In the podcast show Defrag This, host Greg Mooney interviews Chris Hickman on how IT should approach mergers and acquisitions (M&As).
Chris Hickman is the chief security officer at the Keyfactor, which offers all kinds of cybersecurity techniques and tech for the US and abroad's most prominent firms. The topics discussed range from possible challenges and opportunities to general approaches to make the process as smooth as possible.
The Challenge of Mergers and Acquisitions (M&As)
Mergers and acquisitions are almost famously hard to handle. The process of merging every department and managing the future cooperation of teams and managers can drag on for months and, in the worst case, even years. If not done correctly, Greg Mooney describes the procedure as a "nightmare for all departments," and the "integrating and dissolving is a grueling process."
The risks are high. When data gets transferred, and new systems are not yet developed, data breaches and safety leaks are a real threat. The IT departments are especially under high pressure to perform in an extreme situation while reforming themselves and sometimes not even having established systems and protocols yet.
Here comes the part where Chris Hickman from Keyfactor steps in. Being a professional in secure digital management and IT solutions, this is just the theme he excels in.
According to Hickman, there is "no hard and firm rule" for the order of the first steps. But he has some suggestions for the structure of IT departments merging, to prevent chaos and not waste valuable time.
It may sound very straightforward, but keeping the business reasons for the merger in mind is crucial. The still not combined departments' future structure needs to fulfill the end goal as fitting as possible. Integrating the business goals into the software and finding a system to do so effectively is always a good start. It will also set your focus right from the beginning.
"Looking for alignment and disconnect in policies," is another important task, says Hickman. From a security standpoint, everything from declarations of consent to data policies needs to unification. Finding similarities and adapting the rest from this start is an excellent method to save time and resources.
Visibility for IT on Both Sides of an M&A
This one is the most obvious. When combining two different systems, the IT team needs first to map out what is already there. What software do the others use for what, and how? Under what security measures are data sets collected and stored? Are there possible security risks?
After answering those questions and collecting the data necessary, essential, and meaningful decisions can be made. Found commonalities between both firms are always appreciated, and usually mean little work and adaptation for the teams. Hickman also mentions the typical 20% of material that is so diverse and different that it makes up most of the necessary time for unification. Here the IT team needs to extra careful with the decision making since these departments tend to be the most time-consuming.
The newly combined team can come from very different backgrounds regarding hierarchy, culture, and power distribution. The separation and distribution of tasks and routines usually have to be established anew. But generally speaking, "people are very willing and open," as well as "highly collaborative" in Hickman's experience.
Not only does the IT team see lots of changes. The company's overall culture will get a strong influence on the software and the resulting representation and access of downstream employees in the firms' intern network. Simplicity is essential, especially at the beginning. More advanced models are harder to alter when they need to update after the first period of testing.
CRM Systems: The Crucial Step in M&As
The most critical systems to integrate are usually all CRM systems. Whatever is essential for the firm's core business and represents revenue should always be the core of all approaches. Finance also requires the highest security level, just as company secrets and stored data might be classified and shielded from market opponents.
Firewalls and configurations need to be addressed early on to protect all data and software that might move in the future. In mergers, major security breaches can occur when two formerly safe systems get integrated into a non-finished third. During this time, lots of improvement and detection of former security issues can be made.
After all, a challenge is also a chance to discover solutions.