A new report from Defense Group Inc., a consulting group, suggests that growth in the Chinese cloud computing industry could pose national security risks to the United States.
The report warns that partnerships between U.S. firms looking to expand their cloud market will expose them to security vulnerabilities. For example, if a U.S. firm partners with a Chinese firm, then American clients may not have control over whether their network information ends up on a Chinese cloud server. That information could become subject to China’s opaque censorship laws and domestic monitoring.
The report–entitled “Red Cloud Rising: Cloud Computing in China”–does not have any proof that China would take advantage of foreign information stored in its domestic cloud or that U.S. companies would agree to this arrangement. However, the report stresses potential security concerns. It calls the partnership between Microsoft [MSFT] and Chinese data services provider 21Vianet “alarming” since Chinese security laws give the government significant leeway in demanding data from companies operating within its borders.
The report was prepared for the U.S.-China Economic and Security Review Commission, a congressional body responsible for monitoring the security implications of the U.S.-China economic relationship.
Although Chinese attempts at domestic cloud computing have shown low reliability and logistical issues, the report finds significant government influence in the industry’s development. China’s Ministry of State Security, one of its largest intelligence agencies, has been directly overseeing the expansion of the foreign investment in Chinese cloud computing. The Chinese cloud market will grow from $2.73 billion in 2010 to $19.18 billion this year, according to a China Software Industry Association estimate cited in the report.
Cloud computing means that a third-party company manages a client’s servers, which the client can access via the Internet. The amount of usage can be scaled on demand without the client having to rework its local IT infrastructure. Cloud computing provides greater flexibility and access to information, while reducing the IT burden on individual companies or agencies.
Cloud has been a growth industry in the United States with the success of commercial cloud endeavors, including applications such as Dropbox and iCloud. The public sector has also begun exploring the range of cloud computing options, meaning that the report’s findings could impact everyday users up to large federal agencies.
The report also warns of Chinese cloud investment enabling the People’s Liberation Army (PLA) to conduct more effective cyber attacks as well as become more resilient to counterattacks. Public cloud computing services could be used as a vector for the PLA to perform attacks. Cloud architecture provides “redundancy,” meaning that the potential PLA system could survive even when individual nodes are affected. A cloud-based system would also help the PLA to connect its various information gathering tools, giving it greater efficiency.