If you thought managing technology assets was all about software licensing, hardware lifecycle management and cloud spend analysis, you might want to think again. It’s all too easy to ignore the benefits that technology intelligence can provide to our organisations when we seem to be managing without it. But sometimes there are exceptional circumstances that highlight why we need complete visibility across all our technology, rather than just focusing on a few key activities around licensing or cost management for specific vendors. And it seems that Brexit is one of those…
- Brexit, GDPR and disparate markets: how does your API strategy stand up in an increasingly disconnected world?
What’s Brexit got to do with it?
In April 2019 – when the UK first extended the deadline for leaving the EU to October 31 – Snow Software conducted a survey across the UK, Germany, France, Spain, Portugal and Italy asking participants how they felt Brexit would impact them. When UK respondents were asked about whether they were worried about the impact Brexit would have on their job, 53 per cent said yes and 47 per cent said no, compared to the rest of Europe where 45 per cent said yes and 55 per cent said no. Given that Theresa May’s deal had just been rejected by the UK Parliament, it’s unsurprising that the responses were so evenly split – no one really had any idea what the impact would be.
It turns out Brexit may have implications for how we use our technology assets – and for many organisations that means changing the way that these technology assets are managed. I’d been thinking about this topic for a while and asked a few people what they thought the impact might be but hadn’t had much of a response. And then I saw a tweet from Sharon O’Dea that raised the question of what the restrictions might be on moving IT hardware between the UK and the EU post-Brexit (have a look here if you’re interested in finding out more about how much confusion there is on the subject).
While we don’t know what changes we’ll actually see in the event of a deal (or even a no-deal Brexit) it’s clear that moving equipment and software between the UK and EU may well become more complex. Hopefully we won’t need to fill in customs paperwork every time we move a business laptop across the border on a quick business trip, but the chances are we’re going to have to do a lot more to prove that technology assets being deployed or used across UK/EU borders has been purchased, taxed, licensed and contracted for appropriately. We’ve now missed the second deadline for Brexit, and we’re not much clearer on the detail of how it will impact on the day-to-day running of businesses across the UK-EU border. While this creates further uncertainty, the fact that there has been an extension means that we have a bit more time to prepare.
UK, EU and EEA – what do we currently know?
While the UK is leaving the EU, we also need to consider the European Economic Area (EEA) – the free trade area that links the EU, Iceland, Lichtenstein and Norway – from the point of view of contracts and the cross-border movement of goods. Despite more information being made available by various government agencies across the EEA, anecdotal evidence (discussions with all sorts of people in different organisations, roles and situations, news articles and social media posts) suggests that concern about the impact on business is increasing. Uncertainty and an inability to prepare has already had an impact with businesses losing contracts or moving operations out of the UK to avoid this. The most concerning of these on an individual level is the lack of communication to end users from within their organisations – many of those who work internationally haven’t heard anything from their IT departments, or indeed elsewhere in their organisations. A couple of people mentioned that they’d been advised to minimise travel commitments around the Brexit deadline, but these were the exception.
Do you know what you’ve got, where it is, where you bought it and who uses it?
When we finally know what’s going on – and the good news is that we have a bit longer to prepare for the deadline, but realistically the transition will take years – it will help if you have worked out:
- Which software installations are physically located in the UK
- Which software is assigned to users employed in the UK
- Which SaaS subscriptions are assigned to users employed in the UK (and where that SaaS is delivered from)
- Which IaaS/PaaS/hosted services are accessed by users employed in the UK
- Which EEA employees spend a significant amount of time in the UK and what devices are assigned to them
- Which UK employees spend time in EEA countries and what devices are assigned to them (identify roaming users and confirm their country of employment with HR)
- Where you purchase the software and where it is deployed to (i.e. are you exporting from the UK to the EEA or from the EEA to the UK)
Some of these may have been identified already for GDPR purposes, so make sure that you talk to your Data Protection Officer (DPO) or equivalent rather than duplicating efforts. Of course, if you have the information easily available in your IT Asset Management (ITAM) or Software Asset Management (SAM) systems, then you can work together to validate both sets of data.
Now the Oct 31st deadline has passed, you need to work towards being in a position to take a snapshot on whatever the new deadline is. But until we know what the deal is there is little more you can do to prepare, but armed with this information you’ll have an idea of the scope of the problem – the parts of the business impacted, the individuals involved and the technology vendors you’ll need to work with.
Once you’ve identified all the hardware, software and cloud services that are used in the UK/by UK employees, then you need to check the contracts and entitlement. While the hardware is (relatively) straightforward to manage – even with the number of mobile devices we have to manage, software and cloud services may be less easy to deal with. Where you have global contracts then there may not be any issues, but you do need to check whether the terms are consistent globally or whether there are any EEA-specific provisions that you need to be aware of. Where global agreements require geographic assignment and currently have the EEA as a single geography, you will need to ensure that you can split out the UK requirements if necessary (in the event of ‘no deal’ or one that leaves the UK outside the single market). Once the taxation implications become clear you may find that at contract renewal you need to rethink where you contract for and purchase your licences in order to be the most tax efficient (or minimise the bureaucracy).
It is also worth making immediate changes to mitigate the impact of new purchases such as:
- Amending your standard contract negotiation guidelines to ensure that new contracts (or renewals) address the geographic issue by either removing restrictions completely or adding ‘UK’ to the ‘EEA and Switzerland’ terminology that it usually included
- Creating a notification policy or process to identify any breach of terms of service
- Add a workflow that includes a requirement to provide details of ‘country of use’ or ‘country of residency’ to any request or input of contract and license documentation
Software asset management requires particular attention
Technology assets include hardware, software and cloud assets, and SAM probably gets more attention than the others. However, that doesn’t mean that SAM teams are likely to be Brexit-ready. While many organisations focus their SAM or licence management activity on a vendor-by-vendor basis, often prioritising based on size of contract or spend, I have always advocated a process-based approach. The situation caused by Brexit is an example of why – while many software asset managers are focused on compliance from an individual vendor perspective (a legacy of the audit culture that has become less prevalent in recent years), there is more to SAM than licence compliance, and it is not simply the vendors where you spend the most money that you may be exposed to risks or have opportunities.
Taking a process-based approach means that once you have your processes working, then all consumption data can be held and understood. And likewise, any entitlement data can be added to the SAM system as and when it is delivered (or for historic data, when it is located/identified). Taking a process-based approach makes it easier for you to address business challenges (how much is the total cost of providing tech to support e.g. an individual/a business process; can you prove regulatory compliance e.g. assignment of contracts to the correct legal entities, payment of invoices by the entity that uses the product or service), and puts you in a position where events like Brexit (and hopefully there won’t be too many of those) don’t result in massive disruption as you have to start from scratch with the hundreds of vendors who haven’t been on your priority list previously.
To prepare for Brexit, you need to know about every single piece of software and every cloud service that is used in the UK or by UK employees. Likewise, you need to understand their entitlement. If you’ve been focused on individual vendors you may have excellent data for a few key vendors (typically Microsoft, Oracle, IBM, SAP, Adobe and around half a dozen others), but be missing data for many of the others. If you have low SAM maturity and have been tactically focused you’ve got a lot of work to do.
What else can we do?
In addition to getting to grips with the data within your organisations, you’ll need to keep an eye on advice from both the UK Government’s Department for International Trade and from the EU, EEA and member states. It’s also worth bearing in mind that many of the UK’s agreements with non-EU countries are based on EU treaties, so the implications may be wider than you think. Those IT leaders who can support their organisations through Brexit and the transition period by providing technology intelligence based on complete visibility across their digital technology will not only position themselves as a true business partner, but demonstrate value over and above the IT-focussed software licensing, lifecycle management and cost optimisation activities associated with traditional SAM and ITAM practices.
Victoria Barber, Technology Guardian, Snow Software