Asian firms should trust no one but the tech

Concerns over U.S. surveillance are apparently leading to a "de-Americanization" of IT environments in Asia-Pacific, specifically China, as governments ban the use of U.S. technology. Is the paranoia necessary?
Written by Eileen Yu, Senior Contributing Editor

It took a while, but it seems revelations that the U.S. government has been brazenly running surveillance across the globe have finally taken a toll on American technology companies. 

Cisco Systems last week stunned the market when it said it was predicting a 10 percent dip in sales for the current quarter. The networking equipment maker pointed to the backlash in emerging markets against spying activities conducted by the U.S. National Security Agency (NSA), for the fall in numbers, according to a GigaOm report. While Cisco CEO John Chambers highlighted "an impact in China", he said the fallout was "fairly nominal" across the company's emerging market business. 

IBM in October also reported a 22 percent revenue decline in China leading to a 4 percent drop of its third-quarter profit, while Microsoft executives singled out the Chinese market as its weakest performing market during its recent quarter. 

I recently spoke to my colleagues in ZDNet China who revealed that government agencies in the country had been instructed to exclude U.S. technology products from their procurement plans whenever possible, due to concerns about the NSA. When there are locally-made alternatives, these are preferred in government procurements, but the directive doesn't restrict components that cannot be easily replaced--for instance, an IBM chip that's used in an IT system. 

While China's actions easily can be perceived to be a tit-for-tat, in retaliation to similar instructions from the U.S. government last year against China-made networking gear, business concerns about NSA are justified.

Organizations have confidential data to protect as well as local regulations to comply with. If governments like NSA have no qualms accessing and monitoring your company's data as long as they feel they're justified to do so, their actions can lead to serious questions from customers and stakeholders that your company will not be able to answer.

Add cloud to the equation and corporate paranoia is further heightened. 

In the first public testimony before the U.S. Congress by a major technology company since the NSA revelation, Google argued it should be permitted to provide more information to the public about government demands for user data. Richard Salgado, Google's director for law enforcement and information security director, said: "The current lack of transparency about the nature of government surveillance in democratic countries undermines the freedom and trust most citizens cherish. It also has a negative impact on our economic growth and security, and on the promise of an Internet as a platform for openness and free expression."

He said leaks about NSA surveillance could lead to greater Internet restrictions which could harm U.S. economic interests. "This is a very real business issue, but it is also a very real issue for the people who are considering using the cloud and for those who currently use the cloud and may have their trust in it rocked by the disclosures," Salgado said in a Reuters report.

The Indian government in August reportedly stopped its 500,000 employees from using e-mail services including Gmail that were hosted in the United States, in response to the spying scandal.

I spoke with Savvis' chief scientist Ken Owens, who noted that even U.S. customers--and not just clients in Asia and Europe--were now asking more questions about security. The U.S. cloud vendor owns 55 data centers worldwide, including two in Singapore, one each in Japan and India, and will be adding a second data center in Hong Kong later this month. It is also planning to extend its footprint to China, where it currently operates data centers through a partner. 

Previously, just half of Savvis' clientele would conduct an audit. This figure is probably closer to 90 percent, Owens said. Noting it was tough to combat this level of fear, he said: "We have to earn that trust over time and we do that by being transparent, opening up, and letting them audit our infrastructure. We show them how we operate and maintain our environment."

Because Savvis' clients include organizations from the financial services (FSI) sector, security has always been a key consideration anyway, he added. To meet the strict requirements of these customers, data is deployed such that they have ownership of the data, not Savvis, and data is stored in the customer's geography. The vendor also sets up its international offices as standalone legal entities in their respective local market so U.S. laws, such as the Patriot Act, do not apply to them. 

So there really are no changes in how the vendor approaches its business, Owens said, except that it now has to spend more time showing customers why Savvis can be trusted based on how it deploys and manages its datacenter infrastructure. 

And that's how I think Asian businesses, or any international companies worried about the U.S. government's spying eye, should assess the technology they deploy. 

The technology needs to speak for itself. If companies can easily replace a made-in-America product or service with an alternative developed locally or elsewhere that is just as good or better, then they should go right ahead and do so. But if there's a compelling reason to acquire a U.S. technology and product, they shouldn't end up choosing a poorer alternative simply because they want to appease their fears about the NSA. 

With the right processes and checks in place, such as the audits and legal setup that Owens spoke of, companies should be able to make their IT decisions based on the product and service that best meets their requirements--rather than one based on which country the technology originated.

The same principle should apply not just for technology from the U.S., but also from China, Singapore, the U.K. or any other country. Because the truth of the matter is, let's face it, every government and country is probably spying on everyone else. If you think otherwise, you probably also believe in unicorns. 

Thanks to the NSA, companies should now realize they can trust no one but the technology, and processes.  

ZDNet's Monday Morning Opener is our opening salvo for the week in tech. As a global site, this editorial publishes on Monday at 8am AEST in Sydney, Australia, which is 6pm Eastern Time on Sunday in the US. It is written by a member of ZDNet's global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and the United States.

Editorial standards