Beware the Brexit Blues

Written by Phil Alsop, Editor, DCS Europe Published 2017-01-12 09:01:00

Hard, soft, black, white, grey and, most recently, red, white and blue. Nobody knows what the Government’s ‘crack’ team of negotiators might achieve during the Brexit process. Although, for as long as the whole negotiating strategy seems to be based on the assumption that the Germans desperately need to sell BMWs to the UK market, it’s just possible that we might underestimate the determination of the EU to stick to its ‘Freedom of movement of goods; freedom of movement of people’ mantra.

In terms of the technology space (and data centres in particular), one recalls that not so long ago a UK government official was heard asking a data centre expert, in all seriousness: “What will happen to all the data centres when everything moves to the Cloud?” (implying that data would no longer need to be held in physical data centres, but would somehow be floating in the virtual world). With this in mind, we should resist the urge to hold our collective breath for any positive news around ICT as part of the Brexit strategy.

On a more serious note, it’s not unreasonable to deduce that Brexit will have a minimal, if non-existent impact on the data centre industry. Of course, there might be some companies who think they need to have a data centre inside the Euro zone (and I guess the EU could legislate to this effect just to annoy the UK) to trade in the Euro zone and the UK could respond in similar fashion, but the reality is that, right now (and whisper it quietly), there are very few if any laws that require any block of data to be kept in any specific location.

In recent years, I’ve been lucky enough to attend a couple of roundtable events organised by the Cloud Industry Forum – the first one focusing on Cloud security, and the second on the likely impact of the arrival of both AWS and Azure on these shores. On both occasions, one of the other attendees was a solicitor, giving up his time for free (a legal first?) to join the debate, and on both occasions he went to great lengths to emphasise that, as things stand, there are no laws preventing the movement of data across the globe. The fact that this does not happen on a wider scale is more down to peoples’ ignorance of the true legal position, allied to a fair amount of smoke and mirrors employed by many managed service providers and data centre operators.

For example, end users may well be told that the new EU General Data Protection Regulation (GDPR) requires them to keep their customers’ data safe and secure in the country of origin. This is simply not true. The new regulation does place a great deal of (new) responsibility on the data owners to look after it, but I am not aware that it actually dictates a specific geographical location for the data.

However, whatever the legal position, there is plenty of industry-specific guidance and governance, and, perhaps most crucially, there’s the public perception factor. Imagine the Daily Mail headline: “Drug-smoking Dutch data centre manager failed to prevent DDoS destruction” – a story about how, say, the UK Department of Health’s records were based in an Amsterdam data centre, which then proceeded to lose them. Data breaches and losses receive a great deal of attention right now in any case, but if, pre- or post-Brexit, it was discovered that the government or even a big UK company, was storing sensitive data outside the UK… Well, you can just imagine.

 

In simple terms, Brexit thus changes very little. End users have always had a duty of care to carry out due diligence when using outside service providers – including when it comes to procuring data centre services.

 

And I’d argue that such due diligence should be rather more worried about discovering the track record of any potential supplier than getting too hung up on the niceties of real, or imagined, data protection regulations.

In a previous life, I worked on a warehousing magazine – the world of ‘big bag handling’ and ‘small parts storage’. Perhaps the most memorable story that I ever covered was that of a high-profile UK company which opened one of the first automated high bay warehouses. Unfortunately, shortly after the opening, the IT failed, and instead of the cranes picking product from the aisles, it was left to steeplejacks and other climbing experts to do the job. An expensive, and ill-thought out Plan B.

Right now, far more important than any perceived direct threat from Brexit, end users need to be concerning themselves with their managed services and colocation strategies and, in particular, their exit strategies. It’s an unintended cause of Brexit – the present and likely ongoing financial instability – that could well provide the biggest headache, as it may well lead to various managed service and colocation data centre providers going under. If this does happen, then a whole army of mountaineers won’t be able to help.

So, due diligence is the name of the game. Be confident in your service and data centre providers, be aware of the data protection requirements placed on you, but, above all, do not leave yourself vulnerable to a single point of failure, whatever shade of Brexit is achieved.