• United States



Executive Editor

Gartner on doing business in China: Privacy? What’s that?

Jun 16, 20164 mins

If you want to use encryption, the government needs the keys

NATIONAL HARBOR, Md. — Jie Zhang says that as a child in China she played a game picking up marbles with chopsticks and performing the delicate task of carrying them to another room without dropping them. That’s what doing business in China is like for Westerners, she told a breakfast gathering today at Gartner’s Security and Risk Management Summit.

They have to get used to long-standing customs and practices that violate some basic business principles respected outside of China and some new ones that deal specifically with technology.

For example, a January 2016 cybersecurity law says that companies operating in China that want to use encryption technology in their infrastructure must pick it from a government-approved list. Other laws dictate that if the gear isn’t on the list, encryption keys must be turned over to the government.

The given reason is to fight terrorism, and the law settles a debate there that is still raging in the West about whether encryption backdoors should be mandatory so law enforcement can gain access to private communication.

Zhang says a Gartner client setting up shop there had been working on its private cloud for six months when the project stalled because it hadn’t gotten this type of approval. “You might find yourself in that position,” she says. “Do your due diligence.”

The acceptance of this practice may have something to do with the country’s sense of privacy. “When I translate ‘privacy,’ I have issues,” she says. “There is no direct word in Chinese that means privacy.” The closest term is yin si, which means “hidden personal secret.” “In China people identify with a group and privacy is a non-existent concept.”

+ MORE FROM THE SUMMIT: Gartner: DDoS defenses have been backsliding but starting a turnaround +

This sensibility may carry over into a tolerated but officially unsanctioned banking practice. A colleague told her that someone he knew who worked at a bank routinely sold lists of customer information. Zhang says she later had this practice confirmed by a bank executive who said, “Yes, we know our employees do that.”

Banks are changing, though, with economic policies put forth in the government’s 2015 five-year plan, she says. As part of reforms for more transparency in financial entities, IBM, Oracle and EMC (known as IOE) are losing their seat as the go-to tech firms to supply banking infrastructure.

The push is to encourage use of local suppliers, which has led to a jump in business for the China-based tech giant Huawei. IBM has responded by partnering with local companies, she says. Foreign businesses couldn’t build data centers of their own under the new rules. Microsoft partnered locally; Google left the country.

There are big differences in other areas. The well-established and effective Western practice of meeting governance, risk and compliance (GRC) objectives to boost corporate productivity is a concept just getting a foothold in China, she says.

Last year massive industrial explosions in Tianjin were pinned on issues including IT infrastructure. “They were not diligent that security systems for checking and testing worked,” she says. Now China will look more at GRC, she predicts.

+ ALSO: Gartner: ‘Insider threat is alive and well on the dark Web’ +

In other areas, Chinese are quick to embrace new technologies in ways that Westerners haven’t. Take laptops, for example. Most business people may have a desktop, but most don’t have laptops that they carry around. They do all their mobile computing on cell phones, she says.

Outside of technology, even when it comes to standard practices like contract negotiations, there are curve balls. When Zhang worked for a German pharmaceutical company it sat down with potential Chinese business partners to hash out a voluminous contract, she says. The Chinese partners seemed disinterested in the German presentation, then one of them pulled out a two-page document they said should replace the one they had been working on. The flummoxed Germans had to call for a break so they could regroup.

This type of jarring tactic isn’t so common anymore among large Chinese internationals, but it can crop up dealing with smaller firms, such as local businesses that may be part of a supply chain, so Westerners should be aware. “Expect a lot of unexpected things in China,” she says.