In a merger and/or acquisition (M&A) situation, IT must quickly respond to the needs of the business and securely integrate two disparate companies in just a few quarters to meet change of control timelines.
Often, business integration takes precedence and the acquired entity is granted full access to the buyer's IT estate, creating unfettered access to mission-critical applications. Post-closure due diligence routinely identifies cybersecurity vulnerabilities and elevated operational risk (BCP/DR), which could have a material impact on the deal valuation. However, these findings are overlooked, to complete the transaction in the agreed upon transaction window.
This legacy M&A integration approach is at odds with protecting a firm's brand and reputation. To address this, enterprises must “re-imagine” their M&A integration approach and deliver zero-trust user and application connectivity through cloud-based security platforms.
Taking this approach dramatically simplifies IT M&A integration, reduces timelines to a matter of weeks, and eliminates many of the security risks, which derail a successful transaction.
How zero trust changes the game for M&A
While much has been said and written about zero trust, there has been little mention to date about how it can improve security and accelerate time to value in M&A scenarios. Mergers and acquisitions are challenging for IT. Leaders are under pressure to act fast and achieve fast return on investment while the IT team is responsible for ensuring appropriate connectivity to apps and the security of sensitive data. Legacy network architectures and infrastructure adds friction and complexity to these challenges.
Adopting zero trust principles comes with a range of benefits. These include increased business agility and a reduction in the cost and complexity of security. Zero trust supports hybrid working and digital manufacturing environments, with companies able to raise their security posture and enable secure work from anywhere by consolidating and eliminating point security products. This superior approach to integrating IT in M&A is, arguably, long overdue.
Now, IT can leverage a cloud-delivered zero trust network access (ZTNA) service during M&A integrations. This allows users to access the apps they need without placing them on the network or delivering connectivity via a remote access service like a VPN.
Discovering how to enable intercompany traffic is only the first step. Implementation can take months or even years. IT must figure out which applications HR, Finance, Legal, Sales or development teams need access to, then grant and manage the appropriate access levels. In many cases, users and untrusted devices are placed directly on the merged LAN with misconfigurations or worse still - no business policies at all.
User access has to be enabled to network landscapes and, at the same time, a consistent security policy must be maintained to mitigate the risk of an attack or data leakage. This is easier said than done, leaving 61 percent of enterprises concerned about weak security practices of external users from acquired companies.
The evolving role of the CIO and how it helps
The CIO’s role has evolved in recent times with IT becoming much more integral to business strategy. The evolution began as organisations digitized, and continued when CIOs created a secure work from anywhere environment to maintain business continuity during the pandemic. If brought into the discussion early enough, CIOs can act as a strategic business advisor in M&A scenarios as well. For serial acquirers, CIOs will develop and execute an M&A playbook that delivers a fast return on acquisition investments.
The CISO should not be overlooked in M&A planning either. This function will add value and support agile business moves by reducing the risk associated with each engagement. If CIOs and CISOs are brought in early enough to strategic business discussions, they will ensure a smooth and secure IT transformation. It must become a thing of the past that business projects fail to return desired outcomes for reasons of IT and networking.
These past two years, we have witnessed an accelerated transition to the cloud, and new security requirements have surfaced to support our highly distributed workforce. This rapid transformation has completely eroded the concept of the castle-and-moat security architecture which has exposed businesses to escalating, large-scale security breaches.
The same technology that supported the secure work from anywhere initiatives based on ZTNA can be applied in an M&A scenario. Based on the key learnings that granular and policy-driven access to an application can support a remote working situation, the same broker mechanism can be applied to grant access to applications in the different network worlds of the merging companies.
A zero trust approach changes the game for M&A IT integrations, significantly shortening time spent on risk profiling, connectivity, and access. It reduces deployment time while minimizing risk and simplifying operations. Find out how to accelerate your next M&A, take a look at Zscaler solutions for M&A and Divestitures.