In today’s globalised business world, what happens in Shenzhen or Singapore may be just as important as trends closer to home. To that end, I recently offered IDG Connect the following round-up of the past year in APAC, and a few notes on what we can expect from the months ahead. As Apple’s dire performance in China has shown, Asia increasingly matters to Western tech firms, their customers, shareholders and partners:
Asia’s technology market had more global exposure in 2018 than in many recent years. There’s just one problem: most of it was negative. President Trump has begun a de facto trade war with China which has now morphed into a full-fledged stand-off on several fronts, with cyber-espionage and perceived unfair Chinese trading practices at the heart of US grievances. As we head into 2019 expect tensions to increase, with other south-east Asian nations potentially benefitting as US firms pull their supply chain operations from the Middle Kingdom.
It could be an extremely nervy time for Silicon Valley CEOs.
The trade war continues
The tit-for-tat trade war started in 2018 might have so far steered largely clear of tech goods, although some firms have begun to warn of an impact on profits. But the industry has certainly been at the heart of the stand-off between the world’s superpowers. In January a deal between Huawei and AT&T to sell the former’s smartphones in the US collapsed after pressure from lawmakers worried about unspecified security concerns. Then came a seven-year ban on US firms selling to ZTE — the result of the Chinese telco breaking sanctions by selling to Iran, and then lying to cover its tracks. Although part of the ban was subsequently lifted temporarily, it highlighted to many in the Chinese government what president Xi Jinping had been saying for some time: the country needs to become self-sufficient in technology. It was reinforced when Huawei became the subject of a similar investigation.
This is about America, and Trump in particular, fighting back against what it sees as years of unfair trading practices by China. The argument goes that the Asian giant has been engaged in cyber-espionage on an epic scale to catch up technologically with the West, and unfairly forces IP transfers on foreign firms as the price for access to its huge domestic market. Thus, the coming year will see a ratcheting up of tensions. China on the one side will look to increase its espionage in areas like mobile phone processors to accelerate plans to become self-sufficient. And the US will continue to find ways to crack down on Chinese firms looking to access its market — probably citing national security concerns. There are even reports that the US has considered a total ban on Chinese students coming to the country over espionage concerns.
“Technology CEOs the world over with supply chain dependencies in China — so probably all of them — should be increasingly nervous and focused on their firms’ efforts to have viable contingency plans for a US-China technology cold war,” wrote China-watcher Bill Bishop in his Sinocism newsletter. That could spell good news for other ASEAN nations like Vietnam, where Samsung has made a major investment in facilities — although few countries in the region boast the infrastructure links and volume of skilled workers China does.
Cybersecurity takes centre stage
As mentioned, cybersecurity and online threats are at the heart of the Sino-US stand-off. The stakes got even higher after a blockbuster report from Bloomberg Businessweek which claimed Chinese intelligence officers had implanted spy chips on motherboards heading for a US server maker. Although the claims have been denied by Apple, Amazon and the server maker in question, Supermicro, they will confirm what many have feared about supply chain risk for a long time and accelerate efforts in 2019 to move facilities out of China. Further fanning the flames is a US indictment alleging Chinese spies worked with insiders including the head of IT security at a French aerospace company’s China plant to steal IP.
In a move likely to enrage China, the US also recently arrested and charged a Ministry of State Security (MSS) operative with conspiracy to steal aviation trade secrets. A major backlash is likely to come from Beijing. But more could also come from Washington after a combative congressional report from the US-China Economic and Security Review Commission called for a clampdown on supply chain risk and warned of China’s efforts to dominate 5G infrastructure and IoT production.
Aside from state-sponsored attackers, there’s a growing threat from Chinese cyber-criminals, according to one security vendor. Western firms suffer millions of attacks per year from financially motivated Chinese hackers, according to IntSights. Expect that to increase in the future as the state encourages criminals to focus their efforts outside the country, or even to team up with hacking groups at arm’s length. Also expect the country’s Cybersecurity Law to have a growing impact on how Western firms do business there. Ostensibly meant to vet such firms for interference by the NSA and CIA, the law could also serve as a pretext for Chinese officials to access sensitive IP and source code belonging to Western firms operating in China.
For other countries in the region, improving cybersecurity is vital to their efforts to attract more foreign IT investment and nurture start-up friendly environments. Although there are pockets of good practice, APAC is thought to be among the least mature regions worldwide. AT Kearney has called on ASEAN nations to increase cybersecurity spending to around $170 billion, warning that they are in danger of losing $750 billion in market capitalisation otherwise.
The threat from Chinese spies and local hackers is compounded by the growing danger posed by North Korea. Its state-sponsored hackers are acting with increasing impunity. FireEye recently identified a new group, APT38, which was responsible for the attacks on Bangladesh Bank and other financially motivated raids. Expect more attacks aimed at raising funds for the regime, as well as destructive campaigns and politically motivated information theft.
Taking a lead
On a more positive note, APAC is increasingly seen as a leader in emerging digital technologies: led by the two regional giants of India and China but also mature nations like Singapore, Taiwan, Hong Kong and South Korea. Microsoft believes that digital transformation will inject over $1 trillion to APAC GDP by 2021, with artificial intelligence (AI) a key catalyst for growth.
AI continues to be major focus for the region. Singapore is a leader in AI thanks to heavy government investment in schemes such as AI Singapore (AISG) and its AI Speech Lab, while government-owned investment company SGInnovate has recently unveiled its Deep Tech Nexus strategy. India is also is also poised to become “one of the most active centres of expertise in AI” according to experts, thanks to government backing.
Asia is leading the way on smart city projects. Investment in initiatives was set to reach $28.3 billion in 2018 in APAC (ex Japan), and is forecast to reach $45.3 billion in 2021 — partly out of necessity. The region’s cities are forecast to add another one billion citizens by 2040, which will require up to 65% of the UN’s Sustainable Development Goal targets to be met.
India’s Modi government has led the way with an ambitious plan to transform 100 cities, although 2019 will be a crucial year, given that recent reports claim 72% of these projects are still only at the planning stage. Many more examples are springing up all over the ASEAN region, however, from flood awareness programmes in Danang to a free public Wi-Fi and CCTV camera network in Phuket. IDC celebrates some of the best examples each year, showing the breadth of innovation in the region.
However, governments will need to do better in 2019 to tackle major barriers to digital transformation identified by the UN. These include excessively top-down approaches; security, privacy, and accountability problems; and digital exclusion. It claimed just 43% of APAC residents were internet users in 2016. There’s plenty of work for governments and the private sector to do next year.
As explained in my latest for IDG Connect here, Beijing has, via tightening regulations, antitrust investigations and even more restrictive censorship rules, been making the Middle Kingdom an increasingly hostile place for foreign – especially US – tech companies. It was never easy – foreign firms have always had to team up with a local partner to have a crack at the huge domestic market, with all the risks that entails. But now it’s even more difficult.
So enter India – a nation of over one billion and with the world’s fastest-growing economy. US firms have had a much better time there historically. Foreign direct investment is very much OK, and even in those few industries which are less welcoming – retail, media, telecoms and banking, for example – successful partnerships with local players are possible.
The start-up cash pouring in from Silicon Valley and elsewhere is staggering – dwarfing that in China already, according to Forrester research director, Ashutosh Sharma. In the last quarter this reached $6bn from private equity alone, he told me. What’s more India can boast:
- A suspicion of China matched only by the US
- A nominally democratic political system based on rule of law, making its regulatory environment more predictable, if still overly bureaucratic
- A young, tech savvy, increasingly well educated, and affluent population
On the minus side, however, it has dreadful mobile connectivity and poor broadband penetration.
“The size of the country in terms of populations makes it difficult for any government to strike a right balance between pursuing growth through investments versus leaning towards more socialistic policies,” Sharma told me.
“This dithering on policy initiatives since India liberalised its markets in early ’90s have cost them time which has manifested in poor physical and virtual infrastructures.”
A large, “digitally dark” population which doesn’t speak English makes it hard to justify investments in digital media, he said.
“However all indications are that this is temporary because at the pace innovation is happening both in terms of affordability of mobile devices, data connection, and local language solutions it won’t be long before a major part of India is digital,” Sharma added.
As mentioned, the regulatory framework is still over complex and bureaucratic, although this too is apparently changing.
“The pace of simplification and speed of execution has improved since the new government has come in place,” he said.
It will take years before India even comes close to the $600bn in bilateral trade the US and China enjoy. But that trade is massively unbalanced, comprising mainly of Chinese imports to the US. This is not the case with US-India relations.
The winds of change are blowing, and they’re blowing to the sub-continent.
IT offshoring; not the most exciting topic in the world but a vital contributor to the global IT economy. Last week Gartner released a new report detailing the challenges and opportunities facing Asian locations and warned that while emerging stars such as Indonesia and Vietnam offer great cost savings, there are risks.
Primary among these, as I noted for The Reg, is that none are doing well when it comes to their Data/IP Security and Privacy rating.
Indonesia, Thailand, Sri Lanka, Bangladesh and Vietnam all ranked “poor”, while more mature markets China, Philippines, India and Malaysia only did one better at “fair”.
Report author Jim Longwood also told me that despite ostensibly low costs, some emerging destinations may incur hidden “soft costs”.
“In some countries, for example, you might have to use a local joint venture; or for manufacturing pay additional fees to ensure a higher level of continuity of power supply than local businesses and homes might receive to avoid ‘brown outs’,” he said.
“Another soft cost is building a local brand, to enable the captive to attract a better quality of resources, e.g. when competing against the well-known global brands like of IBM, HP, Microsoft, SAP & Oracle for local talent. Part of this may well be investing building campus type facilities as the Indian providers have done.”
So, which will emerge as the favourite place to offshore IT services in the future?
Well, there are a number of locations vying for the business of MNCs, the analyst told me. Vietnam Bangladesh and Indonesia are leading the pack of emerging Asian countries thanks to strong government support for the first two and “more adhoc local entrepreneurial means” in the latter.
As for China, well it is certainly creeping up fast on India, and was rated by Gartner as the sub-continent’s number one challenger in terms of scale.
However, India has won the “current battle” in terms of horizontal IT services for apps and business processes and will not be overtaken by the Middle Kingdom anytime soon.
“However, versus India, China has certainly won the ‘battle’ to be a leading global site for manufacturing technology whether for TVs, telecommunications or IT hardware componentry,” he added.
A couple of weeks ago I wrote how Asia would be the key to Microsoft’s success with its soon to be acquired handset business and Windows Phone. Well, new IDC stats out this week confirmed the importance to Redmond of one of Asia’s biggest markets, India, but also that it may struggle without the Nokia brand.
India is now rated by many analysts as the fastest growing smartphone market in the world.
The numbers speak for themselves. The largest democracy on the planet has a population of over 1.3 billion but smartphone penetration of only around 10 per cent – in this it’s some way even behind China and has huge growth potential.
The question is who’s going to capitalise? Well, at the moment it’s the same old story of cheap, local Android handset providers. In India Karbonn and Micromax are two of the most prominent.
Windows Phone was a surprise second place in Q2, however, with a market share of 5.3 per cent, according to IDC. Granted, this is way behind Android’s 90+ per cent, but still above iOS and BlackBerry and remember that percentages translate into 500,000+ units.
The key to success going forward, however, will be how it handles the Lumia, according to IDC analyst Kiranjeet Kaur.
She told me that although Nokia sells the Lumia 520, 620, 625, 720, 820, 920 and 925 in India it has been the 520’s low price point of around Rs 10,000 (£100) which has made it popular.
Microsoft can’t rely on the Lumia range to continue attracting buyers in the future though, because the all important Nokia brand will soon be removed.
“People buy the Lumia because they’ve had an association with Nokia for many years and see it as a good brand,” she said. “But if the [acquisition] deal goes through in the next few months I’m not sure how quickly Microsoft can do the rebranding.”
Time will tell whether this makes a big difference. It has to be said that Nokia was far from coasting in India. Despite winning the country’s Brand Trust Report for the third year in a row in February, it has been mired by tax problems and slowing sales.
Still, India remains Nokia’s second largest market after China, according to IDC, so the next 12 months will be a key test of whether Microsoft can continue the momentum and take on the likes of HTC and Samsung in the mid-range as well as stealing a bit of share from domestic players at the lower end.
It will be an uphill task.
It was Microsoft and Nokia’s big week this week and I’m sure the two will be hoping to hog the headlines going forward as much as they did over the past seven days. Now some might have unkindly described the alliance as “the sounds of two garbage trucks colliding”, but I’ve been getting the low down on why the deal should matter to APAC, or more realistically, why APAC should matter to Microsoft.
Let’s get one thing straight, APAC is essential to Microsoft’s future success in the smartphone space, not just because it has the world’s largest and fastest growing market – China and India respectively – but because Nokia has a really good legacy footprint there thanks to its feature phone biz.
The problem for Redmond, however, is that we’re not talking about feature phones any more, but smartphones. These markets are increasingly demanding smartphones, albeit low-end handsets, not feature phones. It’s why local players like Huawei, ZTE, Micromax and others are growing at such speed.
Nokia’s stock is greatest in India, where it has been voted most trusted brand for two years in a row, despite on-going tax problems with the authorities. Yet according to IDC’s Melissa Chau its relationship with operators isn’t particularly great anymore, so to large extent Microsoft is going to have to start from scratch here.
Building a budget Lumia will be vital and Chau told me Microsoft could do two things to help achieve this:
- Remove licensing charges – at the moment it’s built into the cost of the phone – which would wipe about $10 off per handset
- Use its combined internal expertise now with software and hardware to tweak Windows Phone so that it can run on hardware specs more suited to a lower price point.
It also needs to sort out Asha, she told me, starting with making the handset more attractive by sticking some Microsoft apps on it, and then hopefully in time transitioning those customers to a low cost Lumia.
This ain’t gonna be easy. The competition is fierce out there and with Nokia’s star waning and a severe lack of apps in the ecosystem the best Redmond can probably hope for is cementing it in third place behind the deadly duo of iOS and Android. With four of the Lumia’s top selling markets in APAC (including no. 1 and 2) however, it must make the region a priority.
Time will tell how successful it is, of course, but time, as we all know, is probably something Micr-okia doesn’t have.
I don’t often cover India’s outsourcing market but an interesting piece of news emerged this week when local media reported that the EU has found some notable gaps in the country’s data protection legislation which could scupper a major trade agreement between the two.
Basically the two have been trying to thrash out the Broad-based Trade and Investment Agreement since 2006.
The idea is that India opens up more of its vast market for EU firms and vice versa, but with one of India’s biggest industries in Business Process Outsourcing, a key demand from that side was that the country be recognised as a “data secure destination” by Europe.
According to the Data Security Council of India (DSCI), this single accreditation could propel outsourcing revenues from European customers from $20bn to $50bn in no time at all.
Sadly for India, the EU Justice Department decided to launch a consultation on India’s data security credentials and now the mutterings are it doesn’t like what it sees.
Any further delays which require legislative amendments could take years – not exactly what IT services giants like Infosys, Mahindra and Unisys want.
However, Forrester security analyst Manatosh Das told me all may not be quite as bad as it seems.
For starters, he said, India is taking information security a lot more seriously nowadays since recent high profile cyber attacks.
With the proposed electronic surveillance Central Monitoring System, the country is apparently planning for stringent privacy laws, while the DSCI, set up by Nasscom, has a strict remit to monitor data security and privacy in the IT and BPO industries, he said.
“I really don’t think in the current scenario outsourcing will take a back seat,” Das added.
“Private organisations in India follow international security frameworks like ISO 27001, PCI DSS, SOX, HIPAA. They have strong contractual agreements with their clients. Clients have the right to audit the vendors as per the agreement.”
However, he did admit that the IT Amendment Act 2008 lacks enforcement and needs amending again to “remove ambiguity” and create specific exceptions.
As a side note, I’m sure the recent “landmark” agreement between the UK and India on data security will also help reassure European customers considering offloading some services to Indian firms.
As always though, rigorous planning and due diligence and early involvement from the IT department should be a given to prevent any unexpected outsourcing problems down the line.
Earlier this week David Cameron signed a deal designed to elevate the Indo-British relationship to an “unprecedented level of co-operation” on cyber security issues. It came as part of the PM’s three day trade mission to India and is certainly to be welcomed, but the agreement also implies some rather worrying things about the cyber readiness of the country’s big outsourcing firms.
The deal will essentially mean two things. Firstly, UK technical know-how and expertise in the cyber security sphere will be shared with Indian outsourcers, essentially to help protect the vast amounts of data from UK consumers and businesses which are now held on servers in the country.
Secondly, the agreement will see the two countries share relevant threat intelligence in order to thwart attacks on their systems, whether they’re coming from the UK, India or elsewhere.
Now, as mentioned, any kind of international co-operation on cyber threat protection is a step in the right direction, and Cameron certainly can’t be faulted for his assertion that “other countries securing their data is effectively helping us secure our data”.
My surprise is that big name outsourcers like Wipro, HCL, Mahindra and Infosys – firms which have built their business presumably on the quality (and security) of their BPO offerings – need an extra hand.
Any CIO worth his salt would surely relegate to the scrap heap a potential outsourcing provider who could not satisfy his or her list of pre-determined security requirements.
Sure, the smaller outsourcers will benefit most from this deal, but the big boys too?
Well, yes, according to Forrester’s New Delhi-based analyst Katyayan Gupta.
“Even larger Indian firms like Infosys, TCS, etc. will also benefit because now they will have an additional layer of security against cyber criminals,” he told me.
“This is not to say that these firms do not have good security right now. But the question really is – is it enough to keep all attackers out? Probably not.”
Now I know in this age of APTs and highly targeted attacks no firm can claim to be impervious, but it’s slightly worrying when those with huge resources – in an industry where reputational damage following a data breaches could hit hard – are apparently getting expertise flown in from the UK that they haven’t obtained anyway.
Also, as Gupta argued, the deal will still do nothing to stop perhaps the biggest threat to UK data residing on these firms’ servers: corrupt insiders.
It may be time to revisit those SLAs.