Data Center Management

Microsoft's Red Cloud Rising and the Problems of Chinese JVs

“Just because you’re paranoid doesn’t mean they’re not after you.” Catch-22 author Joseph Heller first dreamt up this phrase in his iconic novel over 50 years ago, yet it could just as easily be a by-word for US-Sino relations today. The past 18 months have seen a flurry of US government-sponsored reports naming and shaming China as the biggest cyber-threat to its national security. Then, of course, the NSA revelations turned things on their head thanks to whistleblower Edward Snowden and China had cause to be concerned. Well now, the latest report from Washington, Red Cloud Rising has brought the whole cyber-espionage debate uncomfortably close to the lot of the enterprise IT manager.

Commissioned by the Congress-funded US-China Economic and Security Review Commission and produced by the Center for Intelligence and Research Analysis (CIRA), part of US defence contractor Defense Group Inc., it deals with the risks and vulnerabilities of cloud computing in China and America’s exposure to it. The most interesting passage, however, concerns Microsoft’s tie-up with local datacentre services partner 21Vianet to offer Office 365 and Windows Azure services to Chinese customers.

Despite acknowledging that Microsoft’s plans are still to be finalised, the report warns of two potential risks to US customer data – and by extension the data of UK customers and users elsewhere. The first, the report states, is that Redmond’s current plans are to integrate its 21Vianet datacentres in China with its global cloud computing network. This could mean that any business using Azure whose cloud-based systems contain information from US/UK citizens could technically store that data in China-based datacentres if they wanted, potentially without the knowledge of their customers.

Although this is pretty unlikely at the moment, things could change in the future as China’s cloud computing market evolves, the report claims. “The fact that Windows Azure’s users can seamlessly switch their data between any of Microsoft’s global servers suggests that if future incentives for use of Chinese public cloud infrastructure arise, Microsoft’s global customer base will face low operational barriers to utilising them,” it argues.

The second risk is that faced by all service providers operating in China, that Microsoft could be forced to hand over key data or even source code to the PRC government under its sweeping national security laws:

“If Microsoft’s Chinese and non-Chinese cloud datacentres are interconnected in the manner currently planned, there is a risk that any legal demands the Chinese government makes of 21Vianet to access and monitor its datacentre operations (even if ostensibly for legitimate regulatory or law enforcement purposes) may in turn allow the Chinese government to access foreign datacentres outside China through Microsoft’s Windows Azure network.”

The response

So should IT chiefs treat these points with genuine concern or dismiss it as yet more US government paranoia? Well, a Microsoft spokesperson got back to me to “clarify some facts”:

Microsoft licenses its Windows Azure and Office 365 technologies to 21Vianet. 21Vianet, in turn, operates separate instances of Windows Azure and Office 365 from datacentres they control that are located in China. 21Vianet does not have access to Windows Azure and Office 365 services and datacentres operated by Microsoft outside of China.

That seems pretty self-explanatory, then. Microsoft is not inter-connecting its Chinese and non-Chinese datacentres – at least, not yet – answering pretty much all the security concerns raised in the report.

Various analysts I spoke to also played down the potential for any Azure security risks resulting from Microsoft’s China venture. Forrester senior analyst, Gene Cao, for example, agreed with the report’s recommendations that any perceived risk could be easily mitigated by “network technology and security policy settings, including appropriate data segregation and limits on network administrator privileges”.

“Furthermore, the Chinese government's focus on information control are directed at sensitive industries or areas like defence, where foreign companies are not allowed access in China,” he added. “Other commercial businesses that involve foreign companies will be lower on the priority list for Chinese government to regulate.”

A problem for all

That said; there’s probably a lesson here for technology vendors and customers alike.

Microsoft is anything but alone in its China adventure – SAP, IBM, EMC and others have all begun operations there. However, it is the first major cloud provider of its kind to attract these kinds of concerns from Washington and certainly won’t be the last as China continues to open up to foreign investment. Fail to deal decisively with such concerns, no matter how far-fetched they sound, and you can be sure your rivals will try to exploit the situation to the max.

It is a problem that will increasingly face global IT companies as they tap lucrative emerging markets like China, where compliance with local laws is a prerequisite before trade and investment can begin. While the cloud has made business easier and created previously undreamed of IT efficiencies, it needs to be handled correctly at an infrastructure level to make sure risks are managed appropriately. The order of the day for the IT manager then is hefty due diligence, to make sure any prospective provider is following best practices.

Paranoia, it turns out, is not a bad trait to have in this business.


John Anderson has been writing about technology and all things Asia for over a decade. From his perch in the Far East he keeps a keen eye on the global significance of emerging trends in the region.


« Disrupt Your Business and Evolve


Split Up Microsoft to Regenerate a Great Company »
John Anderson

John Anderson has been writing about technology and all things Asia for over a decade, having started out on some of the UK's best known best-known IT trade titles. From his perch in the Far East he keeps a keen eye on the global significance of emerging trends in the region. 

  • Mail


Do you think your smartphone is making you a workaholic?