Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

Industry View | How to Connect and Protect Networks during Mergers and Acquisitions

Whether you’re divesting or acquiring, Rob Pfrogner of Virtela has a checklist for you

By Rob Pfrogner

February 25, 2008CSO

During the regular course of business, an organization purchases and sells assets in an ongoing effort to strengthen its health.   These assets may consist of anything from a few systems and resources up to large business units and whole companies.  The larger the asset, the greater the challenges of implementing the merger and acquisition (M&A) process to realize its benefits.

Most immediately, the acquiring company must gain availability to critical network systems of the acquired company. The security requirements of each company must be considered. Using a combination of technologies, including VPNs, firewalls, intrusion prevention and remote SSL, the acquiring company can implement network solutions capable of rapidly extending networks while maintaining secure segmentation for legacy or newly acquired user populations and critical assets – generally without the need to overhaul existing infrastructure.

Limited acquisitions, when the companies exchange only specific assets, present additional challenges when it comes to segmenting divested resources from the rest of the corporate network.  Security precautions must permit access to divested resources but not compromise any peer resources or external integrity.  Both the divesting and acquiring companies must take a number of factors into account:

Divesting company
-The geographic/logical location of each resource to be divested
-The potential consolidation of divested resources to a single, secured access point
-The systems and network design of each location housing divested resources
-The carrier(s) used to connect to and between each divested resource
-The number of ingress and egress access points in each divested resource
-The separation of traffic between the acquiring company and each divested resource
-The need to restrict or block the acquiring company’s access to non-divested resources
-The speed of the overall divestment

Acquiring company
-The geographic/logical location of the users/systems accessing acquired resources
-The geographic/logical placement of resources upon completion of acquisition
-New access paths opened through connectivity to acquired resources
-The carrier(s) used to connect to the acquired resources
-The network performance of acquired resources
-The need to restrict or block the divesting company’s access to internal resources
-The current security posture of the assets being acquired
-The speed of the overall acquisition

It is critical that both entities maintain secure access throughout M&A procedures. Even when a company is being wholly acquired, the acquiring company should carefully consider all new access paths and their associated reverse paths with regard to the users and resources that will employ those paths.  The divesting company must ensure traffic can be opened to divested resources while unauthorized assets remain protected. The acquiring company must understand the purpose of each M&A link and ensure it does not open reverse exposures into its own network.  If any resource will be shared during the M&A process, both companies should consider a comprehensive review of the security posture of each shared resource.

RESOURCE CENTER