I don’t often cover India’s outsourcing market but an interesting piece of news emerged this week when local media reported that the EU has found some notable gaps in the country’s data protection legislation which could scupper a major trade agreement between the two.
Basically the two have been trying to thrash out the Broad-based Trade and Investment Agreement since 2006.
The idea is that India opens up more of its vast market for EU firms and vice versa, but with one of India’s biggest industries in Business Process Outsourcing, a key demand from that side was that the country be recognised as a “data secure destination” by Europe.
According to the Data Security Council of India (DSCI), this single accreditation could propel outsourcing revenues from European customers from $20bn to $50bn in no time at all.
Sadly for India, the EU Justice Department decided to launch a consultation on India’s data security credentials and now the mutterings are it doesn’t like what it sees.
Any further delays which require legislative amendments could take years – not exactly what IT services giants like Infosys, Mahindra and Unisys want.
However, Forrester security analyst Manatosh Das told me all may not be quite as bad as it seems.
For starters, he said, India is taking information security a lot more seriously nowadays since recent high profile cyber attacks.
With the proposed electronic surveillance Central Monitoring System, the country is apparently planning for stringent privacy laws, while the DSCI, set up by Nasscom, has a strict remit to monitor data security and privacy in the IT and BPO industries, he said.
“I really don’t think in the current scenario outsourcing will take a back seat,” Das added.
“Private organisations in India follow international security frameworks like ISO 27001, PCI DSS, SOX, HIPAA. They have strong contractual agreements with their clients. Clients have the right to audit the vendors as per the agreement.”
However, he did admit that the IT Amendment Act 2008 lacks enforcement and needs amending again to “remove ambiguity” and create specific exceptions.
As a side note, I’m sure the recent “landmark” agreement between the UK and India on data security will also help reassure European customers considering offloading some services to Indian firms.
As always though, rigorous planning and due diligence and early involvement from the IT department should be a given to prevent any unexpected outsourcing problems down the line.
Just a short post this week because it has quite frankly been a quiet week apart from one massive story that has dominated the headlines worldwide, except quite notably mainland China: PRISM and the IT whistle-blower Edward Snowden.
By far and away the most balanced most informative and least hyperventerlatingly hyperbolic piece was over at El Reg, where Duncan Campbell picked through the actual facts about PRISM so far to conclude that, actually, most of it is legal and definitely not tyrannical.
My key observations from his piece are as follows:
- Prism is nothing compared to the powers the UK government was asking for in its draft Communications Bill – now shelved for the time being. It is also pretty similar to what goes on in police offices and other agencies all over the country where officers act on RIPA requests to collect comms data.
- The NSA has numerous other similar schemes including direct Deep Packet Inspection, which have been going on in the background and arguably are more intrusive on personal freedoms.
- The scheme costs around $20m year and as such is definitely small fry in terms of the extent and type of surveillance involved. NSA’s overall budget is an estimated $10 BILLION.
- The number of requests disclosed by Microsoft, Google et al via PRISM are even far lower than the government requests they’ve disclosed not associated with the scheme
- Where Microsoft is concerned, at least, most requests (2%) were for non-content data – ie just account details but not the content of messages. I imagine the same is true of other web service providers.
- These providers may have said they didn’t known about PRISM because it is just an internal codename used by NSA.
What people should REALLY be worried about here is not PRISM per se but the other Guardian scoop – that Verizon was issued with a secret warrant “requiring wholesale delivery of all call data records from their entire system”. That and the doubtless other similar requests which other comms providers have been issued with are more insidious and certainly warrantless compared with PRISM.
It’ll be interesting to see whether the future “scoops” which The Guardian promises will focus on these. I for one would be interested to see whether UK operators have been subject to similar orders from GCHQ.
Lenovo has been talking up its move into the US smartphone market this week, as global PC sales continue to stagnate, but the analysts I spoke to are far from convinced that the Chinese hardware giant can repeat its success in the traditional computing space.
CEO Yang Yuanqing told the WSJ that the firm would be taking aim at the US mobile space within a year. You can’t argue that it doesn’t represent a “new opportunity” for growth, given that PC shipments are still falling in most markets around the world.
In Western Europe they declined by the biggest ever amount in the last quarter – down 20 per cent year-on-year – and even in the still healthy Chinese market they are only forecast to grow by 3-4 per cent this year.
So can the hardware behemoth, which recently became the world’s number one PC vendor, tap a user trend which is seeing more and more gravitate towards mobile devices instead of traditional notebooks and desktops?
Well, Gartner has forecast it will take the lead in its domestic market – the world’s biggest for smartphones – as early as this year, but the US would seem harder to crack.
“The only way Lenovo would have a way to even have a chance would be to have a key carrier support it by lining up one or more of their products in the portfolio. Even this way, I believe consumers will not necessarily see the brand as sexy,” Gartner research VP Carolina Milanesi told me.
“Lenovo’s position in the corporate PC market might give them an opportunity in the prosumer segment especially if they brought to market an Android based device with an enterprise class security and manageability feature set. Bottom line: it’s a tough job and Lenovo would be better off capturing more of the tablet market first so that they could get one step closer to consumers.”
Canalys research director Nicole Peng was not much more optimistic of its chances in the near term, telling me China sales would continue to make up the majority of its global volume.
“The competition landscape in the US smart phone market is far more challenging for new comers, with Apple and Samsung dominating over 70 per cent share,” she added. “However to start selling smart phone in the US, more importantly to gain carrier support is strategically important for Lenovo’s overall PC+ strategy globally.”
All reasonable comments and I think they’ll be true in the short term, but I wouldn’t be surprised to see Lenovo up there in the top three or five US smartphone vendors in a couple of years’ time. ZTE, with all of its problems and negative publicity in the US, has already nabbed third place, according to new stats from ITG Market Research.
With a hefty R&D team and vaulting ambition, Lenovo will be hard to ignore, even if its brand image is not exactly an enticing one for smartphone users Stateside at the moment.
Last week I finished off an analysis of the China/cyber espionage stories that have been flying around in recent months, with a surprising conclusion – in many circumstances the country may well be as much a victim of attack as a perpetrator.
We are unlikely to ever find out the extent of state-sponsored cyber attacks on the US and its allies, although thanks to several high profile reports which name and shame Beijing it’s clear that the tip of the iceberg is well and truly showing.
However, we can be more clear about how secure or otherwise China’s IP address space is and make some general observations.
I spoke to several information security experts about this and they were all in agreement that China is a particularly attractive place to launch attacks from, simply because there are so many compromised PCs as well as enough bulletproof hosting firms there to use with impunity.
HKCERT senior consultant, SC Leung, explained to me how compromised computers, of bots, in China are helping cyber criminals from outside the country.
“The zombie computer, or bot, steals the data (using its IP address) and sends it back to the attacker. When tracing the compromise police can only find the bot computer IP address. The attacker can further command the bot to send the data to Dropbox or a third party forum, and then retrieved it directly or indirectly. This long chain of investigation of different servers (probably in different jurisdictions) hampers the investigation.”
It’s also worth mentioning that not all attacks are being carried out by external forces to compromise Chinese IP addresses which are then used as a staging point to attack other countries. China has a massive internal problem with home-grown cyber crims targeting their own – stealing data, IP, bank credentials and even blackmailing by DDoS or other means.
It’s interesting to note that a week or so after I published this story, the FT ran an interesting piece which reached the same conclusions, claiming that the government is failing to provide coherent oversight on information security matters and that the forensics industry is virtually non-existent in China.
Apart from changing these two problems, there needs to be greater user education and awareness to ensure fewer PCs are vulnerable to outside attack, and a crack down on bulletproof hosters.
At the moment, the Party seems to be happy to close down porn sites in high profile raids, willfully censor its citizens and hit out at any US accusations of cyber subterfuge, but not to get its own house in order.
Cleaning up its address space first would would surely improve China’s standing internationally and may even help foster more cross-border co-operation, rather than the relentless mud-slinging of late.
Last week I popped over to the Quarry Bay HQ of Verizon Business in Hong Kong to hear more about the annual Data Breach Investigations Report.
The report’s really come on since I covered it way back in 2008, and this year pulled data from an unprecedented 19 reputable sources including Scotland Yard, the US Department of Homeland Security and many more.
The Register covered the main news from the report when it was launched the week before – that China was responsible for a whopping 96 per cent of state-affiliated attacks – so I was keen to get some other APAC-relevant insight from the team.
Unfortunately there wasn’t much to be had, in fact the report itself only mentions Asia Pacific once as a break-out region, to illustrate the top 20 threat types across the whopping 47,000 security “incidents” recorded over 2012.
What this probably tells us is that methods of collecting the data at the moment are pretty non-standardised across the globe, which makes drawing any clear comparisons difficult between regions.
Another thought that occurred: it’s fairly obvious that organisations across the globe suffer from the same kinds of information security risk – whether hacktivist, financially motivated criminal or state sponsored espionage-related.
As Verizon’s HK VP Francis Yip said: “No one is immune from cyber crime. As long as you have an IP address, you are a target, no matter how long you spend online.”
In this respect, there were no startling new trends as such to pull out of the report, aside from China’s consistent and persistent appearance as number one source of state-sponsored shenanigans.
This is probably good news for under fire CISOs, now tasked not only with deflecting financially motivated cyber crime and attempts from hacktivists to take down their sites and steal credentials, but also under-the-radar information theft from APT-style attacks.
What’s also good news, is Verizon’s assertion that the cloud is no less safe than any other form of computing system, as long as IT teams make sure they carry out due diligence on providers.
“Cloud can actually be more secure, because these providers are doing it on an industrial scale with staff who know what they are doing,” argued Verizon’s APAC head of identity and privacy services, Ian Christofis.
While all this is certainly true I definitely got the impression from the briefing that many firms are still failing on the security basics.
“Could try harder” is probably a suitable report card take-away for businesses from 2012.
I spent the first part of the week at Huawei’s global analyst summit just across the border in sunny Shenzhen. There wasn’t an awful lot of news per se, but a good many bold financial predictions from the fast-growing firm, which is trying to manage the unheard of triple whammy of success in carrier, enterprise IT and consumer device markets.
No firm has managed to succeed in all three, but Huawei is certainly going the right way about it. The firm stands third in the worldwide smartphone market, is breathing down Ericsson’s neck in the carrier space and has big plans to grow its enterprise business. On that front we heard the firm expects 45 per cent growth this year, and a CAGR of around the same to reach $10bn in revenue by 2017.
It’s not all hunky dory at the Shenzhen headquartered vendor though. Alternate CEO and EVP Eric Xu effectively said at the event that it had given up on the US as a potential growth market. Now that’s not to say it wouldn’t like that to change in the future, but given the intractable stance of Congress on this it’s not likely. So where’s the enterprise growth to come from?
Analysts told me developing markets like Indonesia and Myanmar represent potential but not immediate revenue growth at the moment – for that it needs to tap developed regions. China still represents the major slice of the enterprise pie for Huawei and that’s all dandy, but there are mutterings that local government spending may tighten in the near future, which would be bad news for the firm.
“In enterprise, Huwaei is strong in the networking and infrastructure segment. It also has other products around unified communications, contact centre and security, but overall market share is very small outside China,” Frost & Sullivan analyst Pranabesh Nath told me.
“Like the Japanese firms of the post-world war era, it is mostly positioned as a value oriented player, but is trying to improve its products to move up the value chain.”
A potential roadblock on this journey is a perceived lack of clarity around its product lines, according to IDC’s Ian Song. He said the Fusion datacentre brand in particular has caused some confusion amongst the analyst community, which view Huawei’s enterprise message as a “work in progress”.
That said, its technology is sound, R&D spend is massive and it’s got a great base to start with its strength in the carrier space. IBM, Cisco, HP et al won’t be breaking into a sweat just yet but they’d be foolish not to see the crouching tiger hidden in plain sight.
On the device front, we heard from CMO Shao Yang about Huawei’s plans to shift 60 million smartphones this year. This won’t exactly propel it into the top two among Samsung and Apple, but it’s a pretty clear statement of intent. In this industry, brand perception is all-important, and it’s something Huawei, which didn’t really have a brand until it launched the Ascend line last year, has historically struggled in.
That said, it’s learning fast and the high-end handsets its coming out with are pretty slick, so expect a whole lot more on the marketing front this year and an increasing number of Huawei-branded devices to manage as part of your BYOD strategy.