Is it now crazy to offshore IT to China?
Mandiant report citing Chinese government's role in cyberattacks might give more pause to some U.S. companies
Computerworld - China has for years been developing an IT outsourcing industry aimed at bringing in business from the U.S. and Europe. It has succeeded, but then again it hasn't thrived and now may face more barriers.
China's IT and business process outsourcing (BPO) market today is in the range of $4 billion to $5 billion.
The total outsourcing revenue there is about half that generated by just one of India's largest IT companies, Tata Consultancy Services, said Jimit Arora, a vice president at Everest Group, a consulting and research firm.
China's IT service and BPO market is expected to grow annually by 20% to 25%, but that growth is off a small base, said Arora.
Ten years ago, there was wide expectation that China would emerge as India's top threat in the IT services outsourcing business. Those expectations have been thwarted largely due to language issues and ongoing security concerns, say analysts.
China's job building an IT and BPO outsourcing industry may have just gotten harder.
The blow-by-blow details of Chinese government espionage that arrived this week in a report by security firm Mandiant, lay bare, in ways never seen before, the extent of the security risks of working with China.
The Mandiant report draws a straight line to the Chinese military as a main instigator of cyberattacks on U.S. companies.
Meanwhile, the White House this week released a report with details on trade secret theft that makes numerous references to China, amplifying the extent of the problem.
Andy Sealock, a partner at consulting firm Pace Harmon, said the concerns about the security risks of outsourcing to China are already "priced into" and considered in the decision making process of U.S. companies. The latest revelations add more evidence to "what many people already assumed was happening," he said.
A potential wild card is the U.S. response, if any, to the latest developments, analysts said.
"This onslaught of espionage targeting U.S. technologies is constant and unwavering," said the White House in its report on mitigating the theft of U.S. trade secrets. Such attacks are increasing, concludes the White House.
Sealock said the U.S. may feel pressure "to make a public response to the threats and institute policies and sanctions that will make it more difficult to do business with China."
Companies opposed to offshoring to China may now be less likely to change their minds. "This will just strengthen their resolve to stay away" from China, said Arora.
For those companies considering China for outsourcing work, the "task has just become a bit harder," he said.
James Slaby, who directs the security practice at HFS Research, said companies aren't necessarily more at risk in China.
The security risks may be marginally greater there if the telecommunications equipment has been compromised with backdoors. How attacks on the equipment are mounted, though, is geographically independent, said Slaby.
The bottom line is that companies offshoring to China are "only embracing nominally more risks" as long as they are pursuing best practices to protect corporate data, said Slaby.
Deploying basic security practices, "are more important than thinking about where you are physically located," said Slaby.
Daniel Castro, an analyst at the Information Technology & Innovation Foundation, does not believe that "businesses will rethink their offshoring decisions because of the Mandiant report, but they should all be taking a close look at their risk exposure and mitigation measures for these types of threats."
Patrick Thibodeau covers SaaS and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld. Follow Patrick on Twitter at @DCgov, or subscribe to Patrick's RSS feed . His e-mail address is email@example.com.
- Syrian Electronic Army shanghais Microsoft's Twitter account, blog
- Is French outrage against U.S. spying misplaced?
- Lawmakers seek answers on Obamacare Data Hub security
- China-based hacking group behind hundreds of attacks on U.S. companies
- How to Prepare for a Potential Syrian Counterattack on the U.S. Power Grid
- New York Times site outage caused by attack on domain registrar, company says
- Cyber drills like Quantum Dawn 2 vital to security in financial sector
- Quantum Dawn 2 will test Wall Street's cyber readiness
- Pentagon accuses China of cyberattacks on U.S military, business targets
- Spamhaus attacks expose huge open DNS server dangers
Read more about Cyberwarfare in Computerworld's Cyberwarfare Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cyberwarfare White Papers | Webcasts