Security Concerns Bedevil Chinese Outsourcing

U.S. companies might hesitate to send IT work to China in light of new reports on cyberespionage programs there.

By Jaikumar Vijayan, Patrick Thibodeau
Mon, March 11, 2013

Computerworld

China, security, outsourcing
China's plan to create a substantial outsourcing industry was hit with another blow last month with the release of a report that laid bare, in ways never seen before, the extent of the security risks of working in the country.

[Did China's Army Hack U.S. Companies?]

Ten years ago, there was wide expectation that China would emerge as India's top competitor in the third-party IT services provider market. Since then, China has created an outsourcing industry, but it certainly hasn't thrived.

Jimit Arora, a vice president at business consultancy Everest Group, puts the value of China's IT and business process outsourcing (BPO) market today in the $4 billion to $5 billion range. That figure amounts to about half the annual revenue of Tata Consultancy Services, which is just one of India's large IT services companies.

[IT Outsourcing in China: What CIOs Need to Know About New Data Privacy Guidelines]

But from that small base, Arora expects China's IT services and BPO market to grow at a rate of 20% to 25% a year.

That projection comes as security firm Mandiant and the White House released separate reports outlining significant security risks facing companies that do business in China.

The Mandiant report identifies the Chinese military as a main instigator of cyberattacks on U.S. companies. And a White House analysis of theft of trade secrets makes numerous references to China.

Mandiant contends that a unit of the People's Liberation Army (PLA) of China is behind a systematic cyberespionage campaign against the U.S. and several other countries that has gone on since at least 2006. Working out of a 130,663-square-foot building in Shanghai, the PLA unit has likely accessed data at more than 140 companies in countries considered strategic by China, according to the firm's report.

Andy Sealock, a partner at consulting firm Pace Harmon, said the reports add evidence to confirm "what many people already assumed was happening." The security risks of working with China have long been "priced into" the decision-making processes of U.S. companies, he said.

With the release of the two reports, it's less likely that companies that are on the fence will send IT work to China. "This will just strengthen their resolve to stay away," said Arora.

Sealock suggested that the latest findings may prompt the U.S. government to "institute policies and sanctions that will make it more difficult to do business with China."

Security experts warn that several other countries, notably Russia, also have government-run cyberespionage programs targeting U.S. companies in a wide range of industries.

Continue Reading

Originally published on www.computerworld.com. Click here to read the original story.