Zscaler to Expand Zero Trust Exchange Platform's AI Cloud with Data Fabric Purpose-built for Security

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Subscribe
News & Announcements

We Closed! Now What?: A CIO's Playbook for M&A

image
LARRY BIAGINI
February 09, 2018 - 5 min read

After the shine and media frenzy of the merger fades, your work as a CIO has just begun.  And It’s not just about the financials, personnel or visionary plans—the technology is crucial too.

You need to integrate different systems and techniques and previously unknown policies and procedures need to be learned. The handcuffs that were on during the due diligence phase come off, and your organization expects instant access. The entire organization is looking at you to keep them up and running. If you can integrate the two organizations quickly and effectively, you can have a positive effect on the overall success of the deal. Slowfoot the integration, and you can suck a lot of value out of the deal very quickly.

In the middle of this entire process,  productivity levels are at risk, and as a profession, we probably underestimate the security risks during this critical time. As our board’s often remind us,  the job of the CIO is to get productivity up and cost out; the ability to do this effectively can have a materially positive or negative effect on the organization.

CIOs need a playbook in hand on day zero to effectively manage the first 90 to 120 days and to help shorten the long tail that is IT in an M&A. Here are the top three steps CIOs must take immediately in the case of M&A.

Communicate, Communicate, Communicate

Employee engagement often dips following the announcement of a merger and it is paramount to be transparent and open in order to continue fostering trust. But just because you merged doesn’t mean your business will pause for you to get up and running. In the first few days, it’s crucial for communications to flow seamlessly between teams.

Newly merged companies are hotbeds of rumor and innuendo. By integrating major communications channels and working effectively with IT teams, both old and new, you can ensure everyone has the right access, the right information and are working on the right task. Granted, there are bound to be some issues in the integration process. But the typical workforce knows this; all they need is evidence that the decision-makers are responding to it in one form or another.

Assess Your Risk

What new risks is the new company bringing in—financial, operational, security? After the merger it's important to go through things with a fine-toothed comb and evaluate the real situation rather than relying just on what was learned in the due diligence period. Immediately assessing risks and their impact is crucial to the playbook.

The minute you merge, your risk profile goes up, both from a security and compliance perspective as well as from a financial perspective. The two businesses will have different vulnerabilities, gaps and priorities to realign. There may be long-term contracts that will sit on your books for years to come. There may be a higher burden of regulatory compliance placed on the new organization.  The acquired organization may have some skeletons in their closet they don’t want to come share with the integration team. Anything can happen in this crucial time. It’s important to Assess, re-evaluate and adapt initial plans and communicate that out to leadership so that you aren't coming in a year later saying that you don't have the tools to get the job done.

Of all these matters, the first you need to assess is security. A breach of any size can have a direct negative financial and competitive impact — not to mention, it is easier to attack an organization in flux using methods like phishing attacks and identity theft. There is also an increased risk of intentional or unintentional data leakage; the insider threat. As such, organizations need to develop and execute a security strategy as soon as a merger or acquisition takes place.

Integrate the Players

I cannot emphasize this enough. In the first few days, the CIO needs to really touch all parts of the newly combined organization to make sure all players feel like they’re valued, integrated and that they will be evaluated and promoted based on their merits, not the side of the deal they sit on. Strong people often see a merger as an opportunity to move up or move on. Your job as CIO is to influence that choice early in the situation to keep as many strong players on your team as possible.

Yours, Mine or Ours?

The cloud changes everything, and CIOs need to leverage that transformation in their planning. As your face the potentially daunting task assessing what distinct aspects and technologies of each organization should be kept and promoted, it’s worth considering the benefits of throwing out the legacy products of both companies, and using the merger as an opportunity to accelerate transition to the cloud, reduce capital costs and streamline processes.

Merger-driven IT consolidation is happening all around us and has a significant impact on the brand and customer experience. A lot of this rides on the IT executive who has made a decision to bet his company’s future on a particular set of products or a technology stack. Not only is s/he responsible to the president or CEO, but also to the many executives who manage lines of businesses and expect IT to just work. Knowing this, starting early and strong can go a long way.

In today’s active business climate, it’s not a matter of if you will be involved in a merger or acquisition, but rather when. Will you be ready?  If you are interested in the technical aspects of M&A, you might also try "A Tale of Two M&A Journeys" by Lisa Lorenzin. 

 

 

form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.