Among the many complex issues driven by merger and acquisition (M&A) activity is the need for IT leaders to meld disparate systems and processes. A failure to effectively assess and devise a strategic plan to securely combine IT systems can lead to tremendous trouble and expense at a critical time for the acquiring company.
With this in mind, Verizon Business is offering five tips to assist businesses in building a successful framework for bringing together and securing IT systems.
1. Align IT and security integration with business intent. Oftentimes, IT and security managers do not take the necessary time, or are not given sufficient opportunity, to fully understand the business strategy behind a merger or acquisition. As such, they are tempted to make integration decisions based on IT drivers alone, rather than considering the accompanying business objectives as part of the greater picture.
IT leaders should make sure they understand how the business strategy aligns with the IT and security integration, so that the solution chosen is optimal for the business overall.
2. Communicate and plan effectively. Well-planned and executed integration activities and strong communications plans are essential to a successful merger or acquisition. This is true for any part of the organization going through changes, including IT.
There may be significant turmoil and uncertainty among employees of an acquired organization. IT executives should communicate information to their employees in a timely, easy-to-understand manner to stave off productivity loss and malintent due to speculation and fear.
It is equally important for company leaders to define a realistic roadmap for critical IT infrastructure and plan for additional load on the workforce during the transition, and to communicate this information to employees effectively.
3. Inventory all existing and incoming IT assets. First, ensure that the company has a strong visibility into and understanding of its own IT assets. This provides the basis for a successful IT integration. When acquiring another company, take a thorough inventory of the acquired company’s IT assets. Acquiring companies often do not have a full understanding of the IT assets they are acquiring, which opens up the company to increased risk.
This is more common than an IT manager might suspect. Sixty-six percent of all breaches investigated by Verizon Business in 2008 involved data that a company did not even know was on its systems. Be aware that while you are gaining IT assets, you may also be increasing your risk.
4. Understand the technical and reputational risks. As part of due diligence, understand the viability, scalability, flexibility, financial position, regulatory compliance, market share and service qualifications of major suppliers of services, hardware and software. This includes a thorough review of third-party organizations—such as vendors, customers and partners—that connect to the acquired business via its extended enterprise. Failure to review the company’s third-party relationships can impact security compliance and the initiatives surrounding them.
5. Assess IT maturity. Finally, as part of post-merger activity, determine the maturity of the acquired company’s IT assets. Identify the company’s compliance with industry regulations. Learn about the company’s disaster and recovery procedures. Review all essential IT practices concerning capacity management, change management and approval and problem management. An awareness of the company’s youth or maturity from an IT perspective can help the acquiring organization decide where it has incoming security strengths and weaknesses.
“As a leader in security and IT services, Verizon Business is poised to help clients make the most of a merger or acquisition, especially with M&A activity heating up as the economy continues to improve,” said Kerry Bailey, senior vice president of global services, Verizon Business. “Through our client engagements, we have learned that these five simple tips can help customers avoid common IT and security pitfalls associated with M&A activity. This allows a business to come out of an acquisition faster and stronger.”