Trust rating for cloud firms on cards
Updated: 2014-12-20 08:10
By Gao Yuan(China Daily)
Cloud computing services displayed at a recent exhibition in Beijing. China will soon evaluate cloud computing companies' trustworthiness level in the government procurement segment, a move that could shut out overseas providers. [Photo/China Daily]
Security nod must for participation in govt projects, says expert
China will soon start rating the trustworthiness of cloud computing service providers, especially for government procurement contracts, a move that could potentially shut the doors to foreign companies, a leading expert involved in drafting the policy told China Daily on Friday.
Only companies that get full security clearance from the government will be allowed to join Smart City and various other government-funded projects, said Zuo Xiaodong, vice-president of the China Information Security Research Institute, an industry think-tank.
"The basic idea of the security rating mechanism is to find trustworthy hardware, software and service providers to ensure that the government has total control of the entire ecosystem," Zuo said.
He said the country is building a cloud security assessment, authorization and monitoring system similar to the Federal Risk and Authorization Management Program adopted by the United States two years ago.
Zuo is one of the key officials involved in drafting one of the two fundamental national standards designed to avoid security loopholes in for-government-use cloud products. The standards will be implemented from April.
The new policy, however, poses a threat to the market share of overseas companies in the sector although they will be allowed to take the assessment. China may ask cloud providers to hand over key operating data and source codes for security reasons, but no overseas company has publicly agreed to disclose such information to the government.
Increasing IT safety concerns are pushing China to hire more local cloud technologies. A number of projects even abandoned overseas providers for made-in-China products.
Earlier this year, Beijing-based virtualization company Sugon Information Industry Co Ltd replaced VMware Inc, a US firm, in a high-profile cloud project in Wuxi, Jiangsu province.
Sugon, Alibaba Group Holding Ltd and Huawei Technologies Co Ltd are among the most active supporters of replacing overseas cloud products.
Wang Zhengfu, chief operating officer of Sugon, said years of heavy investment in research and development have made local firms more competitive in the market. He said the company sees the government's security requirement a golden opportunity to take on foreign players.
Industry sources said China may want overseas IT providers - including cloud companies - out of the government procurement market by 2020. According to Zuo, though the government has no fixed timetable, it is "determined" to use safer IT products.
Turnover of the Chinese public cloud market is expected to exceed 6.2 billion yuan ($1 billion) this year, a 30 percent growth over the corresponding period in 2013, according to figures from the China Academy of Telecommunication Research under the Ministry of Industry and Information Technology.
The academy expects the government to be the major buyer of cloud products in China.
Zhou Min, deputy director of the State Information Center, said local providers are capable of meeting most of the technological demands in the cloud-based public service sector. As the country demands a bigger say in the entire ecosystem, local companies are ready to take a bigger share, he said.