336001f5 merger acquisition zero trust

Merger, Acquisition: Federated Identity And Zero Trust

A Merger or Acqusition is an exciting, disruptive event. Formerly competitive companies might be merged, causing a long battle of who has the best system. Formerly orthogonal companies might suddenly be called to cooperate. The quicker we can merge, the quicker we can start aligning interests, the quicker we can be successful. Amongst the barriers is our IT systems. Identity, Access. What is the best approach to quickly align these teams? Mergers and Acquisitions: Zero Trust.

20 years ago now my company was acquired by Cisco Systems. Cisco parachuted in a large team who executed a well thought out plan. Work stopped on friday as company A, and work started monday as Company B. To make that happen, a lot of people re-imaged a lot of machines, and a lot of changes happened. At the team we were acquired we were hundreds of staff. If we had been thousands, I’m not sure this would have succeeded as a strategy. Instead, I think a much messier mesh of VPN’s and partially cross-linked identity systems would have been lingering for days, weeks, months, maybe even years.

Fast forward to 2020. We have new technology and practices. We can achieve our merger, acquisition with Zero Trust.

First, we need a Federated Identity system. Don’t create new accounts and logins. Instead, create a new Federated Identity system which allows for a user to be working for one of the companies, or the other of the companies. Make no differentiation in ease of use nor security nor access.

Second, we need a means of authorising access to the resource. Zero Trust Network Architecture allows us to treat resources in isolation. Make no differentiation in ease of use nor security nor access for any resource, regardless of which of the 3 entities “owns” it. A Merger or Acquisition with Zero Trust allows authorisation regardless resource or user location or ownership.

Don’t hire a firewall or a VPN to do the job, they are not fit for purpose. They have a time and a place. But not here.

Once achieved, we can a la carte build the team and tools that will make the merged entity successful. And, in the unlikely event the merger fails and needs to be divested, its trivial to disconnect. Fast to start and try, fast to fail if needed. This is what continuous is all about. M&A, Zero Trust.