Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Managing application connectivity securely through a merger or acquisition – Best Practices


Published on

Managing application connectivity securely through a merger or acquisition – best practices

When going through a merger/acquisition or a divesture process, companies typically need to move some of their applications to a different data center or to the cloud, merge duplicate applications, or replicate applications to new entities, and decommission the unnecessary ones in order to streamline operations and costs.

In practice, firewall policies will need to be changed or migrated to support the new connectivity, applications, servers and often new firewalls – without creating security risks, outages or compliance violations. This is a very complex project that, if not planned and implemented properly, can have a very serious impact on business operations.

Presented by Edy Almer, AlgoSec’s VP of Products, this new technical webinar will discuss best practices and a real-life use case, which will demonstrate how companies can successfully manage application connectivity through an M&A or divestiture process.

Key topics include how to:
• Automatically discover and map existing application connectivity flows prior to making any changes
• Proactively assess the impact of every change to ensure it does not break connectivity, affect compliance or create a security hole
• Define and execute the necessary security policy changes for traditional firewalls and cloud security controls
• Deliver unified security policy management across the new enterprise environment

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Managing application connectivity securely through a merger or acquisition – Best Practices

  2. 2. GOALS FOR TODAY 2 | Confidential Review real life customer use cases Product overview and best practices to address these challenges 01 02 03 Analyze several typical M&A/divestiture scenarios Summary & Q&A04
  3. 3. SCENARIOS • M&A – large company acquires small company. Integrate small company into large company, add branch offices, discard most small applications. • M&A – merger of equals. Mix applications from both teams, consolidate data centers. • Company split – replicate applications, split into separate data centers, split teams, replicate infrastructure. 3 | Confidential
  4. 4. SCENARIO 1 4 | Confidential
  5. 5. SCENARIO 2 5 | Confidential
  6. 6. SCENARIO 3 6 | Confidential
  7. 7. RECENT EXAMPLE • Large multinational technology bought competitor to become #1 in their field • During the merger analysis process, 2 product lines were found to be out of focus and were spun out as 2 individual companies • The merger of backend and frontend applications is expected to be a 24-36 months process • Divested companies will need their own IT within 6-9 months • A large number of new hires, and people leave because of uncertainty 7 | Confidential
  8. 8. FIRST STEP – MAP APPLICATIONS • To divide the spoils – need to understand inventory • Then need to replicate and cancel various applications • Move them to new data centers • When hard to move or split, create agreements for shared services, but add security controls 8 | Confidential
  9. 9. MIGRATE APPLICATIONS APPLICATIONS 500 An organization comprising an average of 20,000-50,000 people has
  10. 10. MIGRATE APPLICATIONS APPLICATIONS 800 An organization comprising an average of 20,000-50,000 people has
  11. 11. MIGRATE APPLICATIONS APPLICATIONS 1000 An organization comprising an average of 20,000-50,000 people has
  12. 12. MIGRATE APPLICATIONS APPLICATIONS 1500 An organization comprising an average of 20,000-50,000 people has
  14. 14. HOW LONG TO MAP ? 14 | Confidential A good consultant can do 5 applications a week • 5 consultants can map over 90% of applications in under a year • Good CMDBs are over 95% accurate – can validate 2 applications a day 6 months?
  15. 15. HOW MANY FLOWS ? 15 | Confidential A simple application has 10 flows A medium application has 25 flows A complex application has over 100 flows
  16. 16. HOW MANY APPLICATIONS DO YOU HAVE ? • up to 500 • 501-1000 • 1001-2000 • 2001+ POLL Please vote using the “votes from audience” tab in your BrightTALK panel
  17. 17. DO I HAVE TO MAP APPLICATIONS? • If Security is a nice to have – two other methods are used – but they introduce risks: • Map all active flows, without understanding them, and transfer all of them (can’t do a gradual project) – this does not work when applications move in several different directions • Move all applications, then open all traffic blocked by the firewall in near real time (big impact on organization) 17 | Confidential
  18. 18. IDENTIFYING THE CHALLENGES - SECURITY • Visibility – what are the assets my organization is moving?​ • Do I keep using it ? • What kind of security controls are in place if at all?​ • What new servers am I adding ? • Security Policy Management and Governance • Security policy definition and enforcement​ • Monitor the environment for changes and create alerts​ • Auditing and Adherence to Regulatory Compliance • Analyze the environment​ • Identify risks and gaps​ • Remediate 18 | Confidential
  19. 19. SECURITY CHECK – AM I GOOD TO GO ? • Application Connectivity • Discover and map connectivity requirements of existing and migrated workloads​ • Hybrid environments – distributed architecture​ • Troubleshooting connectivity​ • Change Management Process – Can I?​ • Define and enforce​ • Orchestrate​ • Automate​ 19 | Confidential
  20. 20. TACKLING THE CHALLENGES • Manually • Slow​ • Time Consuming​ • Error Prone​ • Professional Services Team • Minimal, may not suffice​ • Will not unearth problems​ 20 | Confidential
  21. 21. THE SOLUTION • Single pane of glass for your traditional, hybrid and multi-cloud estate​ • The experience gained through years of experience across traditional environments is leveraged and put into practice​ • ​A single solution that addresses the most common, important concerns and use cases rather than a multitude of small tools • Automated discovery and security connectivity migration​ 21 | Confidential
  22. 22. SUMMARY 30 | Confidential Application connectivity migration tools critical to support these scenarios Review of how AlgoSec supports application migrations scenarios for M&A 01 02 03 Reviewed and analyzed various M&A scenarios Summary & Q&A04
  24. 24. Thank you! Questions can be emailed to marketing@algosec.Com