Thought leadership
from
Forecast for Asia:
Partly Cloudy Computing,
Chance of Mainstream Adoption
August, 2012
Nelson M. Nones CPIM
Chairman and CEO, Geoprise Technologies Corporation
0
on
INTRODUCTION
Cloud computing is touted as the Next Big Thing for corporate information technology (IT). Like
other emerging technologies, various flavors of cloud computing are nearing, clearing or rapidly
descending the peak of their hype cycles, and industry observer Gartner predicts mainstream adoption
within 2 to 5 years.
The picture, however, is quite different in the Asia/Pacific
theatre, which lags the rest of the world on the cloud computing
hype cycle for four fundamental reasons:
• Compliance with personal data protection regulations
• Internet monitoring, censorship and data retention
• Software piracy
• Free and open-source software
Cloud computing might be
the Next Big Thing in
America and Europe, but
Asia/Pacific hasn’t reached
the peak of the hype cycle
WHY IS ASIA/PACIFIC LAGGING?
Compliance with personal data protection regulations: like it or not, public cloud computing service
providers and their customers have to comply with applicable personal data protection laws.
To assure service continuity, major
providers operate so-called “georedundant” data center networks. Their
customers’ data are replicated at many
data centers, allowing fast changeover
to an alternate data center if a
customer’s primary center goes down.
Businesses which operate in the
European Union (EU), or process
personal data using equipment situated
in the EU, cannot transfer that data to a
country outside the EU, unless that
country’s laws and regulations protect
the rights of “data subjects” as much as
the EU Data Protection Directive.
A quick glance at the map shows
that only four Asia/Pacific countries –
India, Hong Kong, Macau and Malaysia –
conceivably satisfy this requirement,
and 21 countries have no laws at all.
Some of the 9 remaining Asia/Pacific
countries only protect the rights of their
own citizens and residents. And in some
of those countries, including Australia
Data Protection Regulations in Asia/Pacific Countries
and Japan, the compliance burden falls
only on larger organizations which are established within their borders. These laws do not satisfy EU
requirements, which oblige all “data controllers,” no matter where they are incorporated or operate, to
protect every individual’s personal data whenever they are established in the EU or, if not, whenever
they process personal data using – or transfer the data from – equipment situated within EU territory.
P age |1
Forecast for Asia: Partly Cloudy Computing, Chance of Mainstream Adoption
This situation makes most Asia/Pacific locations unsuitable for public cloud computing service
providers who strive to fulfill demanding service level agreements (SLAs) using geo-redundant networks.
To attract business from global customers operating in the EU, those providers are compelled to locate
their data centers in countries where their customers are least likely to run afoul of the EU Data
Protection Directive. Outside the EU, the United States (US) offers the broadest market coverage
because it is the world’s largest market for cloud computing services in its own right, and it satisfies EU
data protection requirements by virtue of accepted Safe Harbor Principles. Relative to the US, the
handful of Asia/Pacific countries that conceivably satisfies EU requirements is too distant from the
service providers’ core markets.
However, to minimize Internet latency and attract additional customers from the fast-growing
Asia/Pacific market, those service providers require local data centers. These, in turn, would ideally join
geo-redundant networks to assure service continuity for Asia/Pacific customers, but doing so exposes
the entire user community to non-compliance risks unless the local data centers are located in the four
Asia/Pacific countries that conceivably satisfy EU requirements. Major public cloud computing service
providers therefore have little incentive to expand their Asia/Pacific presence beyond those countries.
On the flip side of the same coin are the many organizations in 21
Asia/Pacific countries, especially China, which don’t have to comply
with any personal data protection regulations at all, as long as they
keep all personal data they possess inside their own countries (or
inside other countries that don’t impose a compliance burden).
Customers seeking to minimize their compliance burden will likely
shun cloud computing services which rely on geo-redundant data
networks having data centers in the EU, because their data might be
replicated to an EU data center without their knowledge or consent.
As a consequence, the absence of data protection regulations in many
Asia/Pacific countries could well be diminishing the growth of demand
for global public cloud computing offerings within the region.
Compliance Conundrum
A fictitious business has offices in
Thailand and Japan. Their e-mail server
stores personal information for both
offices at their data center in Thailand,
where no data protection laws exist.
• Currently, they don’t have to comply
with EU rules, but they must comply
with Japan’s APPI law if they held
data for more than 5,000 individuals
during any day in the past 6-months.
• If they switch to a hosted e-mail
service deployed over a georedundant network, and any of the
provider’s data centers are in the US,
the business may no longer comply
because the US government can
intercept, without a warrant, data on
non-US citizens that enters its borders.
This is considered leakage of personal
information that Japan’s APPI law
requires data controllers to prevent.
Geo-redundancy shouldn’t
expose a public cloud’s
entire community to noncompliance risks in the EU –
but many Asian customers
don’t have to comply, and
will avoid services that put
them within the EU’s reach
Internet monitoring, censorship and data retention: by its
very nature public cloud computing relies on the public
Internet infrastructure to pass data back and forth between
users and data centers. Business users cannot afford
downtime, and need to keep their data private and
confidential while it’s in transit.
Unfortunately many governments have different
agendas, and quite a few of them are located in the
Asia/Pacific region. In fact, governments of 11 Asia/Pacific
countries are currently known to engage in pervasive or
substantial censorship of Internet traffic – North Korea,
Myanmar and China are the worst offenders – and another 7
practice selective censorship. Users in the remaining 16
countries endure little or no government censorship, though
it has to be said that the Internet is widely used within only
two-thirds of these countries (Australia, Bangladesh, Brunei,
Hong Kong, Japan, Macau, Malaysia, New Zealand,
Philippines and Taiwan).
Forecast for Asia: Partly Cloudy Computing, Chance of Mainstream Adoption
Pa ge |2
From a business user’s perspective, censorship is bad for the obvious reason: it might block the user
from accessing a legitimate Web application hosted in the public cloud. Though this outcome is very
unlikely for business Web applications accessed within most countries where censorship occurs, the
censoring process itself is equally worrisome, because all Internet traffic has to be monitored and
filtered before any part of it is censored. Monitoring and filtering compromise privacy and
confidentiality, so most public cloud computing service providers use transport layer security (TLS)
technology to encrypt data in transit. Encryption makes the content unreadable by anyone who does
not hold the decryption key, but it adds processing overhead and a degree of latency that can be
avoided using a corporate local area network (LAN) or wide area network (WAN). Monitoring and
filtering also increase latency, so Web applications don’t perform as well.
When a Web application is hosted
at a data center in a different country,
Internet traffic has to pass through
congested
landing
points
or
international Internet gateways where
most governments concentrate their
monitoring and filtering activity,
slowing traffic down even more. Traffic
flowing through corporate WANs is able
to bypass these congestion points
because it isn’t monitored or filtered.
Public cloud computing users in the
US and the EU generally don’t have to
put up with such interference. While it’s
true that the US government monitors
Internet traffic that crosses its national
borders, the vast majority of US
Internet traffic is not affected because
it’s routed internally within the US.
In addition to pervasive censorship,
China, India and Thailand have data
retention
laws
that
require
organizations to keep detailed records
of Internet traffic passing through their
Censorship and Data Retention in Asia/Pacific Countries
local Internet gateways. Singapore,
which
engages
in
selective
censorship, also has a minimal data
Internet censorship makes
retention
law.
These
laws
are
also problematic for business users
public cloud services slow,
because they further compromise the privacy and confidentiality of
unreliable and unappealing
information exchanged with cloud computing services.
The potential impacts of Internet monitoring, censorship and data retention laws on public cloud
computing services include blocked access to Web applications, slow or erratic Web application
performance, increased processing overhead and unauthorized disclosure of confidential or sensitive
data. To avoid these risks, businesses in affected Asia/Pacific countries will not utilize public cloud
computing services to the same degree as their counterparts in the US or the EU, further curtailing
demand for global public cloud computing offerings within the region.
P age |3
Forecast for Asia: Partly Cloudy Computing, Chance of Mainstream Adoption
Software piracy: Cloud computing services can potentially yield
immediate return on investment (ROI). That’s because they require
little up-front investment for hardware and software, and because
service providers can reap significant savings from economies of scale
which they pass on to their customers in the form of low pay-per-use
rates. Accordingly, major providers are putting forward some very
compelling business cases these days.
It’s much harder to build a
business case for switching
to pay-per-use cloud
computing services when
prospective buyers never
paid for the on-premise
software they use today
Software piracy turns that argument on its head. It’s a much higher hurdle to prove ROI for a payper-use service that would replace software people are currently using – illegitimately – for free.
The Asia/Pacific map shows 21
countries having very high piracy rates
averaging 79%, according to the latest
survey data from the Business Software
Alliance (BSA), an industry group
representing makers of business software.
China, with its 77% piracy rate, accounts
for nearly 40% of the region’s unlicensed
software by value. Conversely, only 7
Asia/Pacific countries (Australia, Hong
Kong, Japan, New Zealand, Singapore,
South Korea and Taiwan, averaging 28%)
have piracy rates that are comparable to
what they are in the US (19%) and EU
(33%). The remaining 6 (Brunei, India,
Malaysia, Russia, Philippines and Thailand)
fall in between at 64% on average, closely
mirroring the entire Asia/Pacific region’s
65% piracy rate.
Because only 35% of the entire
Asia/Pacific business software market is
Software Piracy Rates in Asia/Pacific Countries
legitimate, versus 73% in aggregate
within the US and EU, the probability of convincing an Asia/Pacific software buyer with a truly
compelling business case is somewhat less than half what it might be in the US or EU. Software as a
Service (SaaS) and Platform as a Service (PaaS) providers effectively need to work twice as hard in
Asia/Pacific as in their core markets to hit their sales targets. However, efficiencies are likely much
higher for Infrastructure as a Service (IaaS) providers, because IaaS replaces hardware that isn’t easy to
pirate.
Forecast for Asia: Partly Cloudy Computing, Chance of Mainstream Adoption
Pa ge |4
Free and open-source software: using free and open-source software (FOSS) like the Linux operating
system and the Open Office suite is certainly legitimate, but it presents the same ROI dilemma for for
SaaS and PaaS service providers as pirated software.
It’s worth noting that many FOSS advocates disparage SaaS. Richard Stallman, founder of the GNU
Project which publishes many of the world’s widely-used free software licenses, puts it plainly: “If a
company invites you to use its server to do your own computing tasks, don’t yield; don’t use SaaS.”
Since 2000, governments around the world have jumped on the FOSS bandwagon to encourage or
even mandate the use of free software within government agencies, state-owned enterprises and
private industry, although the pace of approval has tailed off considerably since 2007. Currently
governments in half the Asia/Pacific countries have done so, and Australia, India, Malaysia and Thailand
lead the pack with 6 or more FOSS policies apiece currently in force at the national and state levels.
Totally, Asia/Pacific countries have 65 policies now in effect, 52 at the national level and 13 within
various states.
In comparison, over 70 such policies are currently in effect within the EU, 14 at the EU level and the
remainder within various EU member states. Adoption is much lower in the US, where 6 FOSS policies
are now in effect at the national level and fewer than 20 at the state level.
Although FOSS policies have found widespread adoption throughout the EU, the pace of FOSS policy
adoption is much higher in the Asia/Pacific region in relation to its market size. That’s because the US
and EU software market is about 3 times bigger than the Asia/Pacific market in aggregate, but the US
and EU between them currently have 1½ times the number of FOSS policies in effect. The upshot: SaaS
and PaaS providers still need to work roughly twice as hard in Asia/Pacific as in their core markets to
persuade buyers that cloud computing services are a better deal than FOSS.
HERE’S THE PROOF: SERVICE AVAILABILITY
Public cloud services that
are widely available in the
US and Europe cannot be
purchased in the majority of
Asian countries today
A simple test of these conclusions, conducted in August 2012,
reveals that the flagship SaaS offerings from the world’s two largest
software companies, Microsoft and IBM, are almost universally
available online throughout the US and EU but can be purchased in
only half the Asia/Pacific countries. The map shows details.
Both services are available in the US and in 13 of the 27 EU member states. Some buyers in central,
eastern and southern Europe (Bulgaria, Cyprus, the Czech Republic, Estonia, Greece, Hungary, Italy,
Latvia, Lithuania, Malta, Poland, Romania, Slovakia and Slovenia) can only choose Microsoft’s service.
But within the Asia/Pacific region, both services are available online in just 4 countries: Australia, Hong
Kong, New Zealand and Pakistan. Microsoft’s service is the only choice in 9 countries (India, Indonesia,
Japan, Kazakhstan, Russia, Singapore, South Korea, Sri Lanka and Taiwan), while IBM’s service is the only
choice in 3 (Brunei, Malaysia and Philippines). Neither service is available in 18 Asia/Pacific countries,
including China, the region’s largest software market.
P age |5
Forecast for Asia: Partly Cloudy Computing, Chance of Mainstream Adoption
This picture is likely to change quickly. Microsoft, for example, has announced that its service will be
available in Thailand, but as of August 2012 it wasn’t possible to purchase it or order a trial subscription.
Nevertheless, neither Microsoft nor IBM has announced any plans to enter the Chinese market.
CONCLUSION
It’s difficult to believe that cloud
computing will enjoy mainstream
adoption anytime within the next 2 to 5
years in the Asia/Pacific region. Here’s
why:
•
•
•
•
The legislative landscape is
generally incompatible with EU
personal data protection rules,
effectively diminishing the region’s
growth potential for public cloud
computing
services
and
constraining
global
service
providers from establishing georedundant data centers in all but a
few Asia/Pacific locales.
Widespread Internet censorship
and data retention practices of
Asia/Pacific governments make
public cloud computing services of
all flavors less useable, reliable and
Flagship SaaS Offerings in Asia/Pacific Countries
appealing to Asia/Pacific business
August 2012
users than in the US and EU.
Rampant software piracy raises the ROI hurdle that PaaS and SaaS providers must clear when
presenting their business case to Asia/Pacific buyers.
Even when the existing software is legitimate, free and open-source software recommendations and
mandates are relatively more common in the Asia/Pacific region than in the core US and EU markets,
keeping the ROI hurdle high for PaaS and SaaS providers.
Taking these fundamentals into consideration, it’s no surprise
that the world’s global cloud computing service providers appear to
be entering the Asia/Pacific market very cautiously. It’s also clear that
mainstream cloud computing adoption is likely to occur within the
next 5 to 10 years, and not within the next 2 to 5 years as Gartner
generally predicts. Cloud computing, it seems, is nowhere near the
peak of its hype cycle in the Asia/Pacific region.
Forecast for Asia: Partly Cloudy Computing, Chance of Mainstream Adoption
The world’s global cloud
computing service
providers are entering the
Asia/Pacific market very
cautiously – and mainstream adoption is unlikely
to occur in the region
during the next 2 to 5 years
Pa ge |6
RESEARCH NOTE
As the baseline for this study, the “Asia/Pacific region”
includes the Asian and Australian continents together with
Japan, Taiwan, the Indonesian Archipelago and New Zealand.
However the Middle East, Afghanistan and the Caucasus
countries were excluded from the scope of this study due to
their unique commercial, political and cultural contexts and
also their relatively greater connectivity to the European
Internet backbone. Also, even though the majority of its
population lives in Europe, Russia was included in its entirety
because the legislative and policy analyses apply to the
whole country. Countries are defined as per ISO-3166-1.
www.geoprise.com
Corporate Headquarters
Geoprise Technologies Corporation
201 Norman Ridge Drive
Minneapolis, MN 55437-1709
USA
USA, Canada and Puerto Rico
Toll-free phone: 1 888 965 8868
Toll-free fax: 1 888 965 8868
Outside the USA, Canada and Puerto Rico
Phone: +1 310 209 8973
Fax: +1 310 209 8973
Asia-Pacific Headquarters
ACRONYMS
Geoprise Technologies Co., Ltd.
APPI: Act on the Protection of Personal Information
BSA: Business Software Alliance
EU: European Union
FOSS: free and open-source software
IaaS: infrastructure as a service
IT: information technology
LAN: local area network
PaaS: platform as a service
ROI: return on investment
SaaS: software as a service
SLA: service level agreement
TLS: transport level security
US: United States of America
WAN: wide area network
3F, 72/322 Moo 8, Rattanathibet Road
Bangkrasor, Muang, Nonthaburi 11000
THAILAND
Phone: +66 (0)2 965 8868
Fax: +66 (0)2 965 7761
ABOUT GEOPRISE TECHNOLOGIES
Geoprise Technologies was formed in 1999 by a group of software executives with over a century of previous cumulative experience building
enterprise resources planning (ERP) and manufacturing operations management systems, and implementing them worldwide.
Our mission, then and now, is to create exceptional value for our customers by harnessing the power and economy of information technology
to enable lean, world-class industrial operations on a global scale.
Today, Geoprise Technologies focuses exclusively on delivering top-quality expertise and technology solutions for businesses operating in Asia
and the Pacific Rim, Europe and North America. We concentrate our expertise in two practice areas, strategy and operations and information
technology, serving primarily the life sciences, energy and financial services sectors.
We deliver value with the utmost integrity by maintaining strict independence from other professional firms and technology providers, intense
commitment to business ethics and profound respect for intellectual property rights.
DISCLAIMER
The material included in this publication is intended as a general guide only, and its applicability to specific situations will depend on the
circumstances involved. You should not rely upon this information as legal advice or final advice. While we have made all reasonable attempts
to verify the accuracy of the information contained herein as at the publication date, Geoprise Technologies accepts no responsibility for any
errors or omissions it may contain, whether caused by negligence or otherwise. Neither does Geoprise Technologies accept any responsibility
for any losses, however caused, sustained by any person that relies upon it.
Copyright © 2012 by Geoprise Technologies Corporation, All Rights Reserved.
Permission to quote from this publication or copy it for non-commercial purposes is hereby granted so long as attribution is given. The
preferred form of attribution is “by Nelson M. Nones, Geoprise Technologies Corporation.”
Designed and produced at Geoprise, Thailand. Front cover photo credit: NOAA.
P age |7
Forecast for Asia: Partly Cloudy Computing, Chance of Mainstream Adoption