Stephen Singh, Global Vice President M&A, Zscaler
Nothing exposes the challenges of complex IT infrastructures quite like mergers and acquisitions (M&A). Converging networks, data, applications and user access controls takes time, is expensive and is fraught with risk that undetected security vulnerabilities will come back to bite the merged enterprise. However, for companies committed to a cloud native approach, there is a simpler and effective way to transition IT estates during M&A. It protects users, applications and significantly reduces time spent in IT integration.
2021 was a bumper year for M&A, with more than 50K transactions equating to $5.1 trillion worth of deal valuation according to KPMG . M&A is a successful route to corporate growth, market expansion and diversification for many companies but it presents many operational challenges, not least for IT.
Challenging and laborious IT integration
The value of many M&A deals rises or falls on synergy savings, but it’s not guaranteed that companies will achieve them. In fact, the failure rate for M&A ranges between 70 and 90 percent, with integration problems often behind this, according to the Harvard Business Review.
The difference between a rapid time to M&A value and a protracted build-up can be a clear and successful integration strategy, not least for IT.
The ‘traditional’ route to this is through network integration, combining IT estates so that users from both the acquiring and acquired organisations can begin to work as one cohesive unit.
However, there are some problems with this approach. It’s lengthy, laborious, CapEx intensive and increases the attack surface of the newly combined enterprise, potentially opening up both organisations to the security risks of the other.
While IT architectures are painstakingly integrated, the lack of access to combined assets and resources inhibits employee productivity and, ultimately, M&A value realisation.
A cloud first strategy transforms IT mergers
Instead, companies can choose a cloud-based M&A integration which establishes a virtual tenant in the cloud. Users and applications are migrated virtually into this tenant meaning that, operationally, the acquiring company takes on a zero IT footprint day one and is relieved of the burden of battling legacy IT.
Instead of integrating data centres, this model implements cloud-based platforms to manage applications access going forward. Once the zero IT footprint tenant has been established in the cloud, the only thing remaining for the acquiring company to do is migrate their applications to their cloud service provider.
This approach is, by its nature, designed to be tightly coupled with an entire business transformation strategy of cloud migration and the protection of data and assets through a zero trust security model. It is ideal for companies with a cloud first strategy, as establishing a virtual tenant means they can connect users to their corporate cloud applications.
As organisations approach day two, where synergy savings are harvested, a cloud-based platform accelerates savings when services are simply enabled in the tenant, allowing a faster time to deployment and a lower total cost of ownership, since new infrastructure, licenses and resources are no longer needed. For example, an acquirer looking to address governance, risk management and compliance (GRC) requirements can enable Secure Sockets Layer (SSL) termination, layered with Data Loss Protection (DLP) to identity Personally Identifiable Information (PII) data that may be at risk, post deal closure.
Zero trust secures access beyond M&A
Cloud-based M&A IT integration, together with a zero trust cloud security model, enables potentially thousands of employees to be integrated in weeks, as opposed to months or even longer. This reduces friction so that the merged organisation can function as one and be greater than the sum of its parts much sooner.
It also mitigates and controls risks by taking a more modern approach to access control and security, one that continuously weighs up risks and makes better informed decisions on user access, compared to an outdated model that secures the network perimeter but trusts everything inside it.
Zero trust instead secures application access. It validates each access request, rather than network access attempts, to enable users to get at the applications they need, without necessarily placing them on the network or delivering connectivity via a remote access service, such as a VPN.
Zero trust relies on a robust security policy, whereby each access request is assessed against a detailed set of criteria that determines if that request is granted or denied. This ensures consistency of security access, strength in depth from an expanded data set against which requests are assessed, and a superior security posture.
Each merger or acquisition is an opportunity to pit the best of the combined organisations against the market to achieve the goals set out in the M&A. A slow, complex IT integration threatens to derail an organisation’s pre-determined time to value and does nothing for the user experience of employees.
Simplifying and speeding up IT mergers will contribute significantly to overall deal success. At the same time, a streamlined IT approach should improve the security outcome and set the merged organisation on the right path to a decentralised IT that secures cloud-based assets, supports remote workers and creates the right conditions for agile working.
A cloud first strategy, leveraging a best in breed platform, that establishes a virtual instance in the cloud helps organisations cleanly and efficiently transition IT estates during M&A, setting them up for value realisation and robust access control based on zero trust.