M&A Security: How to Protect Your Next M&A (Part 3)

Firemen don’t rush into burning buildings in their gym gear. They pile on 75 pounds of personal protection equipment – and they have just over 1 minute to properly gear up.

Approaching a merger and acquisition requires similar corporate protection processes and solutions and in just as short a timeframe.  With the right approach, organizations can help to protect their organization within tight timeframes during an M&A IT Integration.

In Part 1 of my M&A security series I reviewed a few crucial errors and omissions organizations make in their rush to realize the cost synergies from the deal; and in Part 2 I explained in detail about two real life examples of organizations suffering from acquisition related security headlines.

In this third and final part of the M&A security series, I’ll discuss what you can do to protect your organization and where to go to get more information.

How to protect yourself during an M&A IT integration

Before we begin, I want you to understand that plenty of organizations have performed a successful M&A IT integration; and mostly likely because they learned from others and their own travails in past M&As. While migrations differ in their specifics—like platforms involved, the complexity of the user structure, the volume of data—there are some general best practices that should be applied across the board to safeguard your organization.

  • Perform discovery—And not just a cursory discovery of what the acquired organization has so you can plan a migration timeline.  I’m talking about understanding the users, applications, systems, permissions and other details of both the source and the target environment, as well as their interactions and dependencies.  This includes monitoring for suspicious activity, identifying vulnerable systems, locating and cleaning up unused mailboxes, accounts and services, and archiving old content.
  • Backup and recovery data—In a migration, things will go wrong.  You need to make thorough backups of the originating forests, mailboxes and collaboration sites and pair that with a reliable recovery process to help roll back migration mistakes or to use long after the migration happens (like in a ransomware attack).
  • Govern and secure the target environment—Make sure your pristine, new environment is secure by establishing governance and tracking and alerting on abnormal or suspicious changes and user activity.  You also want a solution to prevent changes to your most important objects, such as administrative groups!

These are just a few of ways you can protect your organization during an M&A IT integration. Learn more ways in the ebook: How Mergers and Acquisitions Impact Data Security.

A repeatable M&A framework

We know IT integrations of an M&A aren’t easy or small. While each M&A is different, the methodology doesn’t change. Your chance of success for an M&A is much higher when you implement repeatable processes. Quest offers a complete and repeatable software and services framework for M&As from Day 0 IT Due Diligence, to Day 1 IT integration and Day 2 ongoing management and security.

Don’t complicate your M&A IT integration further by using multiple products from multiple vendors. Standardize on a partner with the tools and expertise to offer a multitude of flexible approaches for Day 1. Quest delivers a repeatable framework that allows you to become familiar with a set of solutions, and a single support and services team.

How mergers and acquisitions impact data security

Before your next M&A IT integration, learn how to avoid M&A IT integration missteps and protect yourself from security breaches.

Download the Guide

About the Author

Jennifer LuPiba

Jennifer LuPiba is the Chair of the Quest Software Customer Advisory Board, engaging with and capturing the voice of the customer in such areas as cybersecurity, disaster recovery, management and the impact of mergers and acquisitions on Microsoft 365, Azure Active Directory and on-premises Active Directory. She also writes thought leadership articles and blogs aimed at the c-suite to evangelize the importance of these areas to their overall business. She chairs The Experts Conference, a yearly event focused on pure Active Directory and Office 365 training at the 300 and 400 level for the boots-on-the-ground Microsoft admins and managers.

Related Articles