It was bound to happen. Salesforce was going to China at some point, and it announced that action this week saying it was partnering with Alibaba.
There are so many ways to read this, but I don’t have the filters to resist comparing the announcement to what Robin Williams once said about cocaine: “Cocaine is God’s way of telling you you are making too much money.”
Only slightly modified, I’d say setting up in China is God’s way of telling you that you’ve been too successful.
Where to start? There are two scenarios, God’s and a happier one. Let’s flesh them out.
God’s Scenario
China is potentially the biggest market in the world (depending on what you’re selling) and although their more than 1.4 billion people are climbing the economic ladder rapidly, China is still a mercantile, manufacturing-for-export and agricultural economy.
Forget for a moment China’s current challenges — like a bulging population and energy, water and environmental needs. It has about four times the population of the U.S. and more than double the U.S. and EU together. China — especially when combined with Hong Kong, Macau and Taiwan — represents a pool of opportunity that most Western businesses rarely have experienced, and that Salesforce needs to continue its growth.
However, China’s well-known business practices of ripping off technology companies through technology transfer demands and joint partnerships makes this deal look less like an opportunity and much more like an organized theft of American tech expertise. (Gee, Denis, why don’t you tell us what you really think?)
I shudder to think of Salesforce setting up a few datacenters around the country, and I wonder what will become of Salesforce’s “Ohana,” the Hawaiian word it uses for family — which represents how Salesforce treats its employees and customers — in a totalitarian state where all memory of Tiananmen Square has been suppressed.
The company’s record of changing minds about repressive activities has delivered mixed results. For instance, CEO Marc Benioff stood up for LGBT rights in Indiana when Mike Pence was governor, moving some Salesforce activities out of state, but the company still maintains a major development office there. Last time I looked, Indiana still wasn’t officially a showcase for diversity and tolerance.
So it concerns me technologically, economically and culturally that Salesforce would put its head in the proverbial dragon’s mouth.
Is There a Better Plan?
Times are changing. The trade war spun up in Washington that challenges Chinese practices like dumping steel and unfair partnership agreements and technology transfers has yet to show results.
Some analysts suggest that China simply plans to wait out the current administration in Washington, accepting that it will lose a bit in the short term. However, we already see China resetting by seeking alternatives for U.S. soybeans, for instance.
Its Belt and Road Initiative (BRI) spanning 152 countries to develop trade routes touching 65 percent of the world’s population and 40 percent of its GDP (as of 2017) is something to seriously challenge anyone’s expansion plans.
Trade wars are not simple and they don’t resolve quickly, contrary to the wisdom of the moment. Still, it has taken Salesforce 20 years to get to this point — and although another entity could recapitulate that march in less time, it would require determined effort and resources.
Perhaps the trade war and other issues bubbling up will have an effect on China and make the Salesforce mission there less of a risk. Yet I’d prefer to see some deeds performed with other companies before investing my own in such a venture.
What’s at Stake
The BRI refers to overland transportation (belt) and maritime shipping (road). FYI, in ancient times maritime shipping used what were described as “blue roads,” which were far simpler to make than the land versions.
There is another road not accounted for in BRI and maybe not thought about yet; certainly it is not thought about enough. It’s the information road and the looming consolidation of IT into a global utility. It’s going on right now before our eyes, and if anything can be considered a next Industrial Revolution it will be how we leverage the information utility in the global market.
By placing itself in a relationship with China, Salesforce is positioning itself as a player in the IT Road competition. Others, like Oracle and Microsoft — with contributions from IBM and others, including Alibaba — will form the backbone of the global IT utility.
My Two Bits
From a belt and road perspective, it’s better to be in the tent than outside of it, but that doesn’t give China a free hand in IT. Although the country has high expectations for taking a leading position in the tech markets in the decade ahead, these markets bear only a superficial resemblance to China’s mercantile experience.
Modern markets for information or anything else depend on transparency, rule of law, access to capital and great transportation. China is making strides in some of these, but it will need to up its game to succeed.
Salesforce is in many ways an ideal partner for helping China accomplish this — but despite all the upside what I see most is the downside, and I wish Salesforce was staying home.
The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.
Denis Pombriant is a well-known CRM industry analyst, strategist, writer and speaker. His new book, You Can’t Buy Customer Loyalty, But You Can Earn It, is now available on Amazon. His 2015 book, Solve for the Customer, is also available there.
Email Denis.
New Section: Current-Year Updates, Best Practices & Considerations
Several practical realities around operating Western enterprise SaaS in (or with) China have materially evolved since this piece was written. If you’re revisiting the argument today, here are the changes and evergreen best practices that matter—without tying them to a specific year unless the change is real.
### 1) Great Firewall + Cross-Border Data Controls: Plan for “Separate Worlds” by Default
**What’s changed/clarified:** China’s data governance regime has matured into an operational fact of life for cloud/software providers. Compliance expectations around where data is stored, how it is transferred, and how systems are accessed remotely are clearer and more actively enforced than they were a decade ago.
**Best practice:**
– Assume **data localization** for China operations unless you have a vetted basis for cross-border transfers.
– Architect for **functional separation**: China user base, China infrastructure, China identity/access patterns, and constrained integration points with global systems.
– Treat cross-border integration as an exception path with legal + technical gates (encryption, minimization, strict purpose limitation, logging, approvals).
### 2) Vendor/Partner Structures: “Joint partner” risk management must be intentional
**What’s changed:** It’s now broadly recognized that partnerships and local operating entities can create durable exposure—not just business dependence, but also IP, operational control, and changelog/roadmap influence.
**Best practice:**
– Put **technical “blast radius” containment** ahead of business convenience (segmented codebases, compartmentalized secrets/keys, limited admin domains).
– Ensure contract language covers **IP boundaries, code escrow/ownership, audit rights, subcontractor controls, and termination/exit assistance**.
– Run a realistic **exit plan** (data portability, customer transition, brand/mark use, and local staff transition).
### 3) Security Expectations: Threat modeling for state-aligned and supply-chain risk is table stakes
**What’s changed:** Global enterprises now treat supply-chain security and state-aligned cyber risk as routine, not exotic.
**Best practice:**
– Maintain separate **build and release pipelines** where jurisdictional risk differs; protect signing keys and build integrity.
– Adopt and evidence modern **software supply-chain controls** (SBOM, signed artifacts, dependency review, least-privilege CI/CD).
– Require **independent security assessments** of any hosting/operating partner and its subcontractors.
### 4) Transparency and Trust: “Ohana” values translate differently under different governance models
**Evergreen but more pressing:** Customer trust, employee safety, and values-based messaging face hard constraints in jurisdictions with different speech, privacy, and state access norms.
**Best practice:**
– Be explicit internally about **what cannot be promised** (e.g., absolute privacy guarantees) and document the lawful access landscape.
– Create a **values-to-operations playbook**: how you respond to government requests, what you publish, employee protections, escalation processes.
– Consider **employee duty-of-care** (travel, local employment law exposure, pressure risks).
### 5) Regulatory Fragmentation: Global SaaS playbooks no longer “copy/paste” cleanly
**What’s changed:** Across many regions—not only China—regulatory divergence (privacy, security, AI governance, critical infrastructure rules) has increased. That makes “one global platform” harder to run without regional variants.
**Best practice:**
– Build **regional compliance productization**: configurable retention, encryption controls, audit logs, tenant controls, data residency options.
– Keep a strong **governance layer** (policy-as-code where possible) that can express different regional requirements without forking everything.
### 6) Commercial Reality: Market size doesn’t automatically mean accessible growth
**Evergreen, but now widely learned:** Large TAM can still be a difficult SAM if procurement, data rules, hosting constraints, and competitive dynamics limit what foreign SaaS can actually deliver.
**Best practice:**
– Validate the **sellable product** for the market: performance under firewall constraints, local integrations, language/regional UX, domestic ecosystem needs.
– Align GTM with constraints: which industries are feasible, what data types you can handle, what support model is viable.
### 7) If You Enter, Enter with Clear Guardrails
**Practical checklist (evergreen):**
– **Data:** residency, classification, transfer mechanisms, encryption, key management model.
– **Operations:** incident response split (China vs global), monitoring visibility, escalation paths, legal review cadence.
– **IP:** code segregation, partner access controls, employee access policies, strict least privilege.
– **Governance:** documented principles for government requests; transparency reporting where feasible.
– **Exit:** technical and contractual off-ramps that you can execute under stress.
This section doesn’t change the original essay’s tone or thesis—it updates the operational lens: entering China (directly or through a major local partner) is less a one-time business development decision and more an enduring architecture, governance, and trust commitment that has to be designed to withstand regulatory and geopolitical volatility.
