Home > Intel Communities > Open Port IT Community > IT@Intel > Blog > 2009 > May > 12
Up to Blog Posts in IT@Intel
Previous Next

IT@Intel Blog

May 12, 2009
Chad Clemons
1

The challenges for IT when handling an M&A project can be quite daunting to say the least.  But before we go down those winding, twisting roads, I'll start with an overview of the different types of projects we tend to come across related to M&A deals.

M&A refers to mergers and acquisitions.  These are the deals that companies enter into for various business reasons including growing talent quickly, expanding product lines or entering new markets.  For the IT project manager, these types of deals and decisions result in one of several scenarios.

I have yet to be involved in a merger project.  In my mind, a merger is the joining of at least two companies to form a new combined corporate entity.  The original companies would typically be comparable in size and enter into the deal more as partners on somewhat equal footing in terms of control and influence.  Needless to say, the IT challenges of a merger could be enormous.  Again, I haven't had the experience of working on such a project, so I'll certainly spend more time on the other scenarios.

Acquisitions involve, well, the acquisition of a smaller company by a larger company.  Dare I say it, assimilation?  From an IT perspective, this typically involves figuring out how to bring a smaller company's infrastructure and data into the greater corporate IT environment.  I might add that a key challenge of acquisitions is executing this transition without damaging things like culture, process and work efficiency of the acquired company.

Divestitures are the unnamed scenarios of M&A.  Sometimes we talk about M&A&D, which  makes a nice TLA.  :)  A divestiture typically involves the sale of components of one company to another company.  This is different than an acquisition in that only a piece of a company is being acquired by another.  Although one company's divestiture is in fact another company's acquisition.  Interesting, no?

Finally, I must include another scenario which seems to be quite common these days, the site closure.  Although not exactly an M&A style effort, the site closure is often the ultimate end of an acquisition.  Although I am far from an experienced operator when it comes to M&A, I've been around the block enough to see the pattern...big company acquires smaller company...big company extracts value out of acquisition, or not...a few years pass...acquisition site closes.  Of course, I have also seen acquisition sites become key facilities for ongoing operations.  One interesting twist with site closures is that they can sometimes turn into divestitures.  More on that later.

In a nutshell, these are the four major categories of projects we consider within the IT M&A scope.  I will elaborate more on each scenario in future blog posts.  Stay tuned!

I'm curious to know what kinds of M&A projects have impacted IT at your company?

Disclaimer In Plain English:  My efforts are focused on IT systems integration (or the reverse) and I have no involvement with M&A business negotiations or decisions.  I have no knowledge of and cannot comment on or answer questions regarding specific deals, either announced or unannounced.

1 Comments Permalink Tags: acquisition, merger, it, openportpromo, it@intel, divestiture, intel_it, manda
Matthew Rosenquist
0

We naturally take comfort in being able to quantify the vagueness of challenges in our existence.  This past week, I was again reminded the cup of information security is filled partially with the complexities of human perception and ambiguity of emotions weighing our mental models of judgment.  These can be misleading.

 

This is not a revelation.  I thrive in the trenches of security measures and metrics, and learned this lesson many seasons past.  But it is so easy to fall back into the comfort of measuring, calculating, estimating, and even predicting risks with first impressions, and foregoing proper data collection and dispassionate analysis.

 

It is in our very nature to apply our big cognitive brains in an attempt to make sense of something which causes concern for our minds when we encounter situations we fail to grapple.  We default to familiar structures of logic and experience to give some insight, even if it is invalid.  If we cannot grasp a cloud, it makes us feel better to at least measure it.

 

I recently travelled to the beautiful city of Shanghai.  In the sprawling city of 19 million, getting about requires the use of a local taxi.  Drivers are aggressive by American standards.  They creatively use all lanes, including those of oncoming traffic, to weave in and out between pedestrians, other vehicles, and bicycles, all at high speed.  Roadway guides such as speed signs, stoplights, and lane markers are just cosmetic.  The concept of ‘right of way’ is defined by the vehicle which gets there first.  Tens of thousands of taxi drivers vie for pole positions at every light and traffic snarl.  I counted no less than half a dozen head-on near misses the first day.

 

Not surprisingly I was a bit concerned for my safety.  But what was the actual risk?  It seemed high, with all the jockeying, speed challenges, and lurching in front of other cars at a moment’s notice.  In formal terms, the security risk calculation was off the map.  Keeping it simple, risk can be defined as equaling the (threat) x (consequence) x (vulnerability).  Threats were abundant and vectoring from every angle.  Vulnerabilities were painfully obvious as the situation was an example of near uncontrolled chaos heavily dependent upon human judgment and intervention.  Lastly, the consequences registered as likely life threatening.  Vehicle safety measures are not equal to US standards, with no airbags and rarely a functioning seatbelt.  My brain began to do the rough math and formed a mental model where the conclusion was somewhere near the “I’m screwed” end of the spectrum.

 

Over time, I started to take a different perspective.  By the end of the week, and too many close calls to count, I observed the city’s taxi’s did not show damage which would be consistent with rampant numbers of collisions.  Although chaotic and unpredictable, they found a balance in avoiding impacts.  My drivers’ never appeared nervous.  Many were happy to take calls on their cell phones while racing into oncoming traffic and weaving back into our directional flow at the last second.  Yet, they were not worried.  The pedestrians who seemed intent on walking into direct paths of vehicles always looked up at the last possible moment and jumped out of the way of an untimely demise.

 

The dangers were still there.  Nothing changed but my perception.  The risks were high, controls were low, but it was the incident rate that was the telling measure.  Lack of vehicle accidents in such a tremendous population meant they operated in an efficient manner which my brain could not comprehend as safe.  But it was.  My initial evaluation misled me to a wrong conclusion: an inaccurate determination of risk.  I felt safer than before.  To this day, I cannot comprehend how they do it.

 

In our world of information security, we must take a step back from the limitations and biases we possess and stay true to proper forms of analysis in order to see the truth.  It is far too easy for us to slip backwards and inaccurately measure risk of situations we don’t understand.  Let’s continue to remind each other of this fact and challenge risk assessments, especially in situations where concern is more prevalent than fact.

0 Comments Permalink Tags: it@intel, vulnerability, risk, threat, information_security, model, matthew_rosenquist, security, rosenquist, optimal_security, analysis, measurement, measure, openportpromo, it, intel_it
Matthew Rosenquist
0

Everyone wants information security to be easy.  Wouldn’t it be nice if it were simple enough to fit snugly inside a fortune cookie?  Well, although I don’t try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to reinforce security principles and get people thinking how security applies to their environment.

 

Common Sense
I think the key to fortune cookie advice is ‘common sense’ in the context of security.  It must be simple, succinct, and make sense to everyone, while conveying important security aspects.

 

Fortune Cookie advice for April:

 

Capability, intent, and focus are the defining aspects to quickly prioritize threats.


The world of information security threats is vast.  We can easily be overwhelmed with different components, processes, impacts, and concerns.  Quickly identifying the benign from the urgent is a competitive advantage.  In order to organize and prioritize, we must have a consistent method to judge criteria.

 

I submit the three most compelling aspects are related to the attacker who is committing the violation.  Their capability to do harm, defines the likelihood of a successful attack.  The intent of the attacker has significant implications for the likelihood to detect activity and the persistence of continuing attempts.  Lastly, the focus of the attack, whether it is targeting you specifically or just looking for opportunistic victims, completes the overlapping picture to understand the precision of activities.

 

Given these three aspects, a quick evaluation can be made to determine the severity of the threat and attacks.  Of course this is just the first step necessary for triage, while a full evaluation should be conducted for the areas which rise to the top of the severity list.

 

Fortune Cookie Security Advice - May 2008

Fortune Cookie Security Advice - June 2008

Fortune Cookie Security Advice - August 2008

Fortune Cookie Security Advice - September 2008

Fortune Cookie Security Advice - November 2008

Fortune Cookie Security Advice - December 2008

Fortune Cookie Security Advice - January 2009

Fortune Cookie Security Advice - February 2009

Fortune Cookie Security Advice - March 2009

0 Comments Permalink Tags: it@intel, model, intel_it, information_security, openportpromo, it, security, rosenquist, strategy, corporate_security, threat, attack, attacker, matthew_rosenquist, risk, optimal_security

Popular Blog Posts