Jason Button leads the Cisco Safety and Belief Mergers and Acquisitions (M&A) group. He was previously the director of IT at Duo Safety, an organization Cisco acquired in 2018, making him uniquely positioned to lend his experience to the M&A course of. This weblog is the continuation of a collection targeted on M&A cybersecurity listed on the finish of this submit.
This newest weblog submit will revisit the subject of Shifting Left to Proper: Cybersecurity Practices and Outcomes in M&A Due Diligence and classes realized from implementing Cisco’s M&A Cybersecurity Framework final 12 months.
Dimension Issues
On this 12 months alone, Cisco has made ten acquisition bulletins, starting from small, agile start-ups to well-established, publicly traded firms. The various dimension and complexity of the businesses we’re seeking to purchase entail that we determine, assess, and regulate for danger in another way.
Our M&A Cybersecurity Framework has allowed us to scale and streamline our discovery and danger evaluation processes to higher align with the extent of safety danger a deal poses. Utilizing commonplace safety guardrails, tooling, programs info, and different automated processes to display screen and assess non-integrated dangers, we will draft a Discovery Threat Evaluation earlier, thereby liberating up groups to deal with assessing extra advanced acquisitions and probably larger safety dangers.
Accelerating Integration
Proper-sizing your danger evaluation method has further advantages, together with the power to determine areas of integration danger to speed up integration after the deal closes. An instance is the Valtix acquisition earlier this 12 months, the place we performed an aggressive and thorough discovery investigation to shut the deal earlier than the top of April. The driving issue was the chance to debut an important product integration demonstration in early June at Cisco Reside, our flagship buyer occasion.
To satisfy this timeline, we would have liked to make sure that the safety danger was manageable and that we had stakeholder buy-in. We labored carefully with cross-functional groups to determine and prioritize danger mitigation in order that we might meet our dedication. By having a sturdy framework in place, we had been capable of speed up the mixing course of whereas enabling the Valtix crew to be more practical and productive in a brief period of time.
One other lesson we’ve realized is prioritizing visibility into the acquired infrastructure earlier within the course of. Deploying instruments like Wiz.io and JuniperOne helps educate us about new environments and permits us to determine dangers sooner. That is important when triaging and prioritizing efforts between the corporate being acquired and the enterprise it will likely be absorbed into. For the Armorblox and SamKnows acquisitions, we had been capable of deal with high-priority dangers and spend much less time spreading efforts throughout a number of work streams. Having a framework that helps us prioritize dangers is what’s most necessary and finally makes for higher, safer merchandise.
Trying Again to Energy Ahead
One other necessary lesson realized this 12 months was the best way to apply the M&A framework to re-visit earlier acquisitions to evaluate and perceive danger. Going by way of this course of with out time constraints or diligence pressures allowed us to hone our investigative strategies and refine our practices. For instance, we labored with the Meraki crew, a mature group that was acquired over ten years in the past and a major contributor to Cisco’s portfolio. We combed by way of a decade’s value of information to tell how we might simplify and streamline key areas of our integration framework and enhance our general safety stance.
Securely Enabling Enterprise Development
One of many driving elements for Cisco to amass firms is to determine and put money into new improvements that can enhance the safety and efficiency of our resolution portfolio. The M&A Cybersecurity crew works carefully with Cisco’s Company Improvement Integration crew to evaluate and handle danger all through the invention, diligence, and integration course of.
The M&A Cybersecurity Framework has been a precious instrument to make sure that enterprise, engineering, and operations leaders align and deal with integration nicely earlier than the deal closes. Operational alignment with IT, Safety, and different capabilities has helped floor necessary points, equivalent to addressing workflows and consumer and buyer identities earlier than the mixing course of. We’ve additionally discovered that by elevating safety early within the M&A course of, we’re serving to the enterprise take away obstacles that would get in the best way of enterprise objectives and obtain its worth drivers sooner, which results in accelerated enterprise progress.
Incomes and Sustaining Belief
Management knowledgeable Simon Sinek has steadily said, “A crew just isn’t a gaggle of people that work collectively. A crew is a gaggle of people that belief one another.”
Our M&A Cybersecurity Framework is a precious instrument to assist securely allow the mergers and acquisition course of. Nevertheless, you possibly can’t underestimate the private elements wanted to make it successful. Constructing belief throughout a crew takes time and requires specializing in growing relationships, being empathetic, and demonstrating respect for a corporation’s tradition.
The press launch asserting Cisco’s intention to amass Splunk cited one of many key worth propositions: “Unites two “Nice Locations to Work” with related values, robust cultures, and proficient groups.” The M&A course of is way more than the mental property and expertise being acquired; the human capital and cultural strengths are sometimes probably the most precious belongings.
Trying again this 12 months, my colleague Mo Iqbal summed it up greatest, “We will’t perceive the applied sciences till we perceive the folks and tradition that enabled them to be so profitable.”
In case you are considering studying extra, please learn Greater than an Asset: The Folks Aspect of Mergers & Acquisitions.
Further Assets
Mergers and Acquisitions Cyber Threat Administration
Cybersecurity Consciousness Month
Associated Blogs
Managing Cybersecurity Threat in M&A
Demonstrating Belief and Transparency in Mergers and Acquisitions
When It Involves M&A, Safety Is a Journey
Making Merger and Acquisition Cybersecurity Extra Manageable
Guaranteeing Safety in M&A: An Evolution, Not Revolution
We’d love to listen to what you assume. Ask a Query, Remark Beneath, and Keep Linked with Cisco Safe on social!
Cisco Safe Social Channels
Share: