OpenStack cloud vendor and Amazon–agitator Rackspace Hosting is launching its first public cloud offering for Asia in Hong Kong today, so I caught up with APAC MD Ajit Melarkode to talk all things Hong Kong, cloud and Rackspace.
I covered the news over at The Reg. Given that not many businesses rely solely on the public cloud, the announcement can be seen more in context of Rackspace’s Hybrid Cloud offering – which allows users to mix and match between public and private cloud and dedicated server hosting.
As such, I’m sure IT managers in the region will be keen to have another option for their cloudy needs.
They should also be assured that Rackspace is certainly investing significantly in the region, and Hong Kong, Melarkode told me. “We’ve sent a lot of Rackers out to set up here,” he said. “We’re not treating it as a satellite office – Hong Kong has really come into its own this year.”
Testament to this is Melarkode himself, who has experience of running operations on the ground in the region, and the fact that the firm is setting up dedicated finance, HR and marketing departments, as well as hiring a regional CTO, lead engineers, SMB and enterprise support staff, and ensuring that there is a good spread of local language speakers.
So who is Rackspace hoping to target with its new offering? Well, according to Melarkode, the growth of the Hong Kong office and APAC hub can be seen in parallel with the expansion of Rackspace customers into Asia: “as our customers expand we expand with them – we’re driven in a major part by client requirements”.
Another market he mentioned was that of the smaller innovative local companies in industries like retail and technology which are unencumbered by legacy infrastructure and are “leapfrogging onto new technologies like mobile and cloud”.
Melarkode was unsurprisingly quick to leap to the defence of Asian firms, which are often branded as copy cats and accused of lacking the ability to truly innovate.
He argued that creating services on top of “building blocks” already developed in the West does not necessarily amount to copying – and pointed out that firms from the region are contributing code to OpenStack, which he claimed is certainly not the behaviour of a technology laggard.
The region in general, while perhaps slightly behind the West, is certainly catching up in terms of the maturity of its IT services industry.
“I’ve seen how the region has developed right from the time Indian outsourcing started blooming in 1993, to the more hardware and infrastructure focus in China and the BPO success taking hold in the Philippines,” he explained.
“What I see is lagging behind here but the pace is still fantastic. Look at how it’s catching up. Lots of clients used cloud just for back-up and storage but now they’re starting to use it for app testing and development. The catch-up rate is astonishing.”
Rackspace will certainly need that maturity to expand beyond the handful of early movers in APAC if it’s to recoup some of its growing investment here.
Things are moving pretty fast, though, with the firm doubling headcount and its datacentre space in Hong Kong to meet expected demand and with plans to do so again in the coming year, Melarkode said.
I don’t often cover India’s outsourcing market but an interesting piece of news emerged this week when local media reported that the EU has found some notable gaps in the country’s data protection legislation which could scupper a major trade agreement between the two.
Basically the two have been trying to thrash out the Broad-based Trade and Investment Agreement since 2006.
The idea is that India opens up more of its vast market for EU firms and vice versa, but with one of India’s biggest industries in Business Process Outsourcing, a key demand from that side was that the country be recognised as a “data secure destination” by Europe.
According to the Data Security Council of India (DSCI), this single accreditation could propel outsourcing revenues from European customers from $20bn to $50bn in no time at all.
Sadly for India, the EU Justice Department decided to launch a consultation on India’s data security credentials and now the mutterings are it doesn’t like what it sees.
Any further delays which require legislative amendments could take years – not exactly what IT services giants like Infosys, Mahindra and Unisys want.
However, Forrester security analyst Manatosh Das told me all may not be quite as bad as it seems.
For starters, he said, India is taking information security a lot more seriously nowadays since recent high profile cyber attacks.
With the proposed electronic surveillance Central Monitoring System, the country is apparently planning for stringent privacy laws, while the DSCI, set up by Nasscom, has a strict remit to monitor data security and privacy in the IT and BPO industries, he said.
“I really don’t think in the current scenario outsourcing will take a back seat,” Das added.
“Private organisations in India follow international security frameworks like ISO 27001, PCI DSS, SOX, HIPAA. They have strong contractual agreements with their clients. Clients have the right to audit the vendors as per the agreement.”
However, he did admit that the IT Amendment Act 2008 lacks enforcement and needs amending again to “remove ambiguity” and create specific exceptions.
As a side note, I’m sure the recent “landmark” agreement between the UK and India on data security will also help reassure European customers considering offloading some services to Indian firms.
As always though, rigorous planning and due diligence and early involvement from the IT department should be a given to prevent any unexpected outsourcing problems down the line.
Earlier this week David Cameron signed a deal designed to elevate the Indo-British relationship to an “unprecedented level of co-operation” on cyber security issues. It came as part of the PM’s three day trade mission to India and is certainly to be welcomed, but the agreement also implies some rather worrying things about the cyber readiness of the country’s big outsourcing firms.
The deal will essentially mean two things. Firstly, UK technical know-how and expertise in the cyber security sphere will be shared with Indian outsourcers, essentially to help protect the vast amounts of data from UK consumers and businesses which are now held on servers in the country.
Secondly, the agreement will see the two countries share relevant threat intelligence in order to thwart attacks on their systems, whether they’re coming from the UK, India or elsewhere.
Now, as mentioned, any kind of international co-operation on cyber threat protection is a step in the right direction, and Cameron certainly can’t be faulted for his assertion that “other countries securing their data is effectively helping us secure our data”.
My surprise is that big name outsourcers like Wipro, HCL, Mahindra and Infosys – firms which have built their business presumably on the quality (and security) of their BPO offerings – need an extra hand.
Any CIO worth his salt would surely relegate to the scrap heap a potential outsourcing provider who could not satisfy his or her list of pre-determined security requirements.
Sure, the smaller outsourcers will benefit most from this deal, but the big boys too?
Well, yes, according to Forrester’s New Delhi-based analyst Katyayan Gupta.
“Even larger Indian firms like Infosys, TCS, etc. will also benefit because now they will have an additional layer of security against cyber criminals,” he told me.
“This is not to say that these firms do not have good security right now. But the question really is – is it enough to keep all attackers out? Probably not.”
Now I know in this age of APTs and highly targeted attacks no firm can claim to be impervious, but it’s slightly worrying when those with huge resources – in an industry where reputational damage following a data breaches could hit hard – are apparently getting expertise flown in from the UK that they haven’t obtained anyway.
Also, as Gupta argued, the deal will still do nothing to stop perhaps the biggest threat to UK data residing on these firms’ servers: corrupt insiders.
It may be time to revisit those SLAs.