31 Oct 2012
Mergers, Acquisitions and Divestitures require special handling when bringing together two distinct organizations or separating a business from the remaining IT infrastructure. The technical environment can be rife with unsecure access points, un-patched servers, and incorrectly configured firewall settings. Information on the acquired company technical environment may be non-existent or incomplete and depending on the nature of the merger, it may be difficult to work with people during the transition. The idea of bringing together two organizations under one leadership requires understanding the risks. This risk analysis requires multiple tasks to uncover any underlying vulnerabilities in the architecture. So where do you start to untangle the colliding technical environments? 1. Vulnerability Scanning 2. Firewalls 3. Remote Access 4. Compliance Audits We recommend a series of vulnerability scans of the inside and outside environment to detect differences in the tools and policies related to patch management, which can strongly affect the presence of serious underlying vulnerabilities. A Managed Security Firewall strategy can bring together multiple sites under one unified strategy. You strategy must include management and monitoring of all firewalls by security processional 24×7, 365 day otherwise you risk your data being a target by the media attention from the corporate merger or divestiture. Remote Access SSL VPN can bring users into the technical environment from different geographies and authenticate each individual user for specific resources on the network. Managed Intrusion Prevention Services protect and defend the technical environment from malicious hackers and provides another layer of defense. While compliance standards are intended to be consistent from organization to organization, it is not uncommon that strong variations in the interpretation of standards can exist from both the organization and auditor’s perspective. Performing a fresh compliance audit of both organizations involved in the merger by the same audit vendor is strongly encouraged to uncover these variances.