Sri Lanka developing cloud and data governance strategies

Following the recent issue of an RFP for a vendor to implement the Sri Lanka Digital Identity (SL-UDI), the country is actively seeking contributions from both local cloud infrastructure providers and global hyperscalers to develop its next-generation cloud infrastructure under the country’s digital strategy.

Dr. Hans Wijayasuriya, Chief Adviser to the President on Digital Economy, underscored the importance of leveraging public cloud aptitudes for cost efficiency and security, noting that the investment and technical skill of large cloud providers are unmatched. However, he also highlighted the necessity of creating a local cloud infrastructure to manage certain categories of data that must stay within the country.

The intended cloud infrastructure will include a combination of residential, sovereign, and public elements. Dr. Wijayasuriya explained that “sovereign” refers to a cloud environment where the government holds the keys, even if the data is stored in a different jurisdiction under a data embassy arrangement. This system will facilitate the classification of data, permitting the application of different layers of sovereignty based on how sensitive the date is.

The government began conceptualizing a government sovereign cloud earlier this year and explained at the time that maintaining the sovereignty and security of the sensitive biometric and biographical data involved in its national digital ID program has been an often-repeated concern.

“We need a sovereign cloud for the country which can meet all local and international security standards. We are currently in discussions with potential parties, to establish a mechanism for all qualified local and international players to participate in the cloud setup process,” Sanjaya Karunasena, director of the Information Communication Technology Agency of Sri Lanka (ICTA) told Biometric Update in February.

The government is now developing a cloud policy that addresses both residency and sovereignty, along with a national data governance strategy. This strategy will involve classifying data according to security levels—high security, sensitive, less secure, or public—across various sectors, with government and private institutions like banks and telecommunications. Such classifications will inform policies concerning data storage, defining what data must remain onshore, what can be managed in a sovereign environment, and how to realize the cost advantages of public cloud services.

The plan for a National Data Exchange (NDX), which would work with Sri Lanka’s cloud, was also detailed earlier in February. In addition to the data exchange, key components of Sri Lanka’s digital infrastructure include the Sri Lanka Unique Digital Identity and an eLocker system for digital credentials.

Sri Lanka’s Information and Communication Technology Agency (ICTA) is developing the National Data Exchange.  The NDX is one of the major components of the country’s  digital public infrastructure and it will enable seamless sharing of data among government agencies, departments, and stakeholders to improve collaboration and decision-making.

Sri Lanka is aiming for a fivefold growth in its digital economy over the next five years, with a strong emphasis on advanced technologies such as AI, the Internet of Things, and cloud computing to drive economic development.

Article Topics

biometric data  |  cloud computing  |  data exchange platform  |  data sharing  |  national ID  |  SL-UDI  |  Sri Lanka  |  Sri Lanka National Data Exchange (NDX)