TL; DR: Brexit provides further impetus for organisations to use cloud native approaches to technology.
On June 23rd 2016, the voters of the United Kingdom voted in favour of leaving the European Union, by a margin of 51.9% to 48.1%. While there have been no immediate changes to the law and treaties, the implications and ramifications from the decision of the UK electorate are significant.
In this article we will cover two areas of particular relevance to technologists, namely data and employment in the UK and EU. It is important to say up front that if you have any legal questions you should address these directly to a lawyer.
The Bigger Picture
In the immediate aftermath of the result, the UK has been plunged into political turmoil, and the financial markets have had an extremely negative reaction. The next step for the UK government is to notify the European Council under Article 50 of the Lisbon treaty of the UK’s intention to leave the EU.
Once Article 50 is invoked, negotiations will take place over a period of up to two years, with a possible extension if agreed by all other member states. Currently, there is not appetite within government to make the initial notification, meaning at the very earliest we are looking at September to October 2016, once the governing Conservative party leadership contest, which was triggered by the resignation of the prime minister on June 24th, completes.
Technically there are no immediate impacts on technologists and technology plans. However, given both the political and regulatory uncertainty technologists are well advised to take Brexit into account in their designs.
As a quick, back of the envelope assessment, running a PESTEL analysis is definitely worthwhile, as Ray Wang of Constellation Research discusses in his post Brexit analysis. It is worth, in this context, thinking through some of the implications of technology and the reactions that the general populace have had, and are having, to digital transformation.
There are a number of broader strategic tools you should also consider such as mapping, but as of now considering Brexit as a wicked problem is a good approach.
The Options Facing the United Kingdom
There are five potential options for the UK, these being
- Stay within the EU
- Join the European Economic Area (EEA)
- Join the European Free Trade Area (EFTA)
- Create Bilateral treaties
- Use WTO based trade deals
Ben Gelbum of the London Economic provided a clear and simple explanation of the four out options earlier this month.
Your Simplest Guide to Exactly What will Happen In A Brexit https://t.co/0YZ0V5fyr0 #EUref #Brexit #VoteRemain pic.twitter.com/NviQSDU70K
— The London Economic (@LondonEconomic) June 9, 2016
While a large part of the Brexit campaign was fought on the issue of immigration, it is difficult to see how access to the common market can be maintained without the existing agreements on free movement of people being maintained, which leads us to the EEA or EFTA options. As we return to later, free movement is considered sacrosanct by the EU for access to the common market.
Data, the UK and the EU
Here at RedMonk, we have spoken about the value of data for a long, long time and more recently have been discussing ideas around geography, cloud and governance. In current and next wave of technological development and investment, data will only grow in importance. They key issues to understand, from a EU and UK context, are data privacy, sovereignty and locality.
Legislative Basis & Data Privacy
The current data protection regulations in the UK come from the 1998 Data Protection Act, which was transposed into UK law from the 1995 EU Data Protection Directive. Now this legislation is woefully out of date, and has been replaced, at a European level, by the General Data Protection Regulation (GDPR), which came into force just over a month ago on May 25th 2016. As with all such legislation there is up to a two-year period for the country specific version of the law to be put in place, meaning GDPR needs to be implemented by May 25th 2018.
While GDPR has be widely criticised, being in compliance with the legislation will be a requirement for any companies doing business within the EU. This leads us back to the larger question of what kind of trade deal, if any, the UK will negotiate, and the question of if the GDPR legislation will be transposed into UK law.
The implications of the GDPR are still being digested by legal professionals, but suffice to say how and where data is stored, and who can access, are all compliance aspects which firms trading in the EU must concern themselves with, regardless of Brexit.
Data Sovereignty and Locality
Understanding the geographic location in which data is stored, and where the associated computing power is going to be used will potentially gain far more significance. From a pure technology point of view, neither data or code cares where it is stored or executes.
Currently data stored in the UK is expected, and considered, to be in compliance with EU legislation. If this situation changes, such as with the advent of WTO only style trading agreement, we can expect even stricter controls to be applied to what data companies can store about EU citizens outside of the EU.
This focus on data protection is already occurring on a country by country level, with instances such as Germanys antitrust probe of Facebook based on data protection questions. We can only expect this kind of stance and probe to increase in a more fractured EU.
Technological Impacts & Remedies
The advent of cloud native computing approaches allows technologists to abstract compute power, and to a lesser extent data, away from physical locations. For legacy applications for the problems are far more complex, but for any greenfield applications, or new front facing initiatives taking a cloud native approach is by far the most sensible and future proof solution.
We have spoken before about various approaches to IaaS, PaaS and other technologies such as serverless, building on the viewpoint of all in or over the top put forward by Cohesive Networks. In the current climate companies building software which may be based in the UK, but serving customers in the European Union need to think very carefully around potential compliance aspects going forward.
In particular understanding where data centres are physically located, or having the ability to quickly move between locations is of critical importance. Cloud Computing providers such as Amazon, Microsoft, Google or IBM all provide details as to where the compute and storage you are using is located, and companies such as Apcera provide policy engines to ensure data and access is limited to the correct areas.
Where you are considering using services such as DBaaS (Database as a Service), MBaaS (Mobile Backend as a Service), serverless computing and so forth ensure you have a clear understanding of precisely what geography the service you are using is located in. Fully auditing third-party services that you may be using is also a worthwhile exercise to complete.
It is also important to consider application portability, and the ability to quickly deploy and move applications to different locations and clouds. Deploying and scaling your application using cloud native technologies from companies such as Docker (Docker), Pivotal, IBM and HPE (Cloud Foundry), RedHat and Apprenda (Kubernetes) will allow you to architect applications in a portable manner. It goes without saying that the underlying key to this application portability story is having a solid CI/CD strategy in place.
On the data front, we have also seen a large number of software defined storage companies emerge over the last years, with a particular focus on container based technologies emerging over the last twelve months. Companies such as ClusterHQ, Hedvig, Portworx and others all provide ways to manage and support storage across cloud providers and locations. These abstraction layers will prove important for applications going forward.
As we are all keenly aware in the technology sector, talent is global, and the ability for companies to hire the right people for the roles they are trying to fill is vital.
For now, there are no changes to the employment situation of any EU or EEA citizen. The free movement of people is considered a corner stone of the free market by the EU. While nothing in this scenario is certain, you can say with a very high degree of certainty that no trade deals giving direct access to the common market will be agreed without free movement.
In the near term future there will be no restrictions on EU or EEA nationals coming to work in the UK, or for UK nationals moving to other European countries. Several politicians have been quick to say that those EU nationals who are already employed in the UK will be welcome to stay, but until there is legislation stating as much this is not guaranteed.
The key area to watch is, once again, they type of trade deal the UK negotiates with the EU.
Beyond the obvious initial impacts, in terms of currency, bond and stock market volatility, the impacts of not having the UK at the EU negotiating table are hard to quantify. In the era of platform companies, the UK government has been considered by many companies as providing a balancing voice against some of the more protectionist tendencies of other EU member states. Whether another country will step into this role is yet to be seen.
A large number of American multinationals have their European headquarters based in the UK. It is far too early to say if these companies will consider moving to other locations, but this possibility has to be given very serious consideration.
Technologists should use Brexit as further encouragement to look at cloud native architectures, with a focus on application portability and an understanding of where data is located, and how to ensure data is stored, compliant with local regulations, in the correct location.
Even if, in several years’ time, at the conclusion of the Brexit negotiations, nothing actually changes, organisations who make the cloud native move will find themselves with a stronger technology base to build their digital transformation story with.
While Brexit is far from an ideal situation, I will finish with a different note. In a conversation on the way to London’s Heathrow airport this morning, my taxi driver commented – “no matter what, the sun will still rise tomorrow morning”. Not only is he right, it is a happy thought in a time of considerable confusion.
Updates: June 30th, 2016 with clarification on Article 50 extension period following comments from Richard Munro.
Disclosure: In the interests of transparency it is important to state that I live in the UK and voted remain in the Brexit referendum.
Disclaimers:Docker, Pivotal, IBM, HPE, The Cloud Foundry Foundation, Amazon, Microsoft, Apprenda, Red Hat and Cohesive Networks are current RedMonk clients.
Credits: Brexit Image by Succo
Auf Wiedersehen, Mate: Some Thoughts on the Tech-xit - Enterprise Irregulars says:
June 30, 2016 at 9:17 pm
[…] my colleague Fintan points out, the one workload flight we can be assured of now is the one into the Cloud. I wrote a bit about cloud geo/data governance here […]