Why CDML Recommends Dell and HP Over Lenovo: A Matter of Trust and Security

In today’s interconnected world, businesses rely on technology more than ever. From managing operations to safeguarding sensitive client data, the devices we use play a critical role in keeping our businesses secure. At CDML, we’ve always made it a priority to ensure that the technology we recommend to our clients meets the highest standards of reliability and security. For this reason, CDML deliberately chooses to work with trusted partners like Dell and HP, and we’ve made the conscious decision not to sell Lenovo products.

Our stance against using Lenovo is not based on brand rivalry or product preference—it stems from a deep concern about the risks involved in trusting companies that are subject to laws and regulations that may undermine the very security and privacy of the businesses we serve.

The Influence of the Chinese Government on Private Companies

Lenovo, a global tech giant, is a company with strong ties to China. While Lenovo manufactures excellent hardware, the issue lies in the legal environment in which it operates. Under China’s National Intelligence Law of 2017, Chinese companies are required to cooperate with the government’s intelligence activities. This includes sharing any data or information the government deems necessary. The law essentially mandates that Chinese companies comply with any request for data, even if it involves handing over customer information or providing access to systems without notifying the customer.

This law, coupled with others like the Cybersecurity Law of 2017 and the Data Security Law of 2021, creates a legal framework that could compromise the privacy of businesses and individuals using products from Chinese companies. The possibility that Lenovo could be compelled by the Chinese government to access that device or grant access to client data is a risk that I’m not willing to take on behalf of my clients.

Lenovo’s Troubled Security Past

Security concerns about Lenovo aren’t just theoretical. The company has faced several security controversies that raise further questions about its reliability as a trusted technology provider. One of the most infamous incidents occurred in 2015 when Lenovo was found to have pre-installed Superfish adware on its consumer laptops. This software created vulnerabilities that hackers could exploit, potentially allowing unauthorized access to sensitive information. While Lenovo has taken steps to mitigate the damage from incidents like this, these events cast doubt on the company’s ability to guarantee security, especially when operating under Chinese laws.

Although Lenovo has made strides in improving its security practices, the company’s potential exposure to government intervention remains a significant concern. For a business like CDML, where protecting clients’ data is paramount, such a level of risk is unacceptable.

Why CDML Trusts Dell and HP

At CDML, we’ve built long-standing relationships with Dell and HP, two US-based companies that operate under much stricter data privacy laws and governance standards. Both Dell and HP are subject to U.S. regulations, including laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which prioritize data privacy and impose transparency requirements on how companies handle sensitive information.

In contrast to Lenovo’s exposure to China’s legal system, Dell and HP are protected by laws that provide stronger safeguards for their customers. Both companies have well-documented cybersecurity policies and governance models that align with CDML’s own commitment to keeping our clients’ systems safe. Furthermore, Dell and HP have consistently demonstrated their ability to quickly respond to emerging security threats, providing updates and patches to mitigate vulnerabilities in their products. This level of trust and accountability is essential in a world where cyber threats are constantly evolving.

A Call for Caution

When selecting technology partners, it’s important to look beyond price and features and consider the broader context in which these companies operate. For CDML, that means choosing partners like Dell and HP, whose commitment to security is backed by strong data privacy laws and a transparent, accountable governance structure.

While Lenovo may offer compelling products, the potential risks associated with their legal obligations to the Chinese government are simply too great for us to ignore. And Lenovo isn’t the only company raising red flags when it comes to security and privacy risks. Several other manufacturers, particularly those with ties to China, have been scrutinized for similar reasons:

1. Hikvision – Known for its video surveillance equipment, Hikvision has been linked to Chinese government surveillance efforts, making it a security risk in sensitive environments.
2. Huawei – A global leader in telecommunications, Huawei has faced accusations of potentially providing backdoor access to the Chinese government.
3. Dahua Technology – Like Hikvision, Dahua’s surveillance products have raised concerns about their role in government surveillance programs.
4. Xiaomi – A popular manufacturer of smartphones and smart home devices, Xiaomi has been flagged for transmitting user data to servers in China.
5. ZTE – This telecommunications company has been accused of providing backdoor access to communications, making it a target for sanctions and security warnings.

It’s also important to recognize that not all countries in the region follow the same legal frameworks as China. For instance, Taiwan, where many tech companies are based, has strong privacy protections under the Personal Data Protection Act (PDPA), which emphasizes individual rights and data transparency. Taiwan’s laws are more aligned with international standards like the GDPR, offering a sharp contrast to the surveillance-oriented legal framework in mainland China.

The Stakes for Small and Medium Businesses

Some might argue that Lenovo’s potential exposure to Chinese government influence only affects large corporations or high-profile targets. However, this is a dangerous misconception. In recent years, we’ve seen small and medium businesses (SMBs) increasingly become targets for cyberattacks. These attacks are often not about stealing massive amounts of data at once, but rather exploiting small vulnerabilities to gain long-term access to systems. The devices used by SMBs are just as critical as those used by larger organizations, and any potential weak points in the supply chain could expose sensitive business information.

For example, an SMB could be storing client records, financial data, or even proprietary business information on a Lenovo device. If Lenovo were compelled by the Chinese government to access that device, or if there were vulnerabilities intentionally or unintentionally built into the system, the consequences could be severe.

At CDML, we understand that our clients rely on us to provide technology solutions that are not only functional but also secure. It’s not just about the hardware—it’s about knowing that the companies behind the products we recommend have our clients’ best interests in mind, and that their data is protected from unwarranted access or exposure.

Conclusion

When selecting technology partners, it’s essential to prioritize security and transparency. CDML has chosen to work with trusted U.S.-based partners like Dell and HP, who operate under stringent data privacy laws and provide the accountability we need to protect our clients.

While Lenovo and other Chinese manufacturers may offer attractive pricing or features, the potential security risks associated with their legal obligations to the Chinese government are simply too significant for us to ignore. Until there is more transparency from these companies or changes in the legal landscape, CDML will continue to avoid these products in favor of solutions that prioritize data privacy and security.