Few industries have been affected more by today's economic downturn than the financial industry. Many financial institutions have been forced into consolidations and mergers, requesting government assistance just to survive. They are pressured to show revenue increases and cost reductions almost immediately, and depend heavily on IT to meet these demands.First, however, IT departments must successfully integrate the merging companies' respective technology investments. In today's economy, large IT budgets and staff are no longer considered assets. If financial companies are going to survive, their IT departments must reduce costs and make their remaining resources as efficient as possible, while ensuring consolidation tasks are accomplished smoothly and safely.
Challenges of a Merger or Acquisition The scope of the challenges faced by IT in financial industry M&A are unprecedented in today's economy. Not only must the IT team support demands for "as-fast-as-possible" increases in revenue and reductions in costs, they must accomplish this while meeting the extensive access control, auditing and reporting, and transparency requirements of many new legislative and industry rules and regulations-often, despite downsizing and budget cuts.
Differences in the two organizations' cultures, business processes and technology platforms can pose huge internal and external risks to security and compliance posture. Intruders may try to take advantage of internal instability, inconsistently-implemented policies and the general chaos of change. Disgruntled employees can pose an internal security risk, as well.
Another security threat during a merger or acquisition comes from messaging and collaboration. E-mail is probably the definitive business-critical IT resource since virtually every business process depends on the availability, integrity and performance of messaging services, as well as collaboration tools like scheduling and calendar applications. Integrating them improperly can open significant gaps in security and compliance, exposing the business to risk from users who should not have full access permissions.
Identity and Access Management The biggest, most critical challenge posed by M&As is the handling of identity and access management, which defines access rights and privileges throughout the enterprise. Identity and access management plays a central role in maintaining security and is key to assuring the proper handling of customer information. It is the fundamental technology for assuring the enforcement of IT resource access policy. Many organizations maintain a directory system for managing user identities and access privileges. Directories also are used to manage system configuration and access control for resources throughout the enterprise, including servers, file systems, desktops and printers.
Some businesses also use Lightweight Directory Access Protocol (LDAP) directories, as well as databases, to manage user and resource identities and access control. It is vital that rationalization of identity and access management across the merging companies be undertaken with great care. Not only can mishandled identity cause security issues, but identity management breakdowns can take multiple business processes down with them. Combining the two identity management systems requires solutions that recognize and solve the challenges of identity resource integration, including directory interoperability and migration.
Maximize Efficiency Security, compliance, and identity and access management are just a few of the important issues IT must address during a merger of two financial institutions. Today, those challenges are compounded by the need to quickly create more business value for the institution. There are several ways IT can maximize its own business value, however, and add to the institution's bottom line. Since IT faces diminished budgets and lowered headcounts, it must reduce department waste and make remaining resources more efficient for the bank to succeed. This can be done several ways: • Ease migration challenges by finding a solution that enables competing systems and applications to communicate effectively with each other • Eliminate redundant effort by combining resources and automating platform management where possible. • Reduce time required for repetitive tasks by automating wherever possible. • Reduce excessive expenditures by quickly consolidating the two institutions' IT toolsets; select best-in-class solutions to provide the biggest positive impact both on IT operations and the business' bottom line. Also consolidate and reallocate server resources where possible to reduce unutilized server capacity.
It's possible to actually do more with less by creating a leaner, more efficient set of IT resources-an essential step when combining IT operations. Specific ways to accomplish this include: • Consolidation: Consolidate redundant systems and file servers to reduce IT's internal overhead. Also reduce the number of directories and consolidate the rest into a less complicated infrastructure design. Consolidate non-Windows directories into Active Directory whenever possible. • Automation: Use software that handles the most repetitive tasks, especially those performed across different systems. • Compliance: Use solutions that address the various aspects of compliance throughout the environment. Consider enterprisewide compliance. Also, create a single configuration control system by implementing configuration controls to extend across platforms. Align access controls to business objectives instead of technologies or platforms; implement change control and auditing on configuration control systems such as Group Policy; and establish a configuration baseline for operating system configurations across the enterprise. • Audit and Track: Everything! Consolidate native event logs from Windows, Unix, Linux, Active Directory, Exchange, databases, firewalls and everything else into a single, centralized, tamper-proof database. Use reporting tools to turn the data into the reports auditors demand. • Maintain Availability: Besides files, folders, e-mail and databases, back up Active Directory, Group Policy and other "command and control" technologies regularly and automatically. Place them under change and version control when possible, and keep them thoroughly audited to maintain full availability of your IT resources.
Choose solutions tailored to the specific requirements of the consolidation. They should enable different resources in both institutions to interoperate without requiring significant re-engineering of existing solutions. Tools that make efficient use of limited IT personnel and resources can help the IT staff manage and maintain the infrastructure in less time and with fewer budget dollars, which will maintain system security and allow the new blended financial institution to meet the quick turnaround demands for reduced costs and increased revenue. Don Jones is a consultant to Aliso Viejo, Calif.-based Quest Software and is co-founder of Concentrated Technology, an online resource for news and advice to IT professionals.