Alibaba Cloud, Tencent Cloud, AWS, Azure, Huawei Cloud and Kingsoft Cloud among the most secured in the China region according to IDC MarketScape report

BEIJING, August 23^rd, 2017 – China’s cloud service providers should beef up their security ecosystem as building capacities and managed security service is set to become a new growth area in the increasingly challenging area of security, according to IDC’s latest report titled IDC MarketScape: China Cloud Service Provider Security 2017 Vendor Assessment.

China’s public cloud computing market expanded 54 percent in 2016 from a year earlier as more and more enterprises started to deploy their business to the public cloud, IDC data showed, indicating that the market has been gaining momentum. However, recently enterprises are increasingly becoming the targets of hackers as the digital transformation boosts their digital asset value, making security a major concern for public cloud service tenants.

The report provides an in-depth assessment of the cloud environments of 11 representative cloud service providers in the China region where IDC identified leading cloud services in the China region for 2017 including: Alibaba Cloud, Tencent Cloud, AWS, Azure , Huawei Cloud and Kingsoft Cloud .

The assessment report covers three aspects: security capability, security strategy and security input. The assessment results are presented in graphic form based on the IDC MarketScape model.

The report highlights the following three points:

Cloud Service Providers are Facing Unprecedented Security Challenges

Digital transformation has linked enterprises’ business security closely with IT security, resulting in a big increase in enterprises’ digital asset value. This has also attracted the interest of criminals and hackers, posing a huge threat to enterprises’ digital assets. In May 2017, the WannaCry blackmail virus once again sounded the alarm bell, attesting to the fact that a considerable number of enterprises urgently need to improve the security of their IT systems. As public cloud tenants generally lack the ability to build security in a cloud environment, therefore cloud service providers have an unshakable responsibility to safeguard their cloud tenants’ business security. Thus, cloud service providers are facing unprecedented security challenges.

IT Security Requires a Concerted Effort by the State, Cloud Service Providers and Cloud Tenants

IT security systems must be built with the strong support and close supervision of the government. The Chinese government has elevated the importance of cyberspace security to the level of national security, though cloud service providers also bear an unprecedented level of responsibility when it comes to security. It is essential that cloud service providers play the role of managed security service provider (MSSP) to help their tenants build secure IT systems. For cloud tenants, the only way to foster their strengths, circumvent their weaknesses, and use the capabilities provided by cloud service providers to strengthen the security of their IT systems is to raise their own security awareness and forge in-depth cooperation with cloud service providers.

Cloud Service Providers Need to Strengthen Security Ecosystem Building

It is widely known that the security capabilities offered by cloud service providers have much room for improvement. In order to learn from others' strong points to bolster their own weak links and win tenants’ unanimous recognition of their security strength, cloud service providers must engage in in-depth cooperation and close collaboration with professional IT security vendors through security ecosystem building. Building a complete security ecosystem will provide more reliable technical support for cloud service providers and their tenants.

“Implementation of the Cyberspace Security Law of the People's Republic of China means that cloud service providers now bear even greater security responsibilities. Cloud security capability enhancement will become one of the important strategies for cloud service providers in the future,” said James Wang, Senior Research Manager at IDC China.

“In addition, as enterprises generally lack security planning and building abilities, they will have an urgent need for managed security service in building next-generation security systems. Globally, the managed security service model has been widely accepted by enterprises, while China’s managed security service market is still in its early stages. Drawing upon their sound security ecosystem and rich security experience, public cloud service providers in China can provide managed security services to their large number of cloud tenants. Consequently, cloud service providers will be most likely to become the best practitioners of managed security services,” Wang said.

[Special Note] Since China set up the Central Leading Group for Network Affairs in 2014, the importance of cyberspace security has risen to the height of national strategy. Following the release of Cyberspace Security Law of the People's Republic of China , the National Cyberspace Security Strategy and other related laws, regulations and policies in recent years, security and trustworthiness have become key to enterprise-level users’ IT system building. For important sectors and fields such as public communications, information services, energy, transportation, water conservancy, finance, public service and e-government, it is more important to ensure a secure and trustworthy key information infrastructure. As a result, enterprise security building standards in China feature distinctive Chinese characteristics. The assessment criteria in this study are formulated using IDC’s research methodology and are in strict accordance with China’s cyberspace security characteristics in an attempt to present the status of security of public cloud services in China in a fair and just manner.