When the UK decided to eject Huawei as a key 5G hardware supplier, any observer could spot darkening clouds over this country’s relationship with China, so could other China-based providers such as Alibaba Cloud also fall under a “less-favoured supplier” category and be pushed out of the UK market?
Paul Miller, principal analyst at Forrester, notes the Chinese market is increasingly important to UK firms, with Chinese cloud providers having plenty to offer UK- and Europe-based businesses. However, it is getting harder for UK-based and Chinese businesses to work together.
“Tougher rhetoric from several European capitals and Beijing’s apparent tightening of oversight of some Chinese tech firms all encourage UK (and European) firms thinking about a Chinese cloud to move more slowly,” says Miller.
Recent US sanctions and pressures have sometimes made it difficult for Chinese providers like Huawei to source components or license software, while the EU too essentially considers China a “systemic rival” even as it struggles to balance competing concerns, he adds.
Rob Dartnall, head of intelligence at cyber threat intelligence supplier Security Alliance (SecAlliance), agrees there’s a “cadence” of sanctions and statements from the US, EU, UK and others, and legislation such as the National Security Investment Act, aimed at protecting financial services and critical infrastructures that may lead to more firms pushed out if seen as too close to the “wrong” side.
“There’s also been tremendous talk in the Chinese media around the need to move away from Western systems, functions and things like SWIFT payments,” says Dartnall. “For Russia, too, that will likely lead to some retaliatory cyber campaign.”
Caution on involvement with rival nation-states can be warranted from national infrastructure cyber-resilience and supply chain risk perspectives – especially in light of recent disruptions that showed just how vulnerable long, globalised supply chains are, he says.
Backdoor leaks and attacks
Backdoor leaks and attacks are possible, and software can be modelled to use the twin to develop sophisticated and bespoke cyber attack strategies.
“If you are the supply chain and don’t even have to compromise the supply chain, you’re stronger,” he says. “We’ve seen bad code injected into devices, into software.”
Christian Morin, chief security officer at Canadian unified security supplier Genetec, points out that even hardware typically has software running on it which can be compromised, so cutting links even with hardware firms that have close ties to the Chinese government makes sense.
“The fundamental issue is one of trust,” says Morin. “You can bypass some security mechanisms through hardware when vulnerabilities are discovered.”
It always makes sense to reassess risk
Morin feels that strong risk management should entail a move away from business partners and use of equipment made by countries like China, or at the very least, close analysis of involvement case by case, regardless of government action.
“In some cases, it might make sense to work with a Chinese organisation or provider, depending on the workload, sensitivities and risk tolerance,” says Morin.
If Chinese providers are pushed out, though, UK cloud providers might seem unlikely to take a hit – not least because Chinese investments in datacentres in the region remain a drop in the ocean compared with those by the US hyperscalers, and the likes of Alibaba Cloud are mostly about facilitating investment in China.
That could be true even if the result is intensified competition in the global tech space, analysts suggest.
“It wouldn’t be the end of the world for most UK businesses if they could no longer use a Chinese cloud provider in the UK or Europe,” says Forrester’s Miller. “There are plenty of others to choose from.
“The biggest reason for using Chinese cloud in Europe is to gain familiarity with how that Chinese cloud works, so you can quickly and easily make use of it launching products and services in China, the biggest market in the world, with more than 1.4 billion people and an increasingly wealthy urban population.”
Higher costs and charges
Hannes Gredler, co-founder and chief technology officer at telecoms-focused routing software maker RtBrick, points out that removing lower-cost providers can push product prices up, resulting in higher costs and charges for businesses.
However, UK providers might be driven to innovate with fewer lower-cost geographies present in the market to rely on. Being required to report better results each quarter can shrink the incentive to take risks that impact on funding. Huawei is one company that came in and succeeded with kit that works at a lower price point, he notes.
“With lower labour costs, you can have less incentive to look for more efficiency, for example, by spending on automation,” says Gredler. “Amazon Web Services and Azure are so good partly because they’re paying for a software engineering workforce in the most expensive geography.
“On the other side, you have state-government actors with basically infinite money to buy into that market. Can you really compete?”
When software is fully abstracted from hardware, cyber risk is not only less of an issue but the playing field is further levelled for software. And already software providers are expected to “show up bare naked”, showing their source code and passing security audits, says Gredler.
The trend towards more secure, disaggregated infrastructures can also enhance competition among software providers, including cloud companies building their own stack with different bits and pieces as it best suits – helping to keep the lid on price rises across fragmented markets for networking and mobile.
“This big wave about to hit has come from from completely different drivers, giving almost the best of both worlds,” says Richard Brandon, vice-president of marketing at RtBrick. “The barrier for entry, by not having to do your hardware, can be fundamentally lower. Lots of players will see that opportunity and jump to it.”
Rob Rutherford, chief executive officer at cloud services provider and consultancy QuoStar, agrees it’s now possible that Chinese companies might be pushed out in what almost feels like a new Cold War between China and the West, with digital infrastructure and cloud platforms particular areas where nation-states are trying to seize advantage.
One less appealing consequence could be a more polarised global technology market, with some countries aligned to Chinese tech and others favouring the US.
“China’s been protecting their market for a long time – the West hasn’t, but the drum is beating more now,” says Rutherford. “If you can put them in Google or Alibaba, which will you choose, especially when your whole operation runs on it?”
Must the UK align to one or the other? Why not build our own?
More issues to consider
“We don’t really have any of our own large providers, so we’re sort of proxy to the US – but perhaps we should,” he says. “We do have some niche, highly capable platform stuff – in aerospace or scientific, but on general, ‘Big-Bang’ cloud stuff, we don’t have anything.”
Rob Nash, founder of online communities and communications platform provider 4 Roads, points out that less interaction reduces the chances of a cross-pollination of ideas.
“Actually, communities are part of a bigger tapestry of what businesses need to do,” he says. “We now specialise in trying to use technology to enable that kind of seamless transition between devices, communication or finding data.”
4 Roads virtual events during lockdown included pulling together an infrastructure enabling a worldwide shipping firm to chat via video sessions and the like from wherever they were.
“We ended up just actually avoiding the issue, using VPNs and things. The China aspect is making or starting to make things difficult. Having to have a registered company inside the Great Firewall and things like that is a blocker,” says Nash. “Yet roughly 20% of the global population is in China.”
The upshot was that 4 Roads would have had to jump through more and higher regulatory and business hoops to show responsibility, accountability, registration and validity for activity on the Chinese government’s terms, as well as solving for compliance demands in the UK, EU and other places.
“Even then, in getting through the firewall, you still had to reduce your security protocols down to TLS. They were basically insecure,” he says. “If we have another customer that has a presence in China, we’re going to face this again.”
Global consensus
Nash calls for global consensus on data privacy and “how we exist in the digital world” to reduce the need for firewalling each other off. Companies now rely on cloud tech to target global markets.
A rise in protectionist policies and inward-looking trade and business practices for whatever reason can mean losing the chance to benefit from the diverse wealth of human knowledge, experience and innovation, says Nash. “As a civilisation, we have to be very careful about where we’re going, because I do agree we seem to be in almost a technological Cold War, and we live on a very small planet.”
Forrester’s Miller notes that there’s currently no “serious indication” the UK will move to exclude Chinese cloud companies, but it is always a possibility to consider in risk assessments – as is recent enthusiasm for non-US “sovereign clouds” in parts of the EU to a lesser degree.
“In neither case is it sufficiently serious for Forrester to recommend that existing users immediately move their workloads to a European or British cloud,” says Miller.
Meanwhile, due diligence remains critical for any partnership or investment, and is more complex when varying legal, political or cultural norms pertain.
“Decisions should constantly be reevaluated,” says Nash. “A deal or arrangement that made good sense in 2012 might be a liability in 2022. Don’t panic and don’t overreact, but continue to evaluate every partnership for the benefits – and liabilities – it brings to your company and your customers.”
China-based cloud providers could not provide a spokesperson for interview at the time of writing.