Cloud Security , Geo Focus: Asia , Geo-Specific
Malaysia's Data Sovereignty Rules Drive Tech Investments
Microsoft, Google and Equinix Make Headway in Malaysia's Data Center RushTechnology giant Google has announced a $2 billion investment in a data center and a Google Cloud region in Malaysia, the latest in a major increase in data center investments in the region.
See Also: The Duality of AI: Enhancing and Securing Gen AI Models
Google Chief Financial Officer Ruth Porat said the Google investment supports the Malaysian government's Cloud First Policy that promotes skills development, industrial access to high-performance and low-latency services, and best-in-class cybersecurity standards for data stored and processed in the cloud.
Google said the investments will support 26,500 jobs by 2030 and contribute $3.2 billion to Malaysia's GDP. It will also help local businesses comply with data residency and compliance standards, including specific data storage requirements.
Google's announcement follows cloud rival Microsoft's announcement of plans to establish a hyperscale data center in Greater Kuala Lumpur to meet the Southeast Asian economy's data localization needs. Microsoft Malaysia Managing Director K. Raman said the data center region will "deliver trusted cloud services locally, with world-class data security, privacy and the ability to store data in-country."
According to market research firm Arizton Advisory & Intelligence, Malaysia is poised to become Southeast Asia's data center hub as Singapore is running out of space. Malaysia offers the best alternative, with plenty of undeveloped land and good fiber connectivity.
Since the beginning of t2024, several domestic and multinational enterprises have announced plans to set up large data centers in the country. U.S. data center giant Equinix opened two International Business Exchange data centers in March, Telekom Malaysia announced plans to build a new hyperscale data center to power AI workloads, Bridge Data Centers acquired land to build its third data center, and the World Bank's International Finance Corp. gave Yondr Group a $150 million loan to build a 72.5-acre data center at the Sedenak Tech Park in Johor Bahru.
Arizton expects Malaysia's data center market to grow at a CAGR of 13.92% and attract investments of up to $4 billion by 2029 even though the cost of building data centers in the country, which can reach $10 million per megawatt, makes it the most expensive market in the APAC region after Singapore and Jakarta.
The government's new Kuala Lumpur Smart City Master Plan 2021-2025, its Corporate Green Power Program and other programs will continue to incentivize data center giants to invest heavily in the country in the near future.
The government's recent push to assert greater control over data transferred and processed abroad has also sent a signal. Though the Personal Data Protection Law does not prohibit organizations from transferring citizens' personal data overseas, it requires them to obtain explicit consent from data owners and if that is not possible, to obtain the government's consent.
An official from Malaysia's Ministry of Communications said last year that the government has been introducing policies and frameworks to enact controls, protect the nation's digital sovereignty and ensure that organizations tighten their data security.
The government also has launched a centralized online government database, named the Publicly Accessible Data Universe - or PADU - where it plans to store about 29 million citizens' names, demographic details, addresses, income details, banking records, debts, properties and investments - information that can help the government provide aid and subsidies based on socioeconomic profiles of citizens.
Minister of Economy Rafizi Ramli, who spearheaded the initiative, said the government will make every effort to keep the database secure, will not allow access to it from outside the country, and will apply the Official Secrets Act and the Computer Crimes Act to stored information and associated hardware (see: Malaysia Passes Cybersecurity Law as Privacy Concerns Grow).
The government passed the Cyber Security Act 2024 in March to replace legacy data security laws such as the Personal Data Protection Act 2010, the Police Act 1967 and the Malaysian Communications and Multimedia Commission 1988 as overarching legislation dedicated to cybersecurity. The law seeks to plug critical loopholes in existing cybersecurity-related laws, such as the lack of requirements for organizations to report cybersecurity incidents to authorities.