Managing application connectivity securely through a merger or acquisition – best practices
When going through a merger/acquisition or a divesture process, companies typically need to move some of their applications to a different data center or to the cloud, merge duplicate applications, or replicate applications to new entities, and decommission the unnecessary ones in order to streamline operations and costs.
In practice, firewall policies will need to be changed or migrated to support the new connectivity, applications, servers and often new firewalls – without creating security risks, outages or compliance violations. This is a very complex project that, if not planned and implemented properly, can have a very serious impact on business operations.
Presented by Edy Almer, AlgoSec’s VP of Products, this new technical webinar will discuss best practices and a real-life use case, which will demonstrate how companies can successfully manage application connectivity through an M&A or divestiture process.
Key topics include how to:
• Automatically discover and map existing application connectivity flows prior to making any changes
• Proactively assess the impact of every change to ensure it does not break connectivity, affect compliance or create a security hole
• Define and execute the necessary security policy changes for traditional firewalls and cloud security controls
• Deliver unified security policy management across the new enterprise environment
2. GOALS FOR TODAY
2 | Confidential
Review real life customer use cases
Product overview and best practices to address these challenges
01
02
03
Analyze several typical M&A/divestiture scenarios
Summary & Q&A04
3. SCENARIOS
• M&A – large company acquires small company. Integrate small
company into large company, add branch offices, discard most small
applications.
• M&A – merger of equals. Mix applications from both teams,
consolidate data centers.
• Company split – replicate applications, split into separate data centers,
split teams, replicate infrastructure.
3 | Confidential
7. RECENT EXAMPLE
• Large multinational technology bought competitor to become #1 in
their field
• During the merger analysis process, 2 product lines were found to be
out of focus and were spun out as 2 individual companies
• The merger of backend and frontend applications is expected to be a
24-36 months process
• Divested companies will need their own IT within 6-9 months
• A large number of new hires, and people leave because of uncertainty
7 | Confidential
8. FIRST STEP – MAP APPLICATIONS
• To divide the spoils – need to understand inventory
• Then need to replicate and cancel various applications
• Move them to new data centers
• When hard to move or split, create agreements for shared services,
but add security controls
8 | Confidential
14. HOW LONG TO MAP ?
14 | Confidential
A good consultant can do
5 applications a week
• 5 consultants can map over 90% of applications
in under a year
• Good CMDBs are over 95% accurate – can
validate 2 applications a day
6 months?
15. HOW MANY FLOWS ?
15 | Confidential
A simple application
has 10 flows
A medium application
has 25 flows
A complex application
has over 100 flows
16. HOW MANY APPLICATIONS DO YOU HAVE ?
• up to 500
• 501-1000
• 1001-2000
• 2001+
POLL
Please vote using the “votes from audience” tab in your BrightTALK panel
17. DO I HAVE TO MAP APPLICATIONS?
• If Security is a nice to have – two other methods are used – but they
introduce risks:
• Map all active flows, without understanding them, and transfer all of them
(can’t do a gradual project) – this does not work when applications move in
several different directions
• Move all applications, then open all traffic blocked by the firewall in near real
time (big impact on organization)
17 | Confidential
18. IDENTIFYING THE CHALLENGES - SECURITY
• Visibility – what are the assets my organization is moving?
• Do I keep using it ?
• What kind of security controls are in place if at all?
• What new servers am I adding ?
• Security Policy Management and Governance
• Security policy definition and enforcement
• Monitor the environment for changes and create alerts
• Auditing and Adherence to Regulatory Compliance
• Analyze the environment
• Identify risks and gaps
• Remediate
18 | Confidential
19. SECURITY CHECK – AM I GOOD TO GO ?
• Application Connectivity
• Discover and map connectivity requirements of existing and migrated
workloads
• Hybrid environments – distributed architecture
• Troubleshooting connectivity
• Change Management Process – Can I?
• Define and enforce
• Orchestrate
• Automate
19 | Confidential
20. TACKLING THE CHALLENGES
• Manually
• Slow
• Time Consuming
• Error Prone
• Professional Services Team
• Minimal, may not suffice
• Will not unearth problems
20 | Confidential
21. THE SOLUTION
• Single pane of glass for your traditional, hybrid and multi-cloud estate
• The experience gained through years of experience across traditional
environments is leveraged and put into practice
• A single solution that addresses the most common, important
concerns and use cases rather than a multitude of small tools
• Automated discovery and security connectivity migration
21 | Confidential
22.
23.
24.
25.
26.
27.
28.
29.
30. SUMMARY
30 | Confidential
Application connectivity migration tools critical to support these
scenarios
Review of how AlgoSec supports application migrations scenarios for M&A
01
02
03
Reviewed and analyzed various M&A scenarios
Summary & Q&A04