close
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
          Experience Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            Netskope debuts as a Leader in the Gartner® Magic Quadrant™ for Single-Vendor SASE
              Securing Generative AI for Dummies
              Securing Generative AI for Dummies
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                Modern Data Loss Prevention (DLP) for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  Modern SD-WAN for SASE Dummies Book
                  Modern SD-WAN for SASE Dummies
                  Stop playing catch up with your networking architecture
                    Understanding where the risk lies
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                            Netskope GovCloud
                            Netskope achieves FedRAMP High Authorization
                            Choose Netskope GovCloud to accelerate your agency’s transformation.
                              Let's Do Great Things Together
                              Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
                                Netskope solutions
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Netskope Technical Support
                                  Netskope Technical Support
                                  Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
                                    Netskope video
                                    Netskope Training
                                    Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.

                                      Building Security into Your M&A Process Part 3: Merger or Acquisition Close (“Day One”)

                                      Jul 07 2022

                                      This is the third part of a four-part blog series covering each of the four phases of the merger & acquisition (M&A) process and how you can build security into each phase. In case you missed it, Part 1 covered the why it’s important to integrate security into the due diligence process in the first phase of M&A and Part 2 covered integration planning and public announcement.

                                      Phase Three: Merger or acquisition close (“Day One”)

                                      Now you’re ready for “Day One”—when the acquiring company actually acquires or merges with the target company. And from a security perspective, anything that happens from this day forward—you’re responsible for it. 

                                      In the old days, you’d be flying in firewalls and all sorts of other physical appliances trying to get them installed in time to start immediately monitoring and protecting the expanded organization. It was a big mess back then—and most companies would probably still agree that it’s not a fun process. But with the right planning, tools, and resources, your security team can design an integration process that is executable in a very short amount of time and repeatable for future acquisitions. Software-based security solutions make things much easier to deploy and configure than the hardware of a few years ago.

                                      A common Day One goal is getting the acquirer’s key executives access to the target company’s systems, and vice versa. Cross-pollination needs to happen from the start, especially on the operational side and in critical departments like finance. Opening these systems up for new users and new processes can present tremendous risks. For example, because both companies use internal IP addresses, it’s very common to have IP conflicts. These are not their public IP addresses; these are the internal ranges. Organizations need some kind of security solution in place that helps prevent these sorts of common IP conflicts within the newly joined environment. 

                                      There are a number of other critical security questions that need to be answered at this point, including:

                                      • Are you able to limit access to the target company’s existing cloud services and applications to avoid data leaks and close security gaps?
                                      • If there are new SD-WAN connections to target branch sites or remote offices, can you provide visibility and data protection for them?
                                      • Can you make a comprehensive assessment of the target company’s threat monitoring capabilities—including the granular movement of data to/from the target’s cloud solutions? (There might be sensitive data in their cloud environments that has been left unmanaged.)
                                      • Can you identify and manage third-party integrations and detect any high-risk activities or behaviors by target company users?
                                      • Are there security weaknesses that you identified during the due diligence process that need to be addressed

                                      And unfortunately, a lot of these sorts of important security activities have to wait until Day One because they can’t officially be done prior to the deal closing. In most cases, you can’t actually start running detailed scans until the acquirer actually own the target company. Deep scanning is a near-term necessity because most companies today will have modern infrastructure complexities that need immediate monitoring—SaaS application configurations, private application access, IaaS implementations in different public clouds, as well as other multi-cloud deployments. Once integration begins, the entire business becomes exposed to any vulnerabilities or threats hidden in its infrastructure.

                                      Stay tuned for Part 4, where I tackle how you should approach long-term integrations following M&A. For more about how you can fit security into your M&A process, download a copy of the Smoothing Out M&A solution brief, or register for my upcoming webinar on August 17 with Netskope Deputy CISO James RobinsonThe Four Mistakes You Can Make That Will Blow Up an M&A.

                                      author image
                                      James Christiansen
                                      James Christiansen is Netskope’s VP of cloud security transformation and leader of the Global Chief Strategy Office. He is focused on enhancing Netskope’s global clients.
                                      James Christiansen is Netskope’s VP of cloud security transformation and leader of the Global Chief Strategy Office. He is focused on enhancing Netskope’s global clients.

                                      Stay informed!

                                      Subscribe for the latest from the Netskope Blog