Chinese legislators are currently drafting a law that will require rating of the trustworthiness of cloud computing service providers, confirmed an expert involved in the matter.
Once the law is implemented, only companies with full clearance from the government will be able to provide cloud computing service for government-funded projects. China is drafting two laws that will outline the national standards to ensure security of for-government-use cloud services.
"The basic idea of the security rating mechanism is to find trustworthy hardware, software and service providers to ensure that the government has total control of the entire ecosystem," said Zuo Xiaodong, vice president of industry think-tank China Information Security Research Institute.
Zuo elaborated that the government will create a mechanism similar to the Federal Risk and Authorization Management Program in the U.S. which involves a three-stage assessment, authorization and monitoring of cloud security.
According to experts, the new law will close the doors to foreign companies, who typically do not approve to disclosing vital company secrets to the public, since China may ask for key operating data and source codes for the assessment.
Further, IT concerns fueled by global cyberattacks are forcing the Chinese government to prefer domestic cloud technologies. One instance was the replacement of U.S.-based Vmware Inc. with Beijing-based Sugon Information Industry Co. Ltd. for a high-profile cloud project in Wuxi, Jiangsu Province.
The increasing preference for domestic providers is also supported by local firms such as Alibaba Group, Huawei Technologies and Sugon.
A statement from Sugon's chief operating officer said that the company's years of investment in research and development have made it competitive enough to topple foreign rivals.
By the end of this decade, China is looking to completely shut its doors to companies offering IT services in a bid to ensure domestic security, hinted Zuo.