Home IT News After the Deal Closes: Classes Discovered in M&A Cybersecurity

After the Deal Closes: Classes Discovered in M&A Cybersecurity

After the Deal Closes: Classes Discovered in M&A Cybersecurity


Jason Button leads the Cisco Safety and Belief Mergers and Acquisitions (M&A) group. He was previously the director of IT at Duo Safety, an organization Cisco acquired in 2018, making him uniquely positioned to lend his experience to the M&A course of. This weblog is the continuation of a collection centered on M&A cybersecurity listed on the finish of this submit.

This newest weblog submit will revisit the subject of Transferring Left to Proper: Cybersecurity Practices and Outcomes in M&A Due Diligence and classes realized from implementing Cisco’s M&A Cybersecurity Framework final yr.

Measurement Issues 

On this yr alone, Cisco has made ten acquisition bulletins, starting from small, agile start-ups to well-established, publicly traded firms. The various measurement and complexity of the businesses we’re seeking to purchase entail that we establish, assess, and alter for threat in another way.

Our M&A Cybersecurity Framework has allowed us to scale and streamline our discovery and threat evaluation processes to raised align with the extent of safety threat a deal poses. Utilizing normal safety guardrails, tooling, programs info, and different automated processes to display and assess non-integrated dangers, we are able to draft a Discovery Threat Evaluation earlier, thereby liberating up groups to concentrate on assessing extra complicated acquisitions and doubtlessly higher safety dangers.

Accelerating Integration 

Proper-sizing your threat evaluation method has extra advantages, together with the flexibility to establish areas of integration threat to speed up integration after the deal closes. An instance is the Valtix acquisition earlier this yr, the place we performed an aggressive and thorough discovery investigation to shut the deal earlier than the tip of April. The driving issue was the chance to debut an important product integration demonstration in early June at Cisco Reside, our flagship buyer occasion.

To fulfill this timeline, we would have liked to make sure that the safety threat was manageable and that we had stakeholder buy-in. We labored intently with cross-functional groups to establish and prioritize threat mitigation in order that we may meet our dedication. By having a sturdy framework in place, we had been in a position to speed up the combination course of whereas enabling the Valtix crew to be simpler and productive in a brief period of time.

One other lesson we’ve realized is prioritizing visibility into the acquired infrastructure earlier within the course of. Deploying instruments like Wiz.io and JuniperOne helps educate us about new environments and permits us to establish dangers sooner. That is important when triaging and prioritizing efforts between the corporate being acquired and the enterprise it is going to be absorbed into. For the Armorblox and SamKnows acquisitions, we had been in a position to concentrate on high-priority dangers and spend much less time spreading efforts throughout a number of work streams. Having a framework that helps us prioritize dangers is what’s most essential and in the end makes for higher, safer merchandise.

Wanting Again to Energy Ahead 

One other essential lesson realized this yr was easy methods to apply the M&A framework to re-visit earlier acquisitions to evaluate and perceive threat. Going by this course of with out time constraints or diligence pressures allowed us to hone our investigative strategies and refine our practices. For instance, we labored with the Meraki crew, a mature group that was acquired over ten years in the past and a major contributor to Cisco’s portfolio. We combed by a decade’s price of information to tell how we may simplify and streamline key areas of our integration framework and enhance our general safety stance. 

Securely Enabling Enterprise Progress 

One of many driving components for Cisco to amass firms is to establish and spend money on new improvements that can enhance the safety and efficiency of our answer portfolio. The M&A Cybersecurity crew works intently with Cisco’s Company Improvement Integration crew to evaluate and handle threat all through the invention, diligence, and integration course of.

The M&A Cybersecurity Framework has been a helpful instrument to make sure that enterprise, engineering, and operations leaders align and concentrate on integration effectively earlier than the deal closes. Operational alignment with IT, Safety, and different capabilities has helped floor essential points, resembling addressing workflows and consumer and buyer identities earlier than the combination course of. We’ve additionally discovered that by elevating safety early within the M&A course of, we’re serving to the enterprise take away obstacles that might get in the way in which of enterprise targets and obtain its worth drivers sooner, which results in accelerated enterprise progress.

Incomes and Sustaining Belief 

Management knowledgeable Simon Sinek has often acknowledged, “A crew will not be a bunch of people that work collectively.  A crew is a bunch of people that belief one another.”

Our M&A Cybersecurity Framework is a helpful instrument to assist securely allow the mergers and acquisition course of. Nonetheless, you may’t underestimate the non-public components wanted to make it successful. Constructing belief throughout a crew takes time and requires specializing in creating relationships, being empathetic, and demonstrating respect for a corporation’s tradition.

The press launch saying Cisco’s intention to amass Splunk cited one of many key worth propositions: “Unites two “Nice Locations to Work” with related values, robust cultures, and proficient groups.” The M&A course of is rather more than the mental property and know-how being acquired; the human capital and cultural strengths are sometimes essentially the most helpful belongings.

Wanting again this yr, my colleague Mo Iqbal summed it up greatest, “We are able to’t perceive the applied sciences till we perceive the individuals and tradition that enabled them to be so profitable.”

If you’re considering studying extra, please learn Greater than an Asset: The Folks Aspect of Mergers & Acquisitions.

Extra Sources 

Mergers and Acquisitions Cyber Threat Administration

Cybersecurity Consciousness Month

Associated Blogs 

Managing Cybersecurity Threat in M&A

Demonstrating Belief and Transparency in Mergers and Acquisitions

When It Involves M&A, Safety Is a Journey

Making Merger and Acquisition Cybersecurity Extra Manageable

Making certain Safety in M&A: An Evolution, Not Revolution

We’d love to listen to what you assume. Ask a Query, Remark Under, and Keep Related with Cisco Safe on social!

Cisco Safe Social Channels





Please enter your comment!
Please enter your name here