Securing Your Cloud to Support Successful Mergers & Acquisitions Cloud misconfigurations can cost you big. Take a look at the example of Marriott. In 2016, there was a huge merger between Marriott and Starwood Hotels. In September 2018, Marriott received an alert…
Lion Air Data Breach! Another Misconfigured S3 Bucket According to Dark Reading, Lion Air’s breach resulted when files containing the Indonesian airlines’ passenger names, passport numbers, birth dates, home addresses, and other data — was left openly accessible in an…
Securing Your Cloud to Support Successful Mergers & Acquisitions
Cloud misconfigurations can cost you big. Take a look at the example of Marriott. In 2016, there was a huge merger between Marriott and Starwood Hotels. In September 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database. The ensuing investigation revealed that there had been unauthorized access to the Starwood network since 2014. Every company should have in place the people, processes, and tools to support day zero evaluation of cloud security during a mergers and acquisitions (M&A) event. Without this you leave yourself open to massive financial, regulatory, and reputational risk.
As more companies migrate to the cloud it means their IT environments are increasingly in cloud and containers. There is a misperception that if both organizations are operating within the cloud, it will ease the integration. This is far from reality, since even for organizations using the same cloud service provider may have widely different configurations, architectures, and approaches. The quantity of variables is significant, and the rate of change so rapid, no two organizations will be operating cloud environments the same. Because of this complexity, evaluating security risk during the M&A process can be very challenging, and too often isn’t performed, isn’t performed early enough, isn’t performed comprehensively enough, or a combination of these items.
The good news is, security evaluation related to cloud service providers like AWS, Azure, and GCP doesn’t have to be a black box. In fact, DivvyCloud can provide companies with the ability to perform comprehensive, non-invasive, risk assessment and auditing on day zero of the integration process or during the M&A due diligence period. This capability radically changes how companies can minimize risk in M&A in a cloud first world.
Read our white paper, “Cloud Security During Mergers and Acquisitions,” for a deep dive into useful features to support a successful M&A
Watch DivvyCloud’s 60-second video to learn how we help customers like GE, 3M, Autodesk, Discovery, and Fannie Mae stay secure and compliant. DivvyCloud minimizes security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes). First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.
*** This is a Security Bloggers Network syndicated blog from DivvyCloud authored by David Mundy. Read the original post at: https://divvycloud.com/blog/cloud-security-mergers-acquisitions/