By Craig Robinson

Google announced earlier this week that it had stopped censoring the company’s search services—Google Search, Google News, and Google Images—in China. Users visiting Google.cn are now being redirected to Hong Kong (Google.com.hk), where Google is offering uncensored search in simplified Chinese, specifically designed for users in mainland China.

With its decision to discontinue its search services in China, Google made a policy decision NOT to play by host country rules, which demanded self censorship from Google. As I explained when China’s cyberattacks first came to light early this year, companies must understand the risk management aspects of conducting business in countries where rights to free speech (and other human rights) differ materially from the primary country of business. In the case of Google’s ongoing relationship with China, the risks of playing along outweighed the reward of sustaining business.  Google, not surprisingly, revised its policy.

It’s likely that Google has been struggling behind the scenes to refine its policy and strategy for continuing operations in China for some time. It’s even possible the Chinese government quietly hardened its position in response to Google’s prior public statements. Privately, Google simply may have run out of viable options for staying in China—at least for now.

Google may attempt to restart its search services in mainland China at some point in the future, but the company undoubtedly will find such reengagement problematic. The Chinese typically have a long-term, insular outlook and Google will find it hard to drive meaningful change in Chinese policy. Further, Alan Davidson, Google’s director of U.S. public policy for the Americas, publicly stated that Google has begun seeing the Chinese government filtering certain keyword searches on the Hong Kong site. This doesn’t bode well for any type of reengagement.

Because Google has decided, at least for now, to redirect searches originating in China, there will be increasing pressure on other Internet-focused companies to reexamine their business operations in light of Chinese policies. To the extent that they may have agreed previously to revise their typical freedom of speech and privacy policies to conform with Chinese governments edicts, they must consider that such agreements may come to light at some point in the future.  Worse, such companies now have been served notice, through the Google experience, that subsequent decisions opposed by the Chinese government may lead to cyber incidents.

Some players, like GoDaddy.com, have already responded, issuing statements in line with Google’s. The Internet hosting company announced that it will host no new sites with “.cn” domain names. More will follow, I’m sure.

At the very least, companies continuing to operate in China must ensure they have taken appropriate technical measures to protect their IT infrastructure. The cyber attacks on Google and other companies, while effective, did not reflect state of the art cyber warfare. Certainly, China can do better. Companies must be prepared, especially if they do not adhere closely to Chinese government ground rules.

It’s interesting to note that there is at least one readily available solution approach to help blunt the impact of cyber attacks like those launched against Google.  Gartner analyst Neil McDonald and other experts have stated that application whitelisting would have stopped the attacks on Google. Application whitelisting solutions, operating as ‘goal keepers’ for traditionally ‘leaky’ anti-malware products, should be top of mind for those charged with developing an effective cyber defense.

Google’s experience in China will be discussed and debated for a long time. I’m sure we’re far from the final chapter. We’re already seeing an uptick in the number of companies performance self assessments and penetration tests on their security infrastructure. This increased activity may be attributable, in part, to Google’s travails. From a broader perspective, the Internet remains an essential but potentially dangerous global neighborhood.