Due to its sheer size and economic power, China has the potential to be a huge cloud computing market.
But there are many obstacles to overcome. A new report examines these problems and the relationship between China and the US, whilst a big Chinese telco has announced overseas cloud expansion. Where now for China and the cloud?
A report released earlier this month on behalf of the US-China Economic and Security Review Commission (USCESRC) has warned of potential security concerns if the US consumer market for Chinese cloud computing services grows.
The paper, prepared by Defense Group Incorporated, noted in particular the inherent risks of collaboration between foreign firms and Chinese companies offering cloud services, jeopardising the foreign partner’s information security.
Yet the report is quick to ensure the security problems of public clouds aren’t used as a brush to tar China unnecessarily.
“If Chinese public cloud infrastructure were ever to become unusually popular for [offensive cyber operations], it would likely be due to a relative lack of oversight and lax enforcement of rules governing users’ conduct by Chinese service providers, not due to Chinese cloud infrastructure being more ‘weaponised’ than equivalent services in other countries,” the report notes.
This crossroads has come about due to the expansive growth of China’s cloud computing industry – or, more specifically, how it came about.
The researchers note how Chinese companies have benefited from a “transfer of knowledge” from foreign cloud computing firms, who at the same time are not able to compete in the domestic consumer market due to strict government controls, leading to partnerships with companies such as IBM, Microsoft and Eucalyptus.
Yet the market is still behind the US on the world stage, as well as its geographical neighbours.
Back in November, the Asia Cloud Computing Association (ACCA) put China at a lowly 10th out of 14 Asia Pacific nations, with Japan being ranked the most cloud ready nation.
China scored lowest on data sovereignty and broadband connectivity, whilst scoring half of Japan’s total on international connectivity. Not surprisingly, these are three issues given big prominence in the USCESRC paper. But what other factors are involved?
Why China’s market struggles
There are a plethora of reasons why China’s cloud computing uptake lags behind the US. Chief of these is a worry over data security, with the MIIT (Ministry of Industry and Information Technology) also noting “systematic weaknesses”, such as lack of innovation and core technology, in China’s integrated circuit industries.
The report also examines the differences between how the US and China define cloud computing.
The NIST (National Institute of Standards and Technology) definition gives five key tenets for cloud deployment: on-demand self service; broad network access; resource pooling; rapid elasticity; and measured service.
However, the MIIT, in a whitepaper, missed out on-demand self service as a definition. China’s Telecommunications Research Institute only has three deployment models.
Although the report admits this isn’t in line with expert opinion, what does seem apparent are the strained relations by different administrative groups in China attaining a standardised definition of cloud computing.
CSPs, as a result, can’t get a look in when divulging their expertise in creating a standards process – the report notes “limited and inadequate opportunities to participate” for the major providers.
This lack of technical standard, as well as limited Internet speed and a “distrust of foreign technology” paints a pretty sorry picture.
Yet the researchers admit that China is aware of these issues, as seen by recent reports.
And it’s not a one-way street; a report last year from CCW Research claimed that China was only utilising one fifth of its cloud computing capabilities. Given the majority of usage in China is through private clouds, this is an interesting statistic.
It’s worth noting there are some China-US cloud relations; but most of this is small-scale. The researchers state that whilst there has been an upturn in recent years, most notably IBM and HP conducting R&D towards the Chinese domestic market, regulatory trends mean that this will continue to remain niche “for the foreseeable future”.
The security risks
The report examines the overall security landscape, and concludes that while most US-China relationships are not a large security risk, there is still cause for concern.
In particular, the report cites a deal between Eucalyptus and the China Electronic Technology Group Corporation 32nd Research Insitute (CETC 32nd RI), which is alleged to have links to the People’s Liberation Army, albeit “only acknowledged in Chinese sources.”
However it’s worth noting, as the report duly acknowledges, that the reason for the partnership is unclear, despite concern over Chinese news reports noting that CETC 32nd RI has been provided with the “full source code for its enterprise-level products”.
The report also discusses Microsoft’s deal with 21Vianet, which will tentatively allow 21Vianet’s mainland data centres in China to be fully integrated with Microsoft’s global cloud network.
The researchers conclude that the primary reason this would occur is to further penetrate the domestic market, rather than store customer data.
Yet the issue still remains. The report also notes the Chinese government’s “incredibly broad powers” for information requests from companies “operating within its borders”, although adding there has been no tangible proof of the government using this power.
ZTE’s going in the opposite direction
What makes this even more interesting is that ZTE, one of the world’s largest telcos, is looking to increase its cloud computing arsenal overseas.
ZTE cloud computing general manager Zhu Jinyun told Reuters that he was expecting cloud and enterprise to comprise 10% of the company’s overall revenues, up from 7% last year.
Zhu told the agency that there were no security concerns with ZTE, which last year along with Huawei was hauled before a US House Intelligence Committee to answer questions regarding alleged national security fears.
“We have been in overseas markets for about 20 years and if there is a problem, we would have been discovered,” he said.
It will be interesting to note how far ZTE’s overseas cloud push goes. But a thought occurs that the big Chinese vendors may be better placed in helping out their country’s own infrastructure first.
The market for cloud computing in China, if properly exploited, could be massively bigger than anything we’ve seen so far in the most developed markets. But there’s a big if – and this report will hopefully be the first step at putting these problems in a wider context.
The full 59-page report can be found here. What do you make of the paper’s findings?