close

Endpoint Security Hy Login

[Note: below is Chapter 13 from ]

At the various schools, colleges and organizations I have worked at on the mainland, each facility was staffed by employees with a diverse range of technical abilities.  In addition, the equipment ranged from slightly dated to cutting edge.  While I have had the chance to work on a SugarCRM and Drupal wire frame development project domestically, I think some general statistics will give you a better idea of the size, scope and marketshare of the software and IT service industries in China.

According to their 2012 annual report, the Ministry of Industry and Information Technology estimated that China’s software and information services in 2011 had an output of $60 billion, “up nearly 40 percent year-on-year.” IBISWorld estimates that the entire software and IT industry in China “generated revenue of $284.02 billion in 2011, up 35.1 percent from 2010.”

For perspective, India’s business process outsourcing and IT industries generated $100 billion in revenue in 2011.

In terms of BPO growth – which is commonly called offshoring in the West – NASSCOM estimates that Indian firms generated $11 billion in BPO revenue in 2008 and $32 billion in 2012. In comparison, by one estimate the Chinese BPO sector “generated revenues of US$3.52 billion in 2009.” Another estimate, by XMG Global, shows that Chinese outsourcing firms generated $43.1 billion in revenue in 2012 (compared with $63.2 billion in India).

Since its humble beginnings as an importer of DEC computers in the late 1970s (e.g. the PDP-7 minicomputer) China’s software development and IT services industry have grown dramatically and by one optimistic estimate, could generate $635 billion by 2015.

Yet for perspective, the US software industry generated $261 billion in 2007 and the ten largest US software companies alone generated over $235 billion in 2010. Furthermore 63 of the world’s largest software companies are headquartered in the US compared with 2 in China.

Big numbers, big opportunities

What this means is that for US-based firms, there are numerous opportunities to provide both software and related-services to the Chinese market.  And while market access and intellectual property (IP) infringement issues continue to dominate bilateral forums, there is still potential for foreign firms – especially those that focus on services – to gain substantial market share.

For example, in November 2012 I spoke with Larry Chang, the CEO of Pro-Lambda Solutions which specializes in Computer Aided Engineering (CAE) solutions and provides CAE software packages. Chang is originally from Taipei and had spent 25 years working in the CAE industry including in the US.  After conducting due diligence, he created a startup in Shanghai five years ago based on some surprising market research: there is no domestic CAE software company that actually develops and sells its products abroad (yet).  Or in Chang’s words, “zero engineering software products that are made in China are sold outside of China.  As a consequence everything is by-and-large still imported from other countries.  Obviously, something is missing here; if and when we can provide this missing part to the society, the economic payback will follow.  That is the opportunity we see and value.”

This is not to say that Chinese individuals and software companies do not make innovative or exportable software.  For example, Kingsoft (金山软件) is a Chinese developer that develops antivirus software and a office productivity suite called WPS.  It has 50 million monthly active users globally. Internet giant Baidu recently invested in the firm as well. Similarly, local software engineers like Ni Chao, a developer in Beijing, can and do create innovative solutions to large-scale problems such as purchasing train tickets during peak hours. Innovation takes place outside of the computer world as Reuters recently aired a story about various inventions used by migrant workers on their long journey home during Spring Festival, such as a local designed “seat sleeper” that enables passengers without beds to sleep on a mobile tray that can be leaned on. And in another fulfillment of Plato’s dictum “necessity is the mother of invention,” The Telegraph discovered a Chinese man of modest means whohand-built a working dialysis machine that has kept him alive for the past 13 years.

Yet Arthur Kroeber, founder of the research firm Dragonomics sees scalability issues even with this promising amount of creativity.  In March 2013 he told a literary panel in Beijing that, “What’s sad is the amount of creativity you see in China is phenomenal but it’s not always directed in ways that are ultimately productive.” He likened it to figuring out how to create homemade solutions to a car whose parts are no longer on the market, yet running into problems trying to create “innovative solutions which are scalable throughout the entire world.”

As a consequence, Chang’s long-term vision is to become the first mover, to build and design engineering software in China which is then exported abroad.  There is a small twist to his strategy.  One of the problems he (and others like David Veksler cited later) have noted is that if you build and try to sell a product in China, most Chinese consumers will consider the quality is of lesser value.  That a product is perceived to be “better” if it originated from a foreign country is a stigma that Chang is hoping to reverse.  Thus in August 2012, Pro Lambda began selling its software solutions to the international market with the intention of giving his team experience, credibility and real-world feedback, before they attempt to sell directly on the mainland.

While traditional software solutions may be a risky business, services also have its share of challenges.  According to Chang, “one of the problems with the service industry as a whole and the software industry in particular is that this value added service is relatively unknown – and quite a suspicious concept to most Chinese consumers and businesses.  For example, upon buying your software they often think ‘why do we have to pay for your services since we just bought your software?  You owe me, not the reverse.’  Thus, this is a long-term challenge but I think enterprises and developers have begun making inroads as a younger generation of consumers has begun to understand the importance and value of this business model.”

There are also a few reasons why this lack of engineering software exports exists.  Yet according to Chang, this absence presents an opportunity for those willing to do the training needed.  For example, he notes that “software architects continue to live and work outside of China as do nearly all software product managers and development facilitating teams.  As a consequence, what has moved to China in the past decade is the ‘digital assembly line’ – coders and programmers are pretty much all that currently exists.  These coders and programmers are overseen by a project manager who coordinates with the foreign-based research and development office.  Yet, there is no facilitating team and no product team for engineering software on the mainland.”  Chang’s comment about a dearth of software architects was recently echoed by Ji Yongqing.  Ji is a technology author on the mainland who noted that while there are many programmers in China, relatively small amounts of resources are put intolong-term projects to generate high-end skills, ideas and fundamental software research.  In his words, “Even now in the internet industry, everyone talks about product managers and no one talks about software architects, but in truth the two are equally important.”

Furthermore, there are at least two systemic issues for this phenomenon as David Veksler (see below) and Chang both note: the first is that most Chinese students typically did not participate in team-based activities throughout school.  Thus when they are required to work as a team on larger scale projects, they often have difficulties adjusting to cooperation-based tasks – because they have been culturally raised to always compete and silo off information that can be traded and exchanged like currency.  Or in other words, whereas many Western education systems encourage teamwork and cooperation, older generations in China were taught a different style which relies more on trust networks (e.g., only share information with those you know, with whom you have guanxi) instead of “being a team player.”

Another key issue which is being addressed and discussed at every level and corner of Chinese society is fostering innovative thinking and creativity – taking the initiative to “think different” (see Chapter 20 too).  Yet there is a Chinese phrase that describes and explains why this same phenomenon is being repressed (and one that many Westerners are familiar with): 树大招风、枪打出头鸟or in English, “the stake that sticks up gets hammered down.” There are numerous requirements to build a “creative class” – yet there are also numerous cultural and institutional hammers that prevent this from germinating and blossoming on the mainland.  And while rote memorization and a lack of institutionalized ‘free thinking’ (e.g., ‘free expression’) are typically cited as the two main reasons, there are a number of additional factors that explain the constraints on domestic creativity, those would fill volumes if fully discussed.

Yet to be even handed, this is not to say that Chinese people are not creative or innovative.  For example, there is an entire industry of shanzhai (山寨) products such as customized smartphones which are cobbled together in a MacGyver-like fashion (though some segments are being shut down). Similarly, web services such as Sina Weibo actually made it very easy to find and maintain trackbacks which illustrates indigenous ingenuity.  On that point, Gary Wang, founder of Tudou (a video streaming site that merged with Youku last year) recently told The Wall Street Journal that Chinese incubators, app-makers and innovators actually have cutting-edge, top-quality ideas comparable to those in Silicon Valley. However in his view they fall short due to a lack of experience and skills because of “the educational system and shorter start-up culture.”  Thus there is long-term potential as Larry Chang noted, for utilizing and training local talent for research and development.

Proprietary leakage

Later on in this chapter I discuss trade secrets and IT security issues, but one real-world case study that entrepreneurs should be aware of is what Chang himself faced several years ago.  His sales team abruptly left and took corporate proprietary information with them and as a consequence his sales bottom line was “burned.”

Instead of offering higher pay and enforcing stricter rules, he simply showed the predicament of the start-up company to his employees.  What he does is explain to each employee that while they could become temporarily richer by leaving and selling proprietary information, if they stayed and continued to build the company the results and rewards would be substantially larger in the long-run. Thus he considers his employees as partners, not employees – continuously trusting them with vital information while painting a picture of the future in which they are compensated significantly more than they might have otherwise in the immediate short-run.  As a consequence, Chang figuratively keeps the door open for all staff and is certain that any proprietary information that does leave would find little market value due to his focus on branding (i.e., why buy a pirated copy of software for the same price as the legitimate software?).

And while it remains a challenging market, as he also noted that “while a younger generation of engineers are willing to buy some types of software and government institutions are required by law to stymie digital piracy, many of the top enterprises, institutions and organizations on the mainland still typically use pirated copies and do not feel bad about it.  This presents an opportunity though and I do not begrudge them,” Chang said, “for example, in order to export a product domestic firms will have to eventually benchmark it with a legitimate copy of the software in order for foreign customers to trust its quality.  As it stands now, piracy is a form of free marketing and advertising.  As subsequent generations of users adopt and use the software they will begin to trust the product and eventually buy both the product and support services.  Take Hollywood films for example.  If copyright enforcement and penalties had been very strict, it is highly likely that no one would havewatched the films to begin with.”  This last point is germane to the rapid growth of video stream sites like Youku, who arguably would not have gained preeminence if they had not stored and streamed copies of Hollywood films (Youku has now signed agreements with every Hollywood studio, see Chapter 14 for more).

As a consequence, after hiring his first software architect five years ago, Chang’s firm now has about 30 employees, with growth rate targets of 30% annually, the profit of which is recycled and reinvested back into the company.

Services

In December 2012 I spoke with Richard Qi, the director of SR Force Consultants, a Brisbane-based software consulting firm that focuses on providing SugarCRM solutions to the Chinese marketplace – specifically to joint-ventures and foreign-owned firms. CRM stands for customer relationship management; it is a type of organizational and productivity software that creates a streamlined method for tracking, converting and managing leads and is used at nearly every large enterprise in Western countries.  Qi is originally from Dongbei (中国东北) and worked in Australia for 10 years before returning to the mainland two years ago.  According to him, “while there is a lot of growth potential, one of the challenges to providing technical services and solutions is that many local firms simply have not done the necessary due diligence to implement and fully utilize a lot of the software and services they purchase.  For example, SAP implementations have a roughly 70% failure rate on the mainland (e.g.,initial production goals were unmet) because local customers and decision makers typically do not know what to do after the software is installed and integrated.”

While moving to the cloud is increasingly popular, another area where US expertise and experience still thrives and cannot be easily copied is support services.  For example, Gartner forecasts software-as-a-service (SaaS) reached $14.5 billion globally in 2012, with US-firms taking the lions share at $9.1 billion. And Parks Associates estimates that the US tech support industry will “grow from $9.6 billion in 2011 to more than $20 billion by year-end 2015.” Can you or your company provide such services?

There is an app for that

Another potential area for US and foreign software companies is modifying their iOS and Android apps for the Chinese market.  As I mentioned in Chapter 6, China is now the world’s largest smartphone market, overtaking the US this past summer.  In addition, there are certain demographic groups, such as the elderly (aged 55+) that have been thus far overlooked for targeted apps, specifically games.

What is the breakdown for app ecosystems?

While iOS remains relatively popular within China at more than 17% market share as of Q2 2012, more than 80% of all smartphones sold within China were Android-based. And in Q3 2012 Android marketshare on the mainland reached 90.1%. This mirrors global adoption rates, as of November 2012 Android-based devices now account for 72.4% of the global market (iOS is 13.9%). Unsurprisingly this has brought the total Android ecosystem to more than 50% total market share in China. This has also led Eric Schmidt, chairman of Google, to actively woo Chinese developers to the Android ecosystem. Yet despite this huge potential market, nearly all of these Android phones have been stripped of Google ad-supported services as well as Google Play – replaced by custom 3rd party applications and app stores. In fact, 80% of Android phones in China use a preinstalled version of the Baidu-powered search tool instead. Or in other words, modern smartphones with Chinese characteristics.

What this means is that for US app developers, there are some opportunities to port and translate their apps and games to the Chinese market.  For example, as I also mentioned in Chapter 6, in terms of smartphones and tablets, less than 10% of the Chinese user base are older adults (55+).  This same demographic group comprises 7.1%of gaming and entertainment app users compared with substantially larger percentages in the US.

How much larger in the US?  For instance, while a Pew Internet study found that only 13% of those ages 65+ in the US had a smartphone, Nielsen reported in May 2012 that in the US, “more than 50% of those who play FreeCell, Solitaire, and Hearts are over the age of 55.” And a June 2012 study from Forrester research found that 44% of US seniors play solo games online.

In contrast, according to their 2010 report from IDC, only 7.1% of those aged 50+ in China played games.  More specifically, in terms of online chess gamers and mobile gamers, those older than 50 comprised 5.7% and 2.4% of all players respectively. Or in short, your grandparents and their peers frequently play computer games yet few software firms design games specifically for them, let alone for their Chinese counterparts.

While there may be cultural reasons for such a dramatic difference (7.1% in China versus 50% in the US), in my own anecdotal experience of walking through the parks and streets throughout the cities I have lived in, elderly Chinese seem just as apt to play memory games, dominoes (mahjong) and poker-style games as their Western counterparts.  And according to China Daily, “the turnover of China’s mobile gaming market is soon going to hit 5.2 billion yuan ($835 million) as the number of players reach 270 million.” Thus in the long run even if the adoption and penetration rate remains relatively low for the elderly demographic group, 7.1% of 202 million (the number of elderly currently in China, see Chapter 18) is a potential niche market for future growth.

And as I mention in Chapter 6, in general, developers looking to port their apps and games over to Chinese markets should consider modifying the games to include Chinese traditions, symbols and cultural tie-ins – or in other words ‘Western video games with Chinese characteristics.’  For example: the color red, number 8, and the Chinese knot (Zhōngguó jié) are all considered lucky.  Perhaps creatively integrating these symbols into your game would prove popular, just as Kung Fu Panda was (see Chapter 14).  And since Macau now generates more than six times as much as gambling revenue as Las Vegas (Macau overtook it in 2007) maybe there is a legal way to capture this market. Or rather, because gambling is popular across all demographic groups perhaps designing a social gambling game or non-monetary betting app would find success across the mainland.

Based on the wide variety of demographic groups playing games on the subway in Shanghai and Guangzhou and standing in line at restaurants, casual games such as those from PopCap (e.g., Peggle, Bejeweled, Plants vs Zombies), Imangi Studios (Temple Run), ZeptoLab (Cut the Rope), Halfbrick Studios (Fruit Ninja) and Rovio (the Angry Birds series) are also popular.  In fact, “Cut the Rope” has more daily users in China than any other country and according to the Financial Times, “around a quarter of all Angry Birds downloads are conducted in China.” It is so popular in fact that Rovio recently turned Shanghai’s skyscrapers green to market their new product and simultaneously launch a native version for the Chinese market.

Another advantage US-firms currently have in porting their apps to the Chinese marketplace: English is the 2nd largest language in the Chinese iOS app store. And this presents an opportunity for Western developers: in their September 2012 report, Distimo found that after introducing a native language app, their “download volumes on the iPhone [increased] by more than 128 percent during the next week that followed.”  And sales revenue increased by 26 percent in the same week.  Either way you look at it, even if your company does not create a Chinese-version of its apps, the potential competitive marketshare even in English remains in reach of your company.

Understanding the market

You might be asking yourself, how does the app store function in China?  Are they run by Apple and Google and are they censored?

Apple opened its first official app store in China on October 27, 2010. By June 2011, China became the second largest source of app downloads for Apple. And China sales for Apple products and services now accounts for 15% of Apple’s total revenue, $23.8 billion in fiscal 2012. In fact, Apple is actively courting Chinese developers by translating their tools and guides into Chinese. In addition to the large Android userbase, there are more than 70 Android app stores in China, which is estimated to eventually consolidate down to 10 within the coming years.

In terms of censorship, as reported by the New York Times, Apple has been selectively censoring applications in its app store based on requests by the government. And because of Google’s on-again-off-again legal fights with Chinese regulators, it is oftentimes unclear of what is being censored in the Android marketplace.  For instance, in the fall of 2011 there was a week-long period in which both the Android marketplace and Gmail application worked intermittently. This occurred once again in the early parts of the summer and fall of 2012 yet service was restored in both cases.

This also raises another visceral point.  Despite its off-and-on wrestling with Chinese regulatory authorities, with a mere 4.72% search marketshare, Google’s revenue in “China’s mobile-app ad market will probably more than double to about 1.8 billion yuan ($283 million) this year [2012], exceeding the 1.2 billion yuan from mobile-search queries.” In fact, despite these ongoing disputes with Chinese regulators, Google is “still the 3rd largest advertising revenue generator in that country doing $640 million a year (annualized).”  And despite being hard to access at times Google has roughly 15% of the search engine market on the mainland. If they can achieve this in the face of never ending challenges, then your firm has potential as well.

An app that helps find customers

Over the past 18-months Windisch-based coresystems has been working on a cloud-based digital assistant called Mila (an app) that was a finalist in the GMIC G-Startup competition held in October 2012.) Mila allows entrepreneurs and SMEs to create an online assistant and unified online store front which is hosted on the cloud for free.  The assistant (Mila) can then search social media sites like Twitter to look for potential customers based on what your company provides as services.  And once a match is found, it then guides you through a streamlined sales process including invoicing using a smartphone.

In October 2012 I spoke with Andrea Chang, the marketing manager for Mila’s branch in China.  According to Chang, in their effort to localize the brand on the mainland, Mila has partnered with China Unicom (the second largest telecom company in China). Together they have modified Mila to integrate with Sina Weibo (which I noted in Chapter 12 is the world’s 2nd largest microblog site) and Alipay (the largest online payment provider on the mainland).  According to Chang, “the process of opening an online shop is one of the easiest and cheapest ways to generate leads and do business in China.  Using an integrated chat feature that allows customers and business to speak directly to one another, Mila not only communicates directly with your customer but also conduct all transactions, including invoicing.”

Chang also noted that because of the wide proliferation of smartphones and social media in China that one of the advantages of using Mila is that its cloud based transaction model substantially lowers the sales cycle costs (e.g., locating potential customers) while simultaneously providing customer service (e.g., by storing customer contacts).  This in turn allows entrepreneurs and SMEs to compete more on service instead of spending resources on search-engine optimization (SEO) or virtual store fronts.

So how does this help foreign companies wanting to do business in China?

Again, as mentioned in Chapter 12, before your company even establishes a physical presence on the mainland, you can use Mila and other services like Wildfire to search and discover the potential customer base for your company’s products and services.  And as I mentioned in Chapter 12 as well, because Facebook and Twitter are currently blocked on the mainland, you will need a way to localize your customer search to Chinese web services.  Solutions like Mila and Wildfire makes the process easier for your team, even if you are unfamiliar with Chinese customs and culture.

Securing your network

Cybersecurity is a sub industry that is often overlooked and dismissed by many businesses in China.  It has not helped that some media outlets resort to hyperbole to describe the real – and sometimes imagined – dangers for all firms with insecure IT networks.  For example, in July 2012, General Keith Alexander director of the NSA announced that up to $1 trillion in cybercrime damage was done globally each year.  This figure was later debunked. Yet determined hackers – both domestic and foreign – can and will compromise trade secrets and other proprietary assets typically without being caught.  Because a lot of theft and digital espionage goes left unnoticed it is very difficult to guess how much damage cybercrimes create. However in September 2012, Symantec released arguably one of the most extensive studies related to cybercrime and estimated the damage to be $110 billion a year globally.

How does cybercrime affect China, Chinese business and foreigners doing business in China?

In March 2012, Businessweek published a widely circulated report about corporate espionage of a US wind turbine supplier (AMSC) conducted by its Chinese client, Sinovel. In short, while AMSC attempted to isolate its trade secrets and proprietary software code outside of China (using an ‘air gapped’ facility), Sinovel still managed to use social engineering (e.g., bribery) to lure one of AMSC’s key Austrian-based programmers to China.  An ‘air gapped’ facility in their case meant the proprietary code – “secret sauce” – was only accessible at a workstation that was not connected to the internet. Using the ‘defense in depth’ IT security strategy (e.g., multiple firewalls and secure zones nested within one another) AMSC purposefully built this facility with the sole intention of building a physically isolated silo that could not be easily compromised.  While the case is still being fought in court, this is not an isolated instance. According to Akamai, a leading content-delivery networkprovider, in Q3 2012 one third of all cyberattacks originated from China (the US was second with 13%). All told, since 2007 the FBI and the Justice Department have opened more than two dozen cases involving trade secret, economic espionage and embargo circumvention restrictions involving Chinese contractors and individuals.

One solution – a drastic solution – was detailed by the Washington Post in 2011. They interviewed several American executives who frequently traveled between the US and China each year for a variety of meetings.  A few of the executives had a straight forward security solution: buy a new iPad before flying to China, download all of the needed information from the cloud and then never use it again (e.g., throw it away).  Another simple low-tech, yet increasingly popular solution is to simply no longer provide external media outlets like a USB in a terminal with access to sensitive information.  In fact, in some IT security circles, one nickname for the USB is now “Ubiquitous Security Backdoor” due to this chronic problem – the ease in which sensitive information can be removed with a flash drive or in which malware can be conveniently installed, such as Stuxnet and Flame.

But what if the hackers simply move and setup shop overseas in your hometown?  In May 2010, NetworkWorld ran a story about an ongoing espionage attempt by unknown Chinese operators and a large US firm in the Midwest. Similarly, according to a recent Bloomberg story, right before its attempted $2.4 billion acquisition of Huiyuan Juice Group fell through, Coca-Cola was hacked in 2009 by a Chinese hacker group dubbed Comment Crew. While it is unclear whether either of the espionage activities was successful, the threat of domestic and foreign hacking should motivate your company into proactive risk assessment – even if it does not plan to operate overseas.

Yet it is not just US firms that are on the losing end of cybercrime.  According to the same McAfee study above, malware and phishing attacks cost Chinese consumers $46 billion in 2011, twice as much as the US. The Ministry of Information Technology and Industry published a report that said “in 2012 alone that foreign hackers used viruses and other malicious software to seize control of 1,400 computers in China and 38,000 websites.” In fact, according to the Anti-Phishing Alliance of China (APAC) between January and November 2012 there were 24,535 phishing websites and scams targeted specifically at China’s online populace. In addition, in just a matter of weeks into 2013, a new virus called “Bill Shocker” has already impacted 620,000 users in China targeting the popular QQ messenger (see Chapter 12). In another instance, there was a 47% month-to-month phishing surge during Single’s Day (11-11) in November 2012.  This is the biggest online shopping day of the year as mentioned in theprevious chapter.  Furthermore, Rising Information Technology, a web security company located in Beijing, estimated in a January 2013 report that nearly 200,000 Chinese websites were hacked in 2011 and at least 60% “of the attacks targeting China’s large companies, government, and scientific research institutions come from overseas.” According to Rising’s report, because Internet security typically is overlooked “[a] growing number of Chinese companies are turning to overseas Web security companies for protection, a move which still leaves them vulnerable to attacks.”

However with these challenges come opportunities for foreign security experts such as David Veksler, CEO of CryptAByte based in Shanghai. In October 2012 I had a chance to talk with him regarding some of the key opportunities in China’s nascent security industry.  He noted that “Chinese companies and foreign firms doing business on the mainland are equally in need of information protection.  Since retooling and retraining in business is increasingly based on software, losing proprietary information and trade secrets to any competitor, irrespective of physical location, can lead to losing your competitive advantage in innovation.”  Later in Chapter 20 he explains several other challenges and opportunities, but according to him, there are numerous possibilities for security experts since SMEs on the mainland are typically unaware of IT vulnerabilities such as zero-day exploits.  Zero-day exploits (or day zero) are threats and attacks that take place on the first days of a discoveredvulnerability, before a developer patches the hole(s).  Thus according to Veksler, security consultants can help train mainland-based IT departments on ‘best practices’ and preventive measures that Western firms have learned the hard way with.

How does this work in practice?  For example, the world economy is shifting from capital intensive retooling which typically involved heavy machinery, to rapid prototypers and 3D printers (see Chapter 7).  This means that capital tools are now software.  Thus if you want to steal a new factory in the 21st century, all you really need to do is pilfer software.  As a consequence, the theft of entire industries could conceivably take place, allowing perpetrators to simply take the data to the cheapest country (e.g., based on land and labor costs) and eat into the marketshare of the original innovator.

This cloak-and-dagger industrial espionage is in Veskler’s words, “actually becoming a prime motivator for innovation.  While competitors could learn trade secrets through hiring former employees or reverse engineering, because you are never quite sure if someone has hacked into your systems or used social engineering – like Kevin Mitnick did – to gain access to proprietary information, every incumbent must now continually innovate.  Otherwise their competition could use a stealth startup and out-maneuver you with your own confidential information.”  In economic theory, when a firm is successful it sends profit signals out to the marketplace (e.g., by satisfying consumer demand you become profitable and other participants take notice).  As a consequence, because the firm realizes it will eventually draw competition with these “signals of success” it has to always keep striving to improve and innovate.

Kevin Mitnick was a hacker in the 1980s who used social engineering (e.g., manipulating secretaries to give him secure access) to compromise corporate networks such as DEC and Motorola. Samuel Slater, known as the father of the Industrial Revolution in the US, was born in the UK.  He was an originally an apprentice at a cotton mill based on Richard Arkwright’s design near Cromford Mill in England.  When he immigrated to the US, he later used a design similar to Arkwright’s to kick-start the American Industrial Revolution.  This a common risk noted Kent Kedl of the consultancy Control Risks, who recently told The Economist that, “The easiest way to get intellectual property from a firm is by buying or renting an employee inside it.” Thus, a stealth startup today could conceivably appropriate proprietary information (e.g., CAD models, engineering designs) via social engineering, hiring or hacking, build a warehouse in a developing country where resources costs are relatively low, andfill the warehouse with 3D printers.  Then in turn, export the products to world markets.  Some of the practical issues involving VPNs for corporate environments, such as preventing industrial espionage, are discussed later in Chapter 20 as well.

During my February 2013 interview with Shaun Rein, founder of China Market Research, he noted that “for any company in the world, internet security is an increasingly important issue.  And especially in China I think a lot of MNCs are continuously worried about protecting IP.  As a matter of fact, our firm recently received an RFP [Request for Proposal] from a very large internet company building a marketing expansion strategy on the mainland.  As part of the proposal we are supposed to disclose our firm’s security issues to make sure we are a reliable partner to work with.  In other words, to prevent any proprietary information from being leaked by a vendor they are modifying their risk management to hedge against the possibility of being hacked.  The flip side of this is that there are currently no large barriers to entry for doing internet security consulting because the government is very supportive of intellectual property transfers at this level.  At the same time, it may be moredifficult selling antivirus software directly because then you would be competing with domestic forces and local firms like Kingsoft.  But services such as IT security are quite open.”

In January 2013, internet giant Baidu announced that it was investing in Kingsoft, makers of antivirus software (and an office productivity suite). At the beginning of this year, several media outlets such as Businessweek have released additional reports covering Comment Crew (see above), also known as ATP1 (which may be the same as PLA Unit 61398) which has purportedly hacked into nearly 150 companies and organizations in more than a dozen countries over a period of 7 years bringing this IT security issue to the attention of more stakeholders such as MNCs.

And with all of these local and international security issues laid bare, for another perspective one should also consider the comments from General Electric Vice Chairman, John Rice who recently explained that, “Despite hacking and other issues in China, foreign companies need to be there, due to the country’s potential as the world’s biggest marketplace.  The greater risk lies in staying away.” Without going into details, GE is purportedly “improving how it handles threats to its information.”  Thus eternal electronic vigilance may be the new normal but it is something that your competitors (both domestic and foreign) will probably have to overcome as well.

Takeaway: The software development, IT support and security services industry is both alive and growing at a fast pace in China.  US firms relying on traditional revenue models such as selling shrink wrap packaging will need to modify their business model for entry into China.  This may come in the form of cloud computing and software-as-a-service.  Yet either way their expertise and quality management – even at higher costs – are still marketable within China.  In addition, US firms specializing in developing apps have yet another revenue stream they can tap into if they are able to modify and translate their applications for Chinese consumption – the world’s 2nd largest app market.  Furthermore, IT security firms also have potential opportunities to secure and optimize the networks of Chinese enterprises and SMEs whom suffer billions in economic losses each year.

Endnotes:

    from China Daily [] from eWeek [] from NASSCOM [] Ibid [] from Right Site [] from InterAksyon [] See by Jeff Zhang and Yan Wang and from Times of India [] from Business Software Alliance [] from Software Top 100 [] See and [] from China Tech News [] from Tech in Asia [] See from Xinhua and from Tech in Asia [] from Reuters [] from The Telegraph [] from The Wall Street Journal [] from Tech In Asia [] It is a cultural characteristic of many regions in East Asia.  For example, the Japanese equivalent is 出る杭は打たれる. [] See also hackerspaces in Chapter 7.  See from Financial Times, from The Wall Street Journal and from The New York Times [] from Shanghai Daily [] from The Wall Street Journal [] The economic term for short versus long-term time horizons is “time preference.” See Chapter 18 in by Ludwig von Mises. [] Similarly, Hearst president David Carey recently noted that Apple and Steve Jobs “taught people how to buy digital content.”  See from Engadget [] [] from Reuters and from ZDNet []To combat piracy of Windows 8 in China, Microsoft will not sell a shrink wrapped package – users can only get it pre-installed by OEMs or by downloading it.  With the release of Office 2013 on the mainland, consumers can still purchase traditional packages via Microsoft’s online store.  See from China Tech News and from China Tech News [] One other partnership area could be to pursue a joint-venture such as the kind that Microsoft and Suning (a large mainland retailer) have recently announced.  See from China Tech News [] from China Daily [] from China Daily [] Ibid [] from China Daily [] from China Tech News [] from Caijing [] from China Tech News [] from China Tech News [] from China Tech News [] from China Tech News [] from Morning Whistle [] from Gartner [] from Parks Associates [] It is highly recommended that game developers and digital entrepreneurs read from Association for Computing Machinery.  The study noted a similar finding, including one that I also point out: “thegrowing 65+ demographic is currently not well served by the majority of commercial games on the market, creating a significant potential niche market for game developers.” [] from Apple Insider [] from Tech In Asia [] Gartner has published two others estimates which put Android marketshare globally at 68.4% in 2012 compared with 19.4% for iOS and later with Android at 69.7% and iOS at 20.9%.  See from Engadget, from Gartner and from Gartner [] See from The Guardian and from Android Authority [] from The Next Web [] Google is beginning to try and take action to purportedly prevent further fractures and forking of the Android ecosystem.  See from ZDNet and from Forbes [] While there has been a lot of discussion over the past year over whether or not it is profitable for developers to make Android apps for the Chinese marketplace, there is at least one success story that could be used as a case study: CocoaChina which makes a popular game called Fishing Joy.  See from The Next Web [] Seefrom The Next Web and from Forbes [] See Table 3, p. 9 from IDC [] from PewInternet [] from Nielsen [] from Forrester [] While unrelated to gaming see also, from PewInternet [] Gamers in a sample size of 29,392.  Online chess gamers in a sample size of 3,050.  Mobile gamers in a sample size of 1,519.  See from IDC [] from China Daily [] Mobile payments are also expected to rise markedly over the next 3-5 years, hitting $112 billion by 2015.  According to Alipay (the largest domestic online payment service), in 2012 the number of people who used mobile payment increased by 223% and “over 4.3 million people spent more money via mobile phones than PCs.”  See from China Tech News and from China Tech News [] Revenue hit $38 billion in 2012 and is expected to reach $44 billion in 2013.  See Bloomberg, from Las Vegas Review-Journal, from Foreign Policy and from The Times [] Despite initial reports that suggested a new pilot program was starting at a casino in Sanya, Hainan province (calledJesters), gambling on the mainland is currently banned.  Macau is the only nearby domicile where this is allowed.  Mainland residents must still apply for an entry visa in order to travel to Macau and are typically only allowed to visit it a few times a year.  There are exceptions, for example, if you live nearby in certain cities of Guangdong or if you have relatives living in the SAR.  See from Caijing, from Reuters, from Bloomberg, from Bloomberg and from Bloomberg [] See from The Wall Street Journal and from Financial Times [] from paidContent and from Tech In Asia [] According to Distimo, “Applications with Chinese as a language in the top 200 were responsible for the largest share of the free downloads in China at 73 percent. English was responsible for only 69 percent of the free downloads among the top 200 in China.” See from Distimo [] from The Wall Street Journal [] from PcMag [] from GigaOm [] In a January 2013 interview, Apple CEO Tim Cook predicted that China will becomethe biggest market overall for Apple.  See from ArsTechinca, from Tech In Asia and from Reuters, from Xinhua and from Reuters [] Apple is also opening up an R&D center in Shanghai.  See from ArsTechnica and from Apple Insider [] See from paidContent and from The Wall Street Journal [] One problem with this fragmentation is that applying security patches is a much longer process and sometimes never occurs, leaving consumers open to fraud schemes such as ‘smishing’ (sending phony text messages).  See from The Washington Post [] from The New York Times [] from paidContent [] Similar blockages have occurred in November during the leadership transition.  Readers may be interested in the developments with GitHub as well.  See from GreatFire and from GreatFire [] from Bloomberg [] from The Next Web [] from Forbes [] from China Internet Watch [] According to one recent report, sometime at the beginning of December 2012 Google acquiesced and removed “a feature which had previously informedusers from China of censored keywords” and “at the same time, they deleted the help article which explained how to use the feature.”  Yet according to another source “the opportunity to capitulate was lost forever when Google gave the middle finger and left.”  See from GreatFire.org and from The Economist [] from coresystems can be downloaded from Google Play and Apple’s App Store (WoStore is China Unicom’s equivalent [] China Unicom has its own marketing channel which Mila uses. [] from ProPublica [] from Wired [] In February 2013 Microsoft researchers published a report discussing reasons and variables for why certain geographic regions and areas are more or less prone to cybersecurity holes and abuse.  Unsurprisingly economic stages of development played a big role (e.g., wealthy countries have lower rates of malware infection compared with developing countries).  See from The Security Ledger [] from Symantec [] from BusinessWeek [] from Wired [] from The Wall Street Journal [] fromPC Magazine [] from Department of Justice [] from Washington Post [] from SANS Institute [] This security issue is not endemic to China.  For example, over the past two years, a school in Virginia and a hospital in Oregon accidentally lost USB drives which contained sensitive information.  See from KATU and from SOPHOS [] See from Wired and from Kaspersky Lab [] See from NetworkWorld and from Bloomberg [] from Bloomberg [] Comment Crew (also known as APT1) is also suspected of hacking into other firms (both foreign and domestic) including a high-profile case involving Solid Oak Software, a California-based firm that specializing in developing internet filtering software.  Two other large hacking organizations are the collective known as ‘Beijing Group’ and the PLA’s Unit 61398 whom are suspected of conducting economic espionage (APT1 and 61398 may be one in the same).  See from Bloomberg, from Businessweek, from Businessweek and from Mandiat [] The New York Times has repeatedly beenhacked since October 2012 as have the servers of The Wall Street Journal and The Washinton Post as well.  The perpetrators of all three are purportedly located in China.  See from The New York Times, from The Wall Street Journal, from Foreign Policy, from Businessweek and from The Washington Post [] from Shanghai Daily [] from Associated Press [] from Xinhua [] from Help Net Security [] from China Daily [] [] See by Kevin Mitnick and by Tsutomu Shimomura [] from The Economist [] Domestic Chinese firms are also investing into this segment.  See from Tech in Asia [] from Tech In Asia [] In 2002, foreign firms such as Symantec, Trend Micro and Network Associates were required to give code samples (e.g., viruses, rogue wiretaps) to the security ministry in order to receive approval for access to the mainland consumer market.  In addition to Kingsoft, domestic firms now include Qihoo 360 and Rising.  As of Q3 2012, Qihoo 360 had 442 million monthly active users and the enterprise versionreached 420,000 users (representing millions of computers).  See from The Wall Street Journal and from China Tech News [] See from Businessweek, from Businessweek and from Mandiat [] from The Wall Street Journal []
Share the post "Chapter 13 – IT and software services"
Send to Kindle

endpoint security definition download     endpoint security benefits

TAGS

CATEGORIES