China to develop trust rating index for cloud vendors

Chinese government will allow only those with full security clearance to be involved in government projects, potentially leaving foreign players out of such contracts.
Written by Eileen Yu, Senior Contributing Editor

China is planning to rate the trustworthiness of cloud computing vendors, allowing only those with full security clearance to partake in government projects.

The move could leave foreign companies out of government procurement contracts, according to a report by China Daily.

Zuo Xiaodong, vice-president of industry group China Information Security Research Institute, said: "The basic idea of the security rating mechanism is to find trustworthy hardware, software, and service providers to ensure the government has total control of the entire ecosystem."

He noted that the Chinese government was developing a cloud security assessment, authorization, and monitoring system similar to the U.S. government's Federal Risk and Authorization Management Program.

Rolled out two years ago, the initiative -- or FedRAMP -- was designed to streamline and standardize the security assessment, authorization, and monitoring of vendors selling cloud services to U.S. government agencies. Since then, cloud service providers such as Microsoft's Azure and Amazon Web Services have earned FedRAMP nods.

According to China Daily, Zuo is part of a team of officials who are drafting national standards aimed at avoiding security loopholes in cloud products deployed by the Chinese government. These standards will be rolled out from April.

Foreign cloud vendors will be permitted to participate the assessment, but may be required to provide key operating data and source codes for security reasons.

In a move to address increasing IT security concerns, China is reportedly looking to replace foreign technology with local products by 2020, especially those deployed in banks, the military, state-owned companies, and government agencies.

China Daily also noted that Beijing-based virtualization vendor Sugon Information Industry, was brought in earlier this year to replace VMware in a cloud project rolled out in Wuxi.

Editorial standards