|THE IT SECURITY PROFESSIONAL|
The IT Security Professional
Helping Organizations Understand IT Security
Companies and organizations continue to grow and develop, and as a part of that process, they end up acquiring other businesses through a merger or acquisition. The question always comes, how do you integrate the diverse networks while still being secure? This can be a complicated and difficult question to answer because of all of the variables and moving pieces involved in such a issue.
Whether you are the VP of IT, or the Director of IT Security, there is just not one way to tackle this issue. There are steps and some initial guidance on how this should be approached. While this is not a “one size fits all” type of recommendation, it can provide some of those basic aspects that you as the IT Security Pro will be facing.
Getting a Handle on Things
So, determining how you will integrate your computer networks and determining the direction from your senior management team will help facilitate a strategy that will be employed by your organization. This is true no matter if you are the acquiring organization or the one being acquired. This direction will help to provide a roadmap of how the integration will be accomplished and the ultimate goals that are looking to be achieved by its implementation.
Risk Assessment & Evaluation
Since you will be integrating two different networks, it is important to understand the potential risks involved and how those risks are evaluated. There could be quite dramatic differences between how the networks are managed and the resources that have been allocated to those requirements. Reconciling how this is accomplished will help to determine the course of action in merging these networks.
Evaluating network security is an important part of this initial assessment in that it will provide a gap analysis as to what might be missing in one network, and what is available with the other. Having this detailed out will also allow the IT Security Pro to determine the best course of action that needs to be taken. This will also help those in senior management to make decisions based on what is occurring instead of guess work done by non-technical staff members.
Course of Fire
Each of the organizations have a responsibility to inform the other of what actions and process were taking place prior to the acquisition. This area should be accomplished prior to finalization of the process, but due to the complexities that go into these sorts of deals, its not usually thought of till after the fact. This is where the IT Security Pro will step in and help guide and provide information to all of the stakeholders involved in the network integration.
This can be a very difficult aspect of the merger process to handle and should be carried out with integrations from both parties of the merger. Databases and repositories can be in diverse locations and both on premises and in the cloud. This can cause a headache to even the most seasoned IT Security Pro. Developing a plan on how to consolidate this information will be crucial in helping to determine the ultimate course of action that will be implemented.
There are two common methods that organizations may employ initially: with a full integration and merger coming later in the process:
Compliance Complicates Everything
Compliance requirements add to all the integration efforts a complication that can be very frustrating. This is especially true if you are in healthcare dealing with HIPPA requirements or PCI DSS for those in the banking industry. Some of these requirements and standards come into play when the organization hits specific benchmarks or capacities. Additionally, there could be fines associated with non-compliance to these standards as well.
With diverse organizations merging, some will have certifications and others may not. Determining what certifications to go with can or how they can be combined can pose its own difficulties. Some of these may be overcome with the accreditation body or the certification body that one of the organizations have used for their certification process. Also, adopting policies, procedures, and standards will have to be a course of action that should be addressed at the time of this integration process. The IT Security Pro will need to know the processes they need to follow and how that will relate to the work that they need to accomplish.
Making it Work
One of the most difficult aspects of this process is making everything work like it is all on the same network. Cost savings and combining resources is a huge reason why acquisitions happen. Once a strategy has been developed; it is up to the IT Security Pro to implement the plan and execute the various projects that can come from such a complicated project. Organizations will greatly benefit from the efforts that are put into the planning process and the IT Security Pro will benefit with they communicate these plans and issues to all the stakeholders involved.
Merger and acquisitions of corporate networks can be challenging, it is not as daunting as it looks on the surface. Integration needs to be planned and systematically applied across the network and its infrastructure. The effectiveness of this planning process will come in overall cost reductions in the management of the network and the increased efficiencies that come from integrating these systems. The roadmap to the integration should happen as soon as possible (during the negotiation period would be preferred) with both organizations providing resources and direction to the overall strategic outcome.
Erich is an experienced IT Security Professional that works with businesses of all sizes to help them understand the impact of IT Security on their organizations.