This article was published in Computer Weekly on December 20, 2021. You can read the original article here
When the UK decided to eject Huawei as a key 5G hardware supplier, any observer could spot darkening clouds over this country’s relationship with China, so could other China-based providers such as Alibaba Cloud also fall under a “less-favoured supplier” category and be pushed out of the UK market?
Paul Miller, principal analyst at Forrester, notes the Chinese market is increasingly important to UK firms, with Chinese cloud providers having plenty to offer UK- and Europe-based businesses. However, it is getting harder for UK-based and Chinese businesses to work together.
“Tougher rhetoric from several European capitals and Beijing’s apparent tightening of oversight of some Chinese tech firms all encourage UK (and European) firms thinking about a Chinese cloud to move more slowly,” says Miller.
Recent US sanctions and pressures have sometimes made it difficult for Chinese providers like Huawei to source components or license software, while the EU too essentially considers China a “systemic rival” even as it struggles to balance competing concerns, he adds.
Rob Dartnall, head of intelligence at cyber threat intelligence supplier Security Alliance (SecAlliance), agrees there’s a “cadence” of sanctions and statements from the US, EU, UK and others, and legislation such as the National Security Investment Act, aimed at protecting financial services and critical infrastructures that may lead to more firms pushed out if seen as too close to the “wrong” side.“
There’s also been tremendous talk in the Chinese media around the need to move away from Western systems, functions and things like SWIFT payments,” says Dartnall. “For Russia, too, that will likely lead to some retaliatory cyber campaign.”
Caution on involvement with rival nation-states can be warranted from national infrastructure cyber-resilience and supply chain risk perspectives – especially in light of recent disruptions that showed just how vulnerable long, globalised supply chains are, he says.
Backdoor leaks and attacks are possible, and software can be modelled to use the twin to develop sophisticated and bespoke cyber attack strategies.
“If you are the supply chain and don’t even have to compromise the supply chain, you’re stronger,” he says. “We’ve seen bad code injected into devices, into software.”
Christian Morin, chief security officer at Canadian unified security supplier Genetec, points out that even hardware typically has software running on it which can be compromised, so cutting links even with hardware firms that have close ties to the Chinese government makes sense.“
The fundamental issue is one of trust,” says Morin. “You can bypass some security mechanisms through hardware when vulnerabilities are discovered.”
Morin feels that strong risk management should entail a move away from business partners and use of equipment made by countries like China, or at the very least, close analysis of involvement case by case, regardless of government action.“
In some cases, it might make sense to work with a Chinese organisation or provider, depending on the workload, sensitivities and risk tolerance,” says Morin.
If Chinese providers are pushed out, though, UK cloud providers might seem unlikely to take a hit – not least because Chinese investments in datacentres in the region remain a drop in the ocean compared with those by the US hyperscalers, and the likes of Alibaba Cloud are mostly about facilitating investment in China.
That could be true even if the result is intensified competition in the global tech space, analysts suggest.“It wouldn’t be the end of the world for most UK businesses if they could no longer use a Chinese cloud provider in the UK or Europe,” says Forrester’s Miller. “There are plenty of others to choose from.
“The biggest reason for using Chinese cloud in Europe is to gain familiarity with how that Chinese cloud works, so you can quickly and easily make use of it launching products and services in China, the biggest market in the world, with more than 1.4 billion people and an increasingly wealthy urban population.”
Hannes Gredler, co-founder and chief technology officer at telecoms-focused routing software maker RtBrick, points out that removing lower-cost providers can push product prices up, resulting in higher costs and charges for businesses.
However, UK providers might be driven to innovate with fewer lower-cost geographies present in the market to rely on. Being required to report better results each quarter can shrink the incentive to take risks that impact on funding. Huawei is one company that came in and succeeded with kit that works at a lower price point, he notes.
“With lower labour costs, you can have less incentive to look for more efficiency, for example, by spending on automation,” says Gredler. “Amazon Web Services and Azure are so good partly because they’re paying for a software engineering workforce in the most expensive geography.
“On the other side, you have state-government actors with basically infinite money to buy into that market. Can you really compete?”
When software is fully abstracted from hardware, cyber risk is not only less of an issue but the playing field is further levelled for software. And already software providers are expected to “show up bare naked”, showing their source code and passing security audits, says Gredler.
The trend towards more secure, disaggregated infrastructures can also enhance competition among software providers, including cloud companies building their own stack with different bits and pieces as it best suits – helping to keep the lid on price rises across fragmented markets for networking and mobile.
“This big wave about to hit has come from from completely different drivers, giving almost the best of both worlds,” says Richard Brandon, vice-president of marketing at RtBrick. “The barrier for entry, by not having to do your hardware, can be fundamentally lower. Lots of players will see that opportunity and jump to it.”