Study portrays Microsoft’s cloud computing in China as potential U.S. security threat

MicrosoftChina-300x180Earlier this year, Microsoft claimed victory in the race to be the first major multinational tech company to win the rights to offer public cloud computing services in China. Considering that a) China’s cloud computing industry is underdeveloped, with few providers of advanced network services, and b) the cloud computing market is on track to be worth between $122 billion and $163 billion by 2015, this victory was far from an insignificant one for the company.

Indeed, not long after Microsoft’s executives announced the impending launch of Azure in China, seasoned Beijing-based Internet mogul (and former Microsoft and Google executive) Kai-Fu Lee publicly recommended that Amazon Web Services follow Microsoft’s lead to bring its own vaunted cloud computing services to the country. A new report, however, paints Microsoft China’s cloud computing services in a new light — not as an example of a major American tech company successfully accessing a potentially very lucrative Chinese market, but rather as a potential threat to U.S. national security.

The report, “Red Cloud Rising: Cloud Computing in China,” was commissioned by the Congressionally-funded U.S.-China Economic and Security Review Commission and written by the Center for Intelligence and Research Analysis (CIRA), which is part of Defense Group Inc., a Virginia-based defense contractor. In the report, CIRA, whose analysts are known for their strong educational credentials and Chinese language skills, isolates Microsoft’s partnership with 21Vianet — the Chinese data-centers operator with whom Microsoft is entering the market — as a potential security risk for two reasons:

1) Storage of U.S. citizens’ data in China

Microsoft currently plans to fully integrate the mainland Chinese cloud computing centers, which will be operated by 21Vianet, into its global cloud computing network. As CIRA states: “This means that any corporation using Windows Azure whose cloud-based systems contain information from U.S. citizens could easily store that data in China-located, China-operated infrastructure if they wanted. In such a case, the U.S. citizen might not necessarily be aware of the fact that the company has any dealings with China, much less that their data is being stored there.” In short, U.S. citizens’ data could end up being stored in China without their having any knowledge of it.

2) Chinese government cooptation of Microsoft’s global cloud network

Chinese laws give the government “incredibly broad powers to make compromising demands from information and communications technology companies operating within its borders.” Thus, in theory, the government could require Microsoft to turn over data from its networks or even information, such as source code, “that would allow (China’s) defense and intelligence services to completely compromise systems such as those to be operated by 21Vianet.”

Defense News, a weekly international publication focused on defense related issues, seized upon this portion of CIRA’s report and its use of the word “alarming” to describe the development of the Microsoft 21Vianet partnership — characterizing the entire partnership as an “area of concern” for U.S. officials. But are Microsoft China’s cloud computing services really a threat to U.S. national security?

Not exactly, for two reasons:

1) CIRA is writing about a hypothetical situation

Microsoft has not yet integrated its Chinese cloud computing centers into its global network, so no current threat exists. Rather, CIRA is focused on the potential problems associated with such a network if it is launched without appropriate safeguards. In other words, CIRA is speaking about the hypothetical risks associated with a hypothetical structure by which Microsoft would offer cloud computing services in China.

2) Microsoft can mitigate the risks identified by CIRA

As the report itself points out, these risks can be easily mitigated. When it comes to the storage of U.S. citizens data on Chinese-owned and operated infrastructure, CIRA even notes “it appears unlikely that Chinese cloud computing will be used by U.S. corporations in this manner.” As for the vulnerability of Microsoft’s global cloud computing network to Chinese government cooptation, CIRA writes: “[t]his risk can be mitigated by designing the network with appropriate data segregation and limits on network administrator privileges.”

While CIRA’s report may be a bit presumptive and Defense News’ portrayal of it a bit alarmist, “Red Cloud Rising” and the media coverage surrounding its early September release do highlight one very salient fact: for U.S. tech companies, the process of entering and maintaining operations in the Chinese market is both complicated and controversy-laden.

Microsoft’s experience is a case in point. While U.S. officials worry about the potential privacy and tech transfer concerns associated with Microsoft’s continued expansion into the Chinese market, Chinese officials fret that Microsoft is a Trojan Horse for American political values and intelligence services. As of yet, none of these concerns have completely impeded Microsoft’s aggressive push to unveil new products and services in China, but they do make the Redmond-based tech giant’s life significantly more difficult. Far from just having to navigate the process of operating in the complicated Chinese marketplace, Microsoft also has to deal with the politics associated with such operations. Simply put, Microsoft has to find a way to satisfy not just the Chinese consumer, but also the powers that be in both Beijing and Washington — powers whose preferences are often diametrically opposed.

Editor’s Note: contextChina is a Seattle-based media company following the growing impact of China on the Pacific Northwest across business, technology and policy. You can follow contextChina on Twitter @contextchina.

  • guest

    Excuse me Todd/John, how is it ok editorially for a posting like this to go up and represent itself as unbiased “reporting” when in fact the individual writing the piece has an advisor who is an MSFT corporate VP and nowhere is this acknowledged?

    This is, from all appearances, astro-turfing.

  • Out For Justice

    Good to see a reporter brave enough to put the truth out there regardless of the backlash! Way to go!

    guest as usual is posting obscure falsehoods to discredit anything that goes against Microsoft…

    • guest

      I called it for what it was, a failure to disclose a potential conflict of interest.

      Grow up.

    • Guest

      The story is neither pro nor con MS, except perhaps in your troll brain.

      • Out For Justice

        “troll brain”, kettle to pot, “your black”

  • kristiheim

    In response to “guest” : Harry Shum was one of our early business and tech advisors when we first started up the company and is still acknowledged on our advisor page, but he hasn’t been in contact with us in a long time. He played no role in our content decisions whatsoever. And his involvement then was as a private individual, not a company representative.

    Just like GeekWire, Xconomy or other web-based media have both sponsors and event partners, and also independent coverage and analysis of the some of those same companies, we don’t let any one of them influence what we write on the news side, and importantly, they never seek to do so. One look at Robert O’Brien’s archive should make that perfectly clear.

    Kristi Heim, co-founder and managing editor, contextChina

    • guest

      Yes, but proper journalistic ethics is to state these conflicting relationships up front. Which was not done in this case.

      Regardless of when he may or may last have been actively involved contextChina, he appears on the site, and as a consequence gives the impression of being a source of advice if not actual funding, and as a result gives the appearance of a conflict of interest.

      If you don’t want to be accused of astro-turfing, then simply acknowledge this sort of relationship up front when you write a piece like this.

  • Guest

    Good, well balanced, article. Ignore the haters.