Is it now crazy to offshore IT to China?
Mandiant report citing Chinese government's role in cyberattacks might give more pause to some U.S. companies
Computerworld - China has for years been developing an IT outsourcing industry aimed at bringing in business from the U.S. and Europe. It has succeeded, but then again it hasn't thrived and now may face more barriers.
China's IT and business process outsourcing (BPO) market today is in the range of $4 billion to $5 billion.
The total outsourcing revenue there is about half that generated by just one of India's largest IT companies, Tata Consultancy Services, said Jimit Arora, a vice president at Everest Group, a consulting and research firm.
China's IT service and BPO market is expected to grow annually by 20% to 25%, but that growth is off a small base, said Arora.
Ten years ago, there was wide expectation that China would emerge as India's top threat in the IT services outsourcing business. Those expectations have been thwarted largely due to language issues and ongoing security concerns, say analysts.
China's job building an IT and BPO outsourcing industry may have just gotten harder.
The blow-by-blow details of Chinese government espionage that arrived this week in a report by security firm Mandiant, lay bare, in ways never seen before, the extent of the security risks of working with China.
The Mandiant report draws a straight line to the Chinese military as a main instigator of cyberattacks on U.S. companies.
Meanwhile, the White House this week released a report with details on trade secret theft that makes numerous references to China, amplifying the extent of the problem.
Andy Sealock, a partner at consulting firm Pace Harmon, said the concerns about the security risks of outsourcing to China are already "priced into" and considered in the decision making process of U.S. companies. The latest revelations add more evidence to "what many people already assumed was happening," he said.
A potential wild card is the U.S. response, if any, to the latest developments, analysts said.
"This onslaught of espionage targeting U.S. technologies is constant and unwavering," said the White House in its report on mitigating the theft of U.S. trade secrets. Such attacks are increasing, concludes the White House.
Sealock said the U.S. may feel pressure "to make a public response to the threats and institute policies and sanctions that will make it more difficult to do business with China."
Companies opposed to offshoring to China may now be less likely to change their minds. "This will just strengthen their resolve to stay away" from China, said Arora.
For those companies considering China for outsourcing work, the "task has just become a bit harder," he said.
James Slaby, who directs the security practice at HFS Research, said companies aren't necessarily more at risk in China.
The security risks may be marginally greater there if the telecommunications equipment has been compromised with backdoors. How attacks on the equipment are mounted, though, is geographically independent, said Slaby.
The bottom line is that companies offshoring to China are "only embracing nominally more risks" as long as they are pursuing best practices to protect corporate data, said Slaby.
Deploying basic security practices, "are more important than thinking about where you are physically located," said Slaby.
Daniel Castro, an analyst at the Information Technology & Innovation Foundation, does not believe that "businesses will rethink their offshoring decisions because of the Mandiant report, but they should all be taking a close look at their risk exposure and mitigation measures for these types of threats."
Patrick Thibodeau covers SaaS and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld. Follow Patrick on Twitter at @DCgov, or subscribe to Patrick's RSS feed . His e-mail address is email@example.com.
- New docs show DHS was more worried about critical infrastructure flaw in '07 than it let on
- Needed: Breach detection correction
- Evan Schuman: Resurrection of Full Disclosure mailing list is great news, if you're not a cyberthief
- Cyberattacks could paralyze U.S., former defense chief warns
- Syrian Electronic Army shanghais Microsoft's Twitter account, blog
- Is French outrage against U.S. spying misplaced?
- Lawmakers seek answers on Obamacare Data Hub security
- China-based hacking group behind hundreds of attacks on U.S. companies
- How to Prepare for a Potential Syrian Counterattack on the U.S. Power Grid
- New York Times site outage caused by attack on domain registrar, company says
Read more about Cyberwarfare in Computerworld's Cyberwarfare Topic Center.
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- Platfora Big Data Analytics for Network Security Platfora amplifies the effectiveness of network security analysis, providing Big Data Analytics capability to augment existing security infrastructure for known threats, and advanced...
- Cloud Computing Drives IT and Business Agility Hybrid Cloud Accelerates Time to Value What is the main focus for IT in your organization - cost or agility? Many IT discussions today focus on cost controls rather...
- Infographic:10 Reasons to Choose vCloud Air Looking to create an agile, productive, and efficient IT environment? Read this simple infographic to learn about the benefits that VMware vCloud® Air™...
- Cloud BI in Action: Recorded Webinar of Customer, Kony, Inc. See how Kony, Inc., a leading enterprise mobility company, is using TIBCO Jaspersoft for Amazon Web Services and Redshift to achieve embedded analytics...
- Cloud BI Overview: Jaspersoft for AWS Check out this overview of Jaspersoft for AWS, to easily and affordably build business intelligence solutions as well as embed visualizations and analytics... All Cyberwarfare White Papers | Webcasts