Simon Scarrott looks at data sovereignty following the Brexit vote, arguing that it is vital for businesses to have a solid understanding of both sovereignty and data security.
Cloud computing and big data are arguably the two biggest challenges that modern day companies face. As a business solution, it’s fair to say that the cloud promises simplification and immediate access, regardless of physical or geographic boundaries. And for these reasons more businesses are rapidly adopting cloud based services.
A recent study by Vanson Bourne found that 86% of enterprise customers believe it’s important for business-critical data to be stored with a UK-based Cloud service provider to ensure data sovereignty.
The price of Brexit
For many, the primary concerns over the Brexit decision are the implication of data sovereignty – is my data where it needs to be to keep my customers and the regulator happy? However, the impact of plans to exit the EU, which has seen the pound tumble against both the Euro and the Dollar has other, commercial, implications. Most companies will have contracted for their services in the local currency, i.e. sterling. The supplier will need to cover its costs – also in the local currency – which for data held within the EU will be paid in Euros. On the premise that costs to the supplier won’t have been impacted by the UK’s Brexit decision, costs remain constant and revenue against these costs will have effectively dropped by circa 20%. Track back 12 months, and a supplier’s costs of €100 against a revenue of £100 would have netted a healthy 40%+ margin (the £100 being worth €137). At the current exchange rate, the same costs of €100 would only bring in the equivalent of €112; a material drop in profitability. From experience, suppliers tend to look to cut costs or increase prices rather than absorb a drop in margins. We only need to look to the 10% price hike applied to desktop/laptops by the main manufacturers in August to evidence this.
For companies who have taken the cloud route, and whose data is held nearshore there is real potential that a price spike is on the way or services will degrade to reflect the lower revenues (when exchanged back to operating currencies of Dollars or Euros). Those companies who have data onshore in the UK where the revenue/cost paradigm remains unaffected should see no change to pricing or service. That said, volatility is always an opportunity for suppliers and pricing changes can sometimes defy the underlying logic.
Brexit will also make it tricky to comply if you have diverse locations with lots of different laws to adhere to. This is because while the UK remains part of the EU it is subject to, and has the same laws, as other EU countries. However, when Brexit is finally implemented the laws may change. This could mean companies operating in Europe may have to manage, at best one set of data laws for the UK and another for the EU; and at worst multiple data laws for those organisations operating on a global scale.
What will this mean for UK enterprise?
The main thrust is obviously data protection, including the rights of individuals to have their data protected in law. Run in parallel with this are the concerns that cloud providers are required to provide access to data to all governments. What is not clear is the demarcation of this under law at the moment. For example, if my personal data is hosted in Eastern Europe is it a UK government that has right of access (as a UK national) of the government of the country where the data physically resides? The UK government is discussing ways by which the provider can unencrypt data to allow the government access. Under this argument, an individual may prefer to have their data stored in a location where the data remains encrypted and protected rather than back on UK soil where laws allow greater freedom for government access.
Key to the data sovereignty debate is that at least on home soil, the company has greater visibility and potential influence in terms of how access is controlled and governed. Offshore, the view is that we are at the whim of another government over which the company would have little if any influence. The fact that both Microsoft and Amazon have committed to building UK datacentres demonstrates that they recognise the concerns, even if these turn out to be unfounded ones. In essence, companies are being given the choice and that provides them some protection from their customers if things do go wrong.
What do businesses need to understand on cost and technicalities?
– Technically it is not such an issue. We would expect a premium to the unit price for going private, location specific, cloud (and it’s a fine line as to whether this is simply onshore outsourcing if you take away and ‘flex-up, flex down,’ rapid deployment benefits that cloud has claimed).
– Whether it costs more to supply is a moot point; simply put the more constraints you apply to the provider in terms of how they deliver the service the higher the price is.
– If there is a big rush from true ‘anywhere cloud’ to ‘local cloud’ then some offshore data centres will become less utilised and a higher cost to maintain. But since the issue is really about the UK’s post Brexit concerns, in the short term at least the data movement will be from near and offshore back to the UK.
In the wake of, and ambiguity of Brexit, one thing is certain. It is crucial for businesses to have a solid understanding of data sovereignty and data security. Forewarned is forearmed and this is never more prevalent than now.