Ask a CIO about the IT challenges of merger and acquisitions (M&A), and you’re likely to get a war story or two. It’s one of the biggest challenges we face. With an M&A, you and your team must navigate the pressure to onboard the new organization as quickly as possible so the business can start showing the value of the deal, but, at the same time, resist shortcuts that might compromise the company’s security posture.
Element Solutions, Inc. is a $2.33 billion specialty chemical and assembly materials public company with approximately 5,700 employees in 117 locations across more than 50 countries. Relative to company size, the IT team is fairly lean. Adding new, dedicated resources for every new site and acquisition isn’t always feasible, not to mention the lack of specialist skills in the IT and cybersecurity industry.
Challenges of Keeping Up with the Pace of Acquisitions
For ESI, acquisitions are part of our strategy. We acquire three to four companies every year. Naturally, our IT team plays a central role in any M&A activity, from driving integration with acquired companies to implementing new business models.
Cybersecurity, too, is a major concern. We quickly learned that traditional networking and security approaches were not readily suited for what ESI was trying to achieve, namely for the following reasons:
- A race against time. In the context of M&As, time directly translates to financial implications. The longer it takes for a business to achieve integration, the greater the financial impact on shareholders. ESI had implemented an SD-WAN architecture that involved lengthy waiting periods of several months to increase network capacity and unify a newly acquired entity with the rest of ESI.
- Lack of control and visibility. ESI has a global presence, with factories acquired from organizations that had limited investment in advanced technology and cybersecurity practices. This led to the existence of diverse computing systems spread across different geographies, which presented challenges in terms of control, visibility, and security.
- Lack of consistent experience. Another significant challenge involved the user experience. We noticed how it varied greatly depending on the location from where employees were logging in. In some locations, certain controls were available, whereas remote workers using a VPN service confronted limited access availability.
- Limited SD-WAN security. A typical M&A usually causes a sudden rush to bring a new site online and connect users. IT teams must scramble and adapt quickly, raising concerns about potential gaps and vulnerabilities. Our SD-WAN did not inspire confidence, and we felt susceptible to cyberattacks.
Two years ago, our security and IT teams were at the crossroads of modernizing and transforming ESI’s global network design. We were primarily focused on two issues: stronger cybersecurity and better networking performance.
Two approaches were evaluated. We could opt for best-of-breed, onboarding multiple vendors and a slew of siloed services that could conceivably conflict with each other. Adopting multiple solutions is not ideal from the perspective of scalability, manageability, consistency, and centralization. Additionally, we found that multiple solutions often had overlapping capabilities, resulting in extra cost for the same value.
The second option was to deploy what was then a relatively new cloud architecture known as Secure Access Service Edge (SASE). The attraction of this model is in its converged, all-in-one security package that consists of firewall-as-a-service, zero trust (ZTNA), secure web gateway, cloud security access broker, endpoint detection and response (EDR), and data loss prevention (DLP).
After considering the needs of the business from a resources, networking, and cybersecurity standpoint, we selected to partner with Cato Networks and its Cato SASE Cloud Platform.
Life after SASE
A lot has changed for my team after transitioning to a cloud-native SASE architecture. Here are some key highlights:
- Faster time to value. With every M&A, every new territory or location we expand to, IT can immediately shore up infrastructure and security. We no longer have to procure an MPLS connection because the SASE provider has local points of presence (POPs) in most regions. ESI only required an ordinary internet connection, and the SASE platform intelligently minimized latency problems by routing it through its own local PoP. Moreover, ESI receives the full gamut of security capabilities from the get-go without deploying a single security device or firewall. That’s all done simply by connecting to the SASE cloud.
- Consistency in user experience. Wherever our users are located, whether traveling, operating on-site, or remotely, they receive a consistent experience regulated by their access policies. On the backend, our team benefits from having just one platform to manage, as opposed to managing multiple services that often cause inconsistent capabilities and disjointed experiences and are cumbersome to monitor and operate.
- Less blind spots. SASE helped eliminate both connectivity and security blind spots. Because internet connectivity is passed through a single point, IT teams are significantly more efficient at troubleshooting and conducting investigations. From a security posture, ESI teams have a single-pane-of-glass view and control over users, clouds, applications, and data centers.
- Plenty of Capacity. Given our high dependency on cloud applications, we were unsure of performance moving from a split tunnel, decentralized egress architecture. SASE is built for the cloud and its scalability far exceeded the demand we could put on it.
- Efficient resourcing. Because SASE is seamless and user-friendly for administrators, ESI has less need to hire specialists who are experts at managing specific types of workloads, security, and networking technologies (and paying for that specialization). We can leverage IT generalists instead, which frees up resources for other parts of the business, such as entering new markets or finding new synergies with other manufacturers.
With the move to centralization and consolidation, ESI found an unanticipated “soft” benefit: Having a security partner that can help manage risk, collaborate directly, listen to our concerns, and act on feedback. Not only has the SASE cloud architecture delivered security that’s easier to manage, but it has also led to superior control and segmentation, which over time has effectively reduced the effort behind integrating acquired companies (with their own convoluted networks) by 80 percent.
Dustin Collins is Chief Information Officer of Element Solutions Inc (NYSE: ESI).