Corporate spinoffs pose a special kind of IT challenge. As a particular type of divestiture, a newly spun-off company has options: (1) either begin paying for IT services provided by its corporate parent, (2) start deploying its own infrastructure with a clean slate, or (3) find an alternative company to provide the services its parent once did and/or it requires moving forward.
If you are directing IT at a spinoff, before embarking on any of those courses, you should conduct a standard self-assessment to inventory your IT and communications needs. In particular, determine data residency and identify security requirements. As you undertake this transformation, be mindful of both immediate and long-term costs.
1. Run an audit
A business unit being spun-off first needs to itemize the parent-company IT resources that it consumes. With the proliferation of shadow IT and pockets of common services, however, it’s common today for organizations to be in the dark on this question. Tracking those down requires tools, but you also need a good process.
A multi-tiered process is a useful way to reveal assets and any gaps in a company’s knowledge. In our practice, we first learn what IT leaders think they know and then deploy tools to identify actual networks, assets, data repositories and cloud-based services. Then we compare the two assessments and identify any gaps, or corresponding blind spots. If you can itemize everything you require as part of the parent company, you’ll be better prepared to go solo.
2. Check your data
Country or regional authorities imposing data residency requirements need to know where your data is stored. Whether these restrictions are well-advised is a matter of some debate and strategic positioning. Amazon Web Services (AWS) has argued in one white paper that data residency is “counterproductive” to both data protection and global growth goals. Other cloud service providers, however, have underscored their efforts to localize storage.
To navigate laws in dozens of countries, follow on-going negotiations for digital free-trade zones and understand the sometimes contradictory legal rulings, you’ll need professional expertise and advice. Legal experts, however, will still need you to do your homework first. And depending on the location, they may need to do homework, too.
3. Agree to transition
Data residency is not the only reason you’ll need legal help during a spin-off. If your parent company is going to let you continue using their systems, that understanding needs to be nailed down. To drive alignment through the process, you should consider drafting a Transitional Service Agreement (TSA).
Negotiating these deals requires answering several questions. To list a few: Do your bandwidth and computing requirements change as a spin-off? Can existing software licenses be extended to a new legal entity? Does such a shift trigger a pricing change? What are the time limitations on the use of these legacy services?
4. Go greenfield, smartly
If a TSA means what it says, at some point you will indeed transition into an independent IT entity. In some cases, you might need a full stack of IT services right away.
In a greenfield scenario, you need to find replacements for all the assets and infrastructure you identified in the audit. One approach, sometimes advocated by large consulting firms, is to throw bodies and hardware at these transitional IT challenges. Or you can change the discussion from hardware investment to managed services and outsourced infrastructure. In so doing, newly liberated firms may find approaches better calibrated for their situation, workloads and business agility.
5. Don’t forget security
There are numerous ways to become less secure as a spin-off. In cases of gradual separation from the parent company, you may not realize when security becomes your own responsibility. If you fail to address standard security best practices during the transition period, gaps will almost certainly arise.
These weaknesses can persist. In one case, we were called in to assist a company eight months into its spinoff, and we found a team that didn’t even realize they needed to think about security. It’s an understandable oversight, with all the focus on the initial spinoff itself. And given IT security is rarely a company’s core competence and threats never seem to decline, a newly spun-off company typically needs help in this area. At a minimum, guidance and support around best practices.
The rising bottom line
Corporate spinoffs are on the rise. According to an Ernst & Young annual survey released earlier this year, 87 percent of companies worldwide are planning divestments in the next two years. That’s double the percentage from the previous year.
A divestiture can deliver financial returns to parent and newly spun-off company. But managing IT during a spinoff takes dedicated resources and attention to basics. You’ll need to audit your existing IT usage, identify data residency, negotiate transitional agreements and/or engage with providers to build out your new IT stack, all without dropping the security ball. Budget accordingly. Skimping on any of these tasks, as we have seen through numerous operational clean-ups over the years, can be costly in the long run.