The success of mergers and acquisitions (M&A) hinges on many factors, key amongst them successful integrations. In this, merging IT infrastructures is often a challenge but it is one that must be overcome – failing to achieve a smooth transition can jeopardise the early realisation of M&A value. Add to this the jeopardy of the as-yet-unknown acquired IT estate falling victim to a breach, and the stakes couldn’t be higher. However, now there is a simpler, more effective path to M&A IT integration through cloud security utilising zero trust principles.
Why M&A tech integrations struggle
IT environments have become steadily more complex. Hybrid architectures, an increasingly remote workforce, and ever-evolving cyberthreats all add to the challenge of swift, effective M&A IT integrations, not to mention the delivery of synergy benefits. It is not surprising therefore that 70 percent of technology integrations fail in the beginning, not the end, according to Bain & Company.
To stand the best chance of a successful outcome, it is important to plan integrations as early on as possible in the M&A process. Unfortunately, that often doesn’t happen: IT get involved late on because of sensitivities and confidentialities during M&A dealmaking and closing. That said, implementing even the best laid IT integration plan can still come up against problems.
Network architectures are complex; they have often been built up over time with legacy infrastructure co-existing alongside modern networks. In a merger of two IT environments, these complex architectures must be consolidated and protected with security rules and systems correctly applied. User profiles must be up-and-running through any transition as quickly as possible for day-to-day work to continue.
The business impact of lengthy or failed IT mergers
Disruption during IT transitions impacts employee productivity and therefore the delivery of value from the M&A. The alternative though is to maintain separate IT estates but that is fraught with risk and negates the potential cost and efficiency savings from M&A synergies.
That can be catastrophic for M&A value capture. It is pertinent to note that, according to PwC, 83 percent of successful deal makers realise their synergy expectations, while only 47 percent of unsuccessful ones do.
There is significant risk in M&A. If an acquired company brings with it security failings or challenges, those threats and vulnerabilities become the responsibility of the unwitting acquirer. Due diligence is therefore essential to mitigate the risk of ‘buying a breach’ with the reputational, as well as remediation costs, that can mean.
Where M&A IT integrations go wrong
Despite the amount of upfront planning, investment, and effort involved in M&A IT integrations, the results often deliver below expectations. They may fail to mitigate risk, take an unacceptably long time to deliver, miss the opportunity to synergise, or result in a poor user experience. They may even come up short on all counts.
It doesn’t help matters that many of the activities involved happen in a linear fashion, rather than running concurrently.
Resource is often a stumbling block. M&A activities mean long hours for stretched IT teams, lengthy process creation, and capacity issues trying to provide the acquiring and acquired company with cross-company connectivity.
The problem is that it is complex, time-consuming, and can be error-prone to try and combine IT architectures and systems, root out redundant (potential security risk) infrastructure, provide everyone with the correct authenticated access, and protect the whole environment.
How zero trust turns this around
‘Zero trust’ takes a different approach to security and access. Corporate network security has traditionally secured the perimeter, authenticating users as they access the network and keeping anyone on the outside, out. That’s no longer a feasible approach with an explosion in cloud-based services, applications, remote access, and additional devices.
Zero trust protects users, devices, and data rather than the corporate perimeter. It secures each access, rather than each network access, and it can do so without detriment to the user experience.
Taking a zero trust approach to M&A IT integrations can reduce the length of time involved in risk profiling and connectivity and access, and enable the majority of these activities to run at the same time.
Instead of secure access to the corporate network, users have secure connections to the applications and systems they access, wherever they are and however they are working. This makes for a consistent experience, without on/off network differentiation.
Due diligence and rigour are essential in all M&A deals to mitigate risk and maximise value. IT integrations have tended to be challenging, but a zero trust approach can turn this around to actually accelerate time to value. M&A should integrate only what is needed, adopting a zero trust secure access approach that gets users up and running quickly, delivers on synergy expectations, and moves the combined business more rapidly to value realisation.