staffed, and functioning medical and dental facilities and pharmacies; poor attention to building standards, and road and rail traffic, maritime, and aviation vessel quality and facility maintenance; and the preponderant fire brigade approach with promises and prayers when things go horribly wrong.  Even where the cloud is proprietary, such as the example of your own VM instance on campus or at work, commonsense and best practices still advise the use in any combination, of off-cloud backup (such as having your digital photos both in the cloud and on a physical USB stick that can create a mirror collection with rapid and relative ease – so long as not corrupted or lost), a substitute or backup cloud (such as also storing them in another location and with another vendor,  perhaps as sent email attachments due to the current almost unlimited email storage capacity), offsite backup (on a portable hard drive at a second physical location), and perhaps physical hardcopy prints that can be laboriously scanned and uploaded, again, if and when all else fails.  Multiple redundancies are keys to data availability, reliability, and replicability, and all of the above need to be addressed before that can be more fully guaranteed with the appropriate high-uptime SLAs.

 

SUMMARY:

In summary, unless the Nigerian cloud industry members, vendors, and workers want to be misled by the kind of absentee and not quite technically competent as it is supposed to be or claims to be leadership that has characterized so much of our experience in recent memory, they (and other like-minded professional bodies tired of waiting to be disappointed, yet again), will step-up to take the lead in their own best professional and practical interests, and the interests of all Nigerians at home, abroad, and as yet unborn, to organize, strategize, and familiarize themselves with global best practices, apply only what makes most sense with regard to local idiosyncrasies, and work to build local workarounds and custom solutions to the Nigerian situation that can waylay & workaround the kind of Bigman and Bigwoman jealousy, grandstanding, and other examples of feferity and insincerity that I alluded to above; better insulating their businesses from marauders to make them e-Solid.

That’s my N 100;

I hope it helps.

************************************************************************

Author:

Ekundayo George is a sociologist and a lawyer, with over a decade of legal experience including business law and counseling (business formation, outsourcing, commercial leasing, healthcare privacy, Cloud applications, social media, and Cybersecurity); diverse litigation, as well as ADR; and regulatory practice (planning and zoning, environmental controls, landlord and tenant, and GRC – governance, risk, and compliance investigations, audits, and counseling) in both Canada and the United States.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S.A.). Please See: http://www.ogalaws.com

He is an experienced strategic and management consultant; sourcing, managing, and delivering on high stakes, strategic projects with multiple stakeholders and multidisciplinary teams.  Please See: http://www.simprime-ca.com

Backed by courses in management, organizational behaviour, and micro-organizational behaviour, Mr. George is also a writer, tweeter and blogger (as time permits), and a published author in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”), in whole or in part for their content, or their accuracy, or their availability.

This article does not constitute legal advice or create any lawyer-client relationship.

Advertisements

2 Responses to ““e-Solid”: Constraints to Cloud Come-up, under the Current Nigerian System & Status-Quo.”

  1. christopher odutola Says:

    I agree with all the points. I would like to see the data protection act mature as well as sustainable power generation and awareness campaigns by the few CSPs that we already have.

    • Ogalaws Says:

      Thank you, Christopher. I see from the forum that great strides are already being taken here and there, despite the very real challenges. There are members doing concerted research on cloud applications in distance education, cloud security, and cloud trust/adoption levels. As the Nigerian Cloud industry matures and CSPs come together to develop and systematize best practices, focus on their common needs in terms of infrastructure, insurance, regulatory supports and so forth, and as they themselves better educate the public, then I think the field will settle-down. The state and federal government’s can be encouraged to move in the right direction, but sometimes they do, sometimes they don’t, and sometimes they do but then their successors go sideways …. its a work in progress.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: