Over the last decade, mergers and acquisitions, along with divestitures, have been common within the Defense Industrial Base (DIB). They come in all sizes, from small firms strategically coming together to offer a broader product portfolio, to niche businesses of larger primes being divested to focus on core competencies. While the business aspects may be one part to executive leadership or shareholders of doing so, the integration or disintegration largely falls on small teams tasked with operating in short timeframes, with little support or guidance on the process by which it is undertaken.
Planet Technologies can help organizations who are in these scenarios today, see them on the horizon, or are simply seeking to expand their understanding of the core activities during this process.
A Simple Approach
Through hundreds of examples of the M&A/D process within the DIB and more broadly across commercial, state and local government, and education, Planet has set forth a simple approach which forms the foundation for success.
- Most organizations already have cloud presence, usually significant, and maturity in cloud within each organization should be a top consideration
- Assess existing platforms through rapid engagement
- Determine “winner” in platforms, technologies, governance, and culture, though all of these will not go live at the same time
- Go beyond technology – compliance, culture, organizational change are all leading factors to end-user perception of the success of these scenarios
This simple approach lends itself to making decisions quickly, and allows for organizations to adhere to legal, financial, or compliance deadlines.
Areas of focus
There are four areas of focus that Planet identifies when working with organizations on an M&A/D plan for customers. These areas are on-premises technologies, cloud technologies, compliance programs, and security posture. Within these core areas, all technology platforms should be considered, though Planet’s focus in this writing is that of Microsoft-related technology.
Many would use the term technical debt when thinking of existing on-premises technologies, and while there certainly is a spot for this declaration, more generally in these scenarios, on-premises technologies may be what are driving an acquisition. Whether it be intellectual property, processes, manufacturing, or R&D; these are often the most critical aspects to the integration of organizations with each other. They’re what pay the bills. So, while there are points of integration across these technologies, usually in the short term, much of the on-premises infrastructure remains unchanged, save for some core services like identity (Active Directory), device management, and any hybrid cloud infrastructure. Organizations should assume infrastructure like data lake/warehouse, HCM/ERP, and manufacturing systems remain in place within the first part of the integration process.
Each organization’s compliance posture is a key part of understanding how integration will proceed. One might assume that in the DIB each organization may already have a robust compliance program and are well postured. Planet has seen that the existing compliance posture is largely not considered as a factor in many M&A/D scenarios. Indeed, integrating an entire organization’s existing compliance practices and documentation into a single program can prove to be very difficult–especially when done as an afterthought. This is where having all of the compliance program and posture information at the start of the integration, collectively aligning the organizations to their compliance requirements, and setting forth realistic goals on the outcomes to be achieved is crucial to preparing for the inevitable audit that will follow an acquisition.
Organizations within the DIB largely have a well-executed security posture, due in large part to the need to meet compliance standards as discussed above. However, as is not surprising, each organization, their CISO, and security team have different approaches to fulfilling these needs. Whether it be best-of-breed, common-vendor stack, or a combination of these, having synergy on security practices and tools is certainly an outcome that executives expect as part of an M&A/D scenario. Being mindful of this outcome along the journey of an integration requires assessment of existing tools and practices from a non-biased perspective, including determining cost efficiency, training, and upskilling (as necessary), and potential business impact. Combined with assessing security controls and families that are filled by these tools, security programs are generally integrated after cloud infrastructure, but during compliance, and before on-premises infrastructure.
We all know what the first outcome of the first meeting of an M&A/D team will be. “When can my people collaborate with our other organizations?”. Thankfully, we’ve come to the most flexible, capable, and well-known part of M&A/D integration, cloud infrastructure. For this topic, we’re considering cloud infrastructure to be SaaS services, specifically Microsoft 365. There have been many advancements in the ability for Microsoft 365 tenancies to connect, and collaborate, even before a full migration of users and data. This is made possible by cross-tenant access settings, robust cross-tenant security policies and visibility, device and MFA trust for least end-user impact, and guest access within the collaboration tools such as Teams and SharePoint. Couple this phased collaboration with a tenant-to-tenant migration strategy that can generally be executed within several months (for full user integration), and end-users and leadership alike can see value shortly after the integration process begins.