China’s cloud service providers should beef up their security ecosystem as building capacities and managed security service is set to become a new growth area in the increasingly challenging area of security, according to IDC’s latest report titled IDC MarketScape: China Cloud Service Provider Security 2017 Vendor Assessment.
China’s public cloud computing market expanded 54 percent in 2016 from a year earlier as more and more enterprises started to deploy their business to the public cloud, IDC data showed, indicating that the market has been gaining momentum. However, recently enterprises are increasingly becoming the targets of hackers as the digital transformation boosts their digital asset value, making security a major concern for public cloud service tenants.
The report provides an in-depth assessment of the cloud environments of 11 representative cloud service providers in the China region where IDC identified leading cloud services in the China region for 2017 including: Alibaba Cloud, Tencent Cloud, AWS, Azure, Huawei Cloud and Kingsoft Cloud.
The assessment report covers three aspects: security capability, security strategy and security input.
Unprecedented Security Challenges
Digital transformation has linked enterprises’ business security closely with IT security, resulting in a big increase in enterprises’ digital asset value. This has also attracted the interest of criminals and hackers, posing a huge threat to enterprises’ digital assets.
In May 2017, the WannaCry blackmail virus once again sounded the alarm bell, attesting to the fact that a considerable number of enterprises urgently need to improve the security of their IT systems.
As public cloud tenants generally lack the ability to build security in a cloud environment, therefore cloud service providers have an unshakable responsibility to safeguard their cloud tenants’ business security. Thus, cloud service providers are facing unprecedented security challenges.
Concerted Effort by the State, Cloud Service Providers and Cloud Tenants
IT security systems must be built with the strong support and close supervision of the government. The Chinese government has elevated the importance of cyberspace security to the level of national security, though cloud service providers also bear an unprecedented level of responsibility when it comes to security.
It is essential that cloud service providers play the role of managed security service provider (MSSP) to help their tenants build secure IT systems.
For cloud tenants, the only way to foster their strengths, circumvent their weaknesses, and use the capabilities provided by cloud service providers to strengthen the security of their IT systems is to raise their own security awareness and forge in-depth cooperation with cloud service providers.
Strengthen Security Ecosystem Building
It is widely known that the security capabilities offered by cloud service providers have much room for improvement. In order to learn from others' strong points to bolster their own weak links and win tenants’ unanimous recognition of their security strength, cloud service providers must engage in in-depth cooperation and close collaboration with professional IT security vendors through security ecosystem building.
Building a complete security ecosystem will provide more reliable technical support for cloud service providers and their tenants.
“Implementation of the Cyberspace Security Law of the People's Republic of China means that cloud service providers now bear even greater security responsibilities. Cloud security capability enhancement will become one of the important strategies for cloud service providers in the future,” said James Wang, Senior Research Manager at IDC China.
“In addition, as enterprises generally lack security planning and building abilities, they will have an urgent need for managed security service in building next-generation security systems. Globally, the managed security service model has been widely accepted by enterprises, while China’s managed security service market is still in its early stages.”
Drawing upon their sound security ecosystem and rich security experience, public cloud service providers in China can provide managed security services to their large number of cloud tenants. Consequently, cloud service providers will be most likely to become the best practitioners of managed security services.
Since China set up the Central Leading Group for Network Affairs in 2014, the importance of cyberspace security has risen to the height of national strategy. Following the release of Cyberspace Security Law of the People's Republic of China, the National Cyberspace Security Strategy and other related laws, regulations and policies in recent years, security and trustworthiness have become key to enterprise-level users’ IT system building.
For important sectors and fields such as public communications, information services, energy, transportation, water conservancy, finance, public service and e-government, it is more important to ensure a secure and trustworthy key information infrastructure. As a result, enterprise security building standards in China feature distinctive Chinese characteristics.