Security concerns bedevil Chinese outsourcing
U.S. companies might hesitate to send IT work to China in light of new reports on cyberespionage programs there.
Computerworld - China's plan to create a substantial outsourcing industry was hit with another blow last month with the release of a report that laid bare, in ways never seen before, the extent of the security risks of working in the country.
Ten years ago, there was wide expectation that China would emerge as India's top competitor in the third-party IT services provider market. Since then, China has created an outsourcing industry, but it certainly hasn't thrived.
Jimit Arora, a vice president at business consultancy Everest Group, puts the value of China's IT and business process outsourcing (BPO) market today in the $4 billion to $5 billion range. That figure amounts to about half the annual revenue of Tata Consultancy Services, which is just one of India's large IT services companies.
But from that small base, Arora expects China's IT services and BPO market to grow at a rate of 20% to 25% a year.
That projection comes as security firm Mandiant and the White House released separate reports outlining significant security risks facing companies that do business in China.
The Mandiant report identifies the Chinese military as a main instigator of cyberattacks on U.S. companies. And a White House analysis of theft of trade secrets makes numerous references to China.
Mandiant contends that a unit of the People's Liberation Army (PLA) of China is behind a systematic cyberespionage campaign against the U.S. and several other countries that has gone on since at least 2006. Working out of a 130,663-square-foot building in Shanghai, the PLA unit has likely accessed data at more than 140 companies in countries considered strategic by China, according to the firm's report.
Andy Sealock, a partner at consulting firm Pace Harmon, said the reports add evidence to confirm "what many people already assumed was happening." The security risks of working with China have long been "priced into" the decision-making processes of U.S. companies, he said.
With the release of the two reports, it's less likely that companies that are on the fence will send IT work to China. "This will just strengthen their resolve to stay away," said Arora.
Sealock suggested that the latest findings may prompt the U.S. government to "institute policies and sanctions that will make it more difficult to do business with China."
Security experts warn that several other countries, notably Russia, also have government-run cyberespionage programs targeting U.S. companies in a wide range of industries.
Intelligence reports dating back to 2005 have consistently warned that the U.S. is a target of economic espionage undertaken by state-sponsored entities around the world.
Nonetheless, said James Slaby, a security analyst at HFS Research, as long as companies follow best practices for securing data, outsourcing to China leads to only "nominally more risks."
Basic security practices "are more important than thinking about where you are physically located," he said.
Daniel Castro, an analyst at the Information Technology & Innovation Foundation, said it's unlikely that most "businesses will rethink their offshoring decisions because of the Mandiant report."
However, he warned, "they should all be taking a close look at their risk exposure and mitigation measures for these types of threats."
This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.
Read more about Government/Industries in Computerworld's Government/Industries Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Manufacturing Outlook: Improving time to market, operational effectiveness and innovation in a highly competitive environment An enterprise project portfolio management solution can help manufacturers position themselves in the new competitive landscape.
- Time-to-Market: The Need for Speed in the Automotive Industry Bringing new vehicles to market quickly has never been more challenging. To bring new models to market on-time and on budget, automakers need...
- Patient Portals: A Platform for Connecting Communities of Care Connecting patient health data across the care continuum is essential to achieve improved care, increased access to personal health records and lowered costs.
- 3 Ways Clinicians Can Leverage a Patient Portal to Craft a Healthcare Community With a bevy of vendors offering patient portal solutions, it can be challenging for a hospital to know where to start. Fortunately, YourCareCommunity...
- Make or Break: New Auto Products Must Go To Market On Time This Webcast quantifies the value of time to market for the auto industry and highlights how Primavera Enterprise Portfolio Management can help organizations.
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to... All Government/Industries White Papers | Webcasts