Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Is it now crazy to offshore IT to China?

Mandiant report citing Chinese government's role in cyberattacks might give more pause to some U.S. companies

China has for years been developing an IT outsourcing industry aimed at bringing in business from the U.S. and Europe. It has succeeded, but then again it hasn't thrived and now may face more barriers.

China's IT and BPO outsourcing market today is in the range of $4 to $5 billion.

The total outsourcing revenue there is about half that generated by just one India's largest IT firms, Tata Consultancy Services firms, said Jimit Arora, a vice president at Everest Group, a consulting and research firm.

China's IT service and BPO market is expected to grow annually by around 20% to 25%, but that growth is off a small base, says Arora.

Ten years ago, there was wide expectation that China would emerge as India's top threat in the IT services outsourcing business. Those expectations have been thwarted largely due to language issues and ongoing security concerns, say analysts.

China's job building an IT and BPO outsourcing industry may have just gotten harder.

The blow-by-blow details of Chinese government espionage that arrived this week in a report by security firm Mandiant, lay bare, in ways never seen before, the extent of the security risks of working with China.

The Mandiant report draws a straight line to the Chinese military as a main instigator of cyberattacks on U.S. firms.

Meanwhile, the White House this week released a report with details on trade secret theft that makes numerous references to China, amplifying the extent of this problem.

Andy Sealock, a partner at consulting firm Pace Harmon, says the concerns about the security risks of outsourcing to China are already "priced into" and considered in the decision making process of U.S. firms. The latest revelations just add more evidence to "what many people already assumed was happening," he said.

A potential wildcard is the U.S. response, if any, to the latest developments, analysts say.

"This onslaught of espionage targeting U.S. technologies is constant and unwavering," said the White House in its report on mitigating the theft of U.S. trade secrets. Such attacks are increasing, concludes the White House.

Sealock said the U.S. may feel pressure to make "to make a public response to the threats and institute policies and sanctions that will make it more difficult to do business with China."

Companies opposed to offshoring to China may now be less likely to change their minds. "This will just strengthen their resolve to stay away" from China, said Arora.

And for those companies considering China for outsourcing work, the "task has just become a bit harder," said Arora.

James Slaby, who directs the security practice at HFS Research, says companies aren't necessarily more at risk in China.

The security risks may be marginally greater there if the telecommunications equipment has been compromised with backdoors. How attacks on the equipment are mounted, though, is geographically independent, said Slaby.

The bottom line is that companies offshoring to China are "only embracing nominally more risks" as long as they are pursing best practices to protect corporate data, said Slaby.

Deploying basic security practices, "are more important than thinking about where you are physically located," said Slaby.

Daniel Castro, an analyst at the Information Technology & Innovation Foundation, does not believe that "businesses will rethink their off-shoring decisions because of the Mandiant report, but they should all be taking a close look at their risk exposure and mitigation measures for these types of threats."

Patrick Thibodeau covers SaaS and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld. Follow Patrick on Twitter at @DCgov, or subscribe to Patrick's RSS feed . His e-mail address is pthibodeau@computerworld.com.

Read more about cyberwarfare in Computerworld's Cyberwarfare Topic Center.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Tata, Tata Consultancy Services, Technology, Topic
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Cybercrime and Hacking, BP, cyberwarfare, Mandiant, government, Everest Group, Government/Industries, Tata Consultancy Services
Latest Blog Posts
Whitepapers
  • How to Successfully Select an ERP System
    An Enterprise Resource Planning (ERP) system is a series of software applications that collect and compiles data from different departments to enhance collaboration and co-ordination within the business. If you’re looking to implement your first ERP system, or to upgrade from an existing system, this whitepaper offers eight simple steps for selection that will lead to long-term strategic success.
    Learn more »
  • Top 10 reasons to strengthen information security with desktop virtualization
    This paper discusses: • The growing challenge of maintaining information security in today’s evolving enterprise environment • Key advantages of desktop virtualization as an inherently more secure computing architecture • The top ten benefits of using desktop virtualization to strengthen information security • And how you can regain control and reduce risk without sacrificing business productivity and growth
    Learn more »
  • Cloud for Business Managers in Midsize Organisations: the Good, the Bad & the Ugly
    Read this independent research report to learn how business managers around the world are using Cloud applications. Discover the top motivations for adopting the Cloud, the most common problems and recurring pitfalls; common barriers to Cloud application integration and the consequences of security breaches and compliance issues.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Latest Jobs
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments