If you are replatforming on the cloud or looking to enhance your appeal as an acquisition target, identity and access management (IAM) should be at the heart of your strategy. Successfully replatforming, whether as part of post-M&A integration or a broader digital transformation strategy to improve scalability, security, experience, and performance, is easier and more effective when you have a specific plan for managing identity.
What does replatforming involve?
Replatforming entails changing and updating specific components of an application to allow it to function in the cloud and benefit from the resulting improvements in experience, scalability, security, and efficiency. As more organizations take advantage of cloud-native identity-as-a-service (IDaaS) platforms designed with agility and transparency in mind, updating your application allows you to take advantage of modern features like social login, multi-factor authentication (MFA), and single sign-on (SSO).
Implementing social login can increase conversions and improve customer experience because end-users can create an account and start accessing your services within seconds. MFA is increasingly considered an essential cybersecurity feature. Entrusting identity to an IDaaS provider can also reduce the maintenance costs of updating protocols to ensure compliance with GDPR and other data privacy laws.
How does IAM come in?
Naturally, both M&As and replatforming journeys demand a huge amount of advance planning. Decision-makers need to consider which systems to keep and which to jettison. They have to decide which business functions to integrate into their tech stack and how. And, in the case of M&As, they need to manage the expanded pool of user data that results from a deal without exposing security vulnerabilities, creating friction that drives users away, or roadblocking business goals. IAM empowers companies to accomplish all this with minimal disruption to business processes and end-user experience.
In this post, we’ll explore why IAM is a critical step in your migration journey, no matter what shape that journey takes.
The Value of IAM for Replatforming
Deliver a superior experience
The ultimate goal of an M&A or a cloud migration is to deliver more value to customers. But if your migration is so painful that your customers abandon you for another service, your digital transformation won’t succeed. Because signup and login are integral elements of the customer experience, an IAM solution is a necessary ingredient in eliminating friction.
Every time you lose a customer due to a messy M&A integration or a clumsy cloud migration, your organization loses value. That’s why it’s so crucial to deliver a frictionless customer experience during your M&A integration or while you’re replatforming.
Ensure a smooth migration
As many as 70–90% of M&As fail, often because there’s no clear identity integration process in place. If you’re interested in making an M&A deal, you need to demonstrate to your new partner that you can integrate your operations with theirs quickly and easily without compromising on security. The best way to do that is to weave IAM into the fabric of your M&A strategy.
The same logic applies to replatforming in the cloud. If you start migrating without a coherent identity strategy, you’ll end up with a heap of usability problems for your teams, your vendors and partners, and your customers.
Having an IAM solution in place before a merger or acquisition keeps you from spending months integrating applications rather than focusing on value creation. During the merging/onboarding period, your teams still need to get their work done. A centralized identity strategy goes a long way toward minimizing the disruption.
Managing post-M&A integration in-house is a hard, resource-heavy job. Identity is a highly specialized and rapidly evolving field, and your developers shouldn’t have to become security experts for you to achieve a smooth integration. IAM allows developers to focus on adding value to their own solutions rather than reinventing the identity wheel.
Enhance security and guide compliance
Potential M&A partners will see you as a major security headache if you’re struggling to manage a high volume of identities across multiple platforms without a centralized identity strategy. That’s because merging data is an integral part of any successful merger. Fundamentally, it’s what allows each partner to benefit from the other’s teams, technology, and customer bases. An IAM solution helps you sidestep the duplicate processes, squandered resources, frustrated teams, and lost customers that often result from M&As.
Another reason to implement IAM before you pursue M&A deals is that mergers and acquisitions can increase the risk of cyberattack, and your data is more vulnerable without a solid IAM solution in place. A majority of companies report that the risk of attack increases during M&A. According to a survey by Donnelley Financial Solutions, 44% of companies say the threat of attack increases significantly during a merger or acquisition, while 56% report that it increases somewhat.
In today’s regulatory environment, with data privacy laws like GDPR, CCPA, APPI, and LGPD covering about 65% of the world, it’s critical to assess security and data privacy prior to a merger or acquisition. If your new partners don’t like what they see, they may abandon the deal — or wish they had. A survey by Forescout Technologies found that 53% of organizations had encountered a cybersecurity issue during an M&A deal that jeopardized the deal, while 65% of respondents felt regret after closing an M&A deal due to cybersecurity concerns.
Don’t Be a Cautionary Tale
A solid plan for managing identity can make the difference between an M&A deal that realizes value and one that does irreparable damage to your brand. Let’s recap a few M&A deals that flopped for data privacy reasons:
- Marriott/Starwood data breach resulted in $123 million GDPR fine: Marriott International’s purchase of Starwood Hotels & Resorts for $13.3 billion in 2016, which created the largest hotel chain in the world, was followed by a cumbersome integration that still wasn’t complete in 2018 when Marriott admitted that Starwood’s reservation system had experienced a huge data breach that exposed close to 400 million guest accounts. Marriott was forced to pay a $123 million GDPR fine.
- Yahoo’s data breaches cost them $350 million in Verizon acquisition: Verizon’s 2017 acquisition of Yahoo almost fell through when pre-acquisition due diligence uncovered two data breaches that compromised at least 1.5 billion accounts. The deal went ahead — but for $350 million less than initially agreed.
- Facebook passed on TikTok forerunner due to concerns about illegal data use: In 2016, Facebook considered acquiring Musical.ly, the forerunner of TikTok, a video-sharing platform that now boasts more than a billion users around the world, before ultimately passing because of cybersecurity and data privacy concerns. Facebook’s concerns were not unfounded: TikTok is facing a class-action lawsuit in California alleging that the company collects and stores user data without consent, then illegally shares that data with servers in China. The Committee on Foreign Investment in the United States (CFIUS) is also investigating ByteDance, TikTok’s parent company, for inappropriately censoring videos for political reasons and failing to protect personally identifiable data.
In hindsight, of course, it’s easy to recognize that these wince-worthy stories have some common elements. With help from dedicated IAM experts, all of the companies involved in these deals could have spotted the red flags. That’s the kind of information you want to have before you hand over $13 billion.
Position Yourself for Success With IAM
Whatever kind of replatforming or integration journey you’re facing, you need data that is secure, accessible, and actionable. Before you replatform or get serious about an M&A deal, it’s worth investing in an extensible IAM platform like Auth0 to position your company for success.
To learn more about how Auth0 can help meet your identity needs, get in touch.
Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Security and application teams rely on Auth0's simplicity, extensibility, and expertise to make identity work for everyone. Safeguarding billions of login transactions each month, Auth0 secures identities so innovators can innovate, and empowers global enterprises to deliver trusted, superior digital experiences to their customers around the world.