One of the most trusted strategies for sustaining business growth and innovation is the acquisition of companies who have proven product-market fit. But how do tech companies do that securely?
As you probably know, Mergers & Acquisitions are usually very busy times for tech companies, with lots of considerations about the tech, the people, legal, and of course the money. But something that is often overlooked is the security of the tech to be acquired. Is that tech going to become a security liability?
I had a conversation recently with Brook Schoenfield, a Resilient Consultant & Advisor with many years of security leadership experience with technology acquisitions. He outlined 3 things that must be done by software companies when making aquisitions.
Verify the software security practices of the company to be acquired (i.e. are we acquiring a boatload of vulnerability?).
If the software includes 3rd party components, verify their licensing clearance.
Consider if a code review is warranted. If it's required, it must be performed by a 3rd party: neither acquiree nor acquirer.
Yes, we understand that asides those 3 major tips, there are likely other nuanced scenarios that you may need to consider. If you have any questions about the right security for a software acquisition, please schedule a call using the button below and we'll be happy to get grilled as we try our best to answer all your questions:)