Mergers & Acquisitions: The Sell Blueprint

For IT leaders who want to have a role in the transaction process when their business is engaging in an M&A sale or divestiture.

EXECUTIVE BRIEF

Analyst Perspective

Don’t wait to be invited to the M&A table, make it.

Brittany Lutes
Research Analyst,
CIO Practice
Info-Tech Research Group

Ibrahim Abdel-Kader
Research Analyst,
CIO Practice
Info-Tech Research Group

IT has always been an afterthought in the M&A process, often brought in last minute once the deal is nearly, if not completely, solidified. This is a mistake. When IT is brought into the process late, the business misses opportunities to generate value related to the transaction and has less awareness of critical risks or inaccuracies.

To prevent this mistake, IT leadership needs to develop strong business relationships and gain respect for their innovative suggestions. In fact, when it comes to modern M&A activity, IT should be the ones suggesting potential transactions to meet business needs, specifically when it comes to modernizing the business or adopting digital capabilities.

IT needs to stop waiting to be invited to the acquisition or divestiture table. IT needs to suggest that the table be constructed and actively work toward achieving the strategic objectives of the business.

Executive Summary

Your Challenge

There are four key scenarios or entry points for IT as the selling/divesting organization in M&As:

• IT can suggest a divestiture to meet the business objectives of the organization.
• IT is brought in to strategy plan the sale/divestiture from both the business’ and IT’s perspectives.
• IT participates in due diligence activities and complies with the purchasing organization’s asks.
• IT needs to reactively prepare its environment to enable the separation.

Consider the ideal scenario for your IT organization.

Common Obstacles

Some of the obstacles IT faces include:

• IT is often told about the transaction once the deal has already been solidified and is now forced to meet unrealistic business demands.
• The business does not trust IT and therefore does not approach IT to define value or reduce risks to the transaction process.
• The people and culture element is forgotten or not given adequate priority.

These obstacles often arise when IT waits to be invited into the transaction process and misses critical opportunities.

Info-Tech's Approach

Prepare for a sale/divestiture transaction by:

• Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
• Creating a standard strategy that will enable strong program management.
• Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

Info-Tech Insight

As the number of merger, acquisition, and divestiture transactions continues to increase, so too does IT’s opportunity to leverage the growing digital nature of these transactions and get involved at the onset.

The changing M&A landscape

Businesses will embrace more digital M&A transactions in the post-pandemic world

• When the pandemic occurred, businesses reacted by either pausing (61%) or completely cancelling (46%) deals that were in the mid-transaction state (Deloitte, 2020). The uncertainty made many organizations consider whether the risks would be worth the potential benefits.
• However, many organizations quickly realized the pandemic is not a hindrance to M&A transactions but an opportunity. Over 16,000 American companies were involved in M&A transactions in the first six months of 2021 (The Economist). For reference, this had been averaging around 10,000 per six months from 2016 to 2020.
• In addition to this transaction growth, organizations have increasingly been embracing digital. These trends increase the likelihood that, as an IT leader, you will engage in an M&A transaction. However, it is up to you when you get involved in the transactions.

The total value of transactions in the year after the pandemic started was $1.3 billion – a 93% increase in value compared to before the pandemic. (Nasdaq)

71% of technology companies anticipate that divestitures will take place as a result of the COVID-19 pandemic. (EY, 2020)

Your challenge

IT is often not involved in the M&A transaction process. When it is, it’s often too late.

• The most important driver of an acquisition is the ability to access new technology (DLA Piper), and yet 50% of the time, IT isn’t involved in the M&A transaction at all (IMAA Institute, 2017).
• Additionally, IT’s lack of involvement in the process negatively impacts the business:
  • Most organizations (60%) do not have a standardized approach to integration (Steeves and Associates), let alone separation.
  • Two-thirds of the time, the divesting organization and acquiring organization will either fail together or succeed together (McKinsey, 2015).
  • Less than half (47%) of organizations actually experience the positive results sought by the M&A transaction (Steeves and Associates).
• Organizations pursuing M&A and not involving IT are setting themselves up for failure.

Only half of M&A deals involve IT (Source: IMAA Institute, 2017)

Common Obstacles

These barriers make this challenge difficult to address for many organizations:

• IT is rarely afforded the opportunity to participate in the transaction deal. When IT is invited, this often happens later in the process where separation will be critical to business continuity.
• IT has not had the opportunity to demonstrate that it is a valuable business partner in other business initiatives.
• One of the most critical elements that IT often doesn’t take the time or doesn’t have the time to focus on is the people and leadership component.
• IT waits to be invited to the process rather then actively involving themselves and suggesting how value can be added to the process.

In hindsight, it’s clear to see: Involving IT is just good business.

47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion. (Source: IMAA Institute, 2017)

“Solutions exist that can save well above 50 percent on divestiture costs, while ensuring on-time delivery.” (Source: SNP)

Info-Tech's approach

Acquisitions & Divestitures Framework

Acquisitions and divestitures are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

1. The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
2. Transactions that are driven by digital motivations, requiring IT’s expertise.
3. A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
4. There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.

The business’ view of IT will impact how soon IT can get involved

There are four key entry points for IT

1. Innovator: IT suggests a sale or divestiture to meet the business objectives of the organization.
2. Business Partner: IT is brought in to strategy plan the sale/divestiture from both the business’ and IT’s perspective.
3. Trusted Operator: IT participates in due diligence activities and complies with the purchasing organization’s asks.
4. Firefighter: IT needs to reactively prepare its environment in order to enable the separation.

Merger, acquisition, and divestiture defined

Merger

A merger looks at the equal combination of two entities or organizations. Mergers are rare in the M&A space, as the organizations will combine assets and services in a completely equal 50/50 split. Two organizations may also choose to divest business entities and merge as a new company.

Acquisition

The most common transaction in the M&A space, where an organization will acquire or purchase another organization or entities of another organization. This type of transaction has a clear owner who will be able to make legal decisions regarding the acquired organization.

Divestiture

An organization may decide to sell partial elements of a business to an acquiring organization. They will separate this business entity from the rest of the organization and continue to operate the other components of the business.

Info-Tech Insight

A true merger does not exist, as there is always someone initiating the discussion. As a result, most M&A activity falls into acquisition or divestiture categories.

Selling vs. buying

The M&A process approach differs depending on whether you are the selling or buying organization

This blueprint is only focused on the sell side:

• Examples of sell-related scenarios include:
  • Your organization is selling to another organization with the intent of keeping its regular staff, operations, and location. This could mean minimal separation is required.
  • Your organization is selling to another organization with the intent of separating to be a part of the purchasing organization.
  • Your organization is engaging in a divestiture with the intent of:
    • Separating components to be part of the purchasing organization permanently.
    • Separating components to be part of a spinoff and establish a unit as a standalone new company.
• As the selling organization, you could proactively seek out suitors to purchase all or components of your organization, or you could be approached by an organization.

The buy side is focused on:

• More than two organizations could be involved in a transaction.
• Examples of buy-related scenarios include:
  • Your organization is buying another organization with the intent of having the purchased organization keep its regular staff, operations, and location. This could mean minimal integration is required.
  • Your organization is buying another organization in its entirety with the intent of integrating it into your original company.
  • Your organization is buying components of another organization with the intent of integrating them into your original company.
• As the purchasing organization, you will probably be initiating the purchase and thus will be valuating the selling organization during due diligence and leading the execution plan.

For more information on acquisitions or purchases, check out Info-Tech’s Mergers & Acquisitions: The Buy Blueprint.

Core business timeline

For IT to be valuable in M&As, you need to align your deliverables and your support to the key activities the business and investors are working on.

Info-Tech’s methodology for Selling Organizations in Mergers, Acquisitions, or Divestitures

Metrics for each phase

IT's role in the selling transaction

And IT leaders have a greater likelihood than ever of needing to support a merger, acquisition, or divestiture.

1. Reduced Risk

   IT can identify risks that may go unnoticed when IT is not involved.

2. Increased Accuracy

   The business can make accurate predictions around the costs, timelines, and needs of IT.

3. Faster Integration

   Faster integration means faster value realization for the business.

4. Informed Decision Making

   IT leaders hold critical information that can support the business in moving the transaction forward.

5. Innovation

   IT can suggest new opportunities to generate revenue, optimize processes, or reduce inefficiencies.

The IT executive’s critical role is demonstrated by:

• Reduced Risk

  47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion (IMAA Institute, 2017).

• Increased Accuracy

  Sellers often only provide 15 to 30 days for the acquiring organization to decide (Forbes, 2018), increasing the necessity of accurate pricing.

• Faster Integration

  36% of CIOs have visibility into only business unit data, making the divestment a challenge (EY, 2021).

• Informed Decision Making

  Only 38% of corporate and 22% of private equity firms include IT as a significant aspect in their transaction approach (IMAA Institute, 2017).

• Innovation

  Successful CIOs involved in M&As can spend 70% of their time on aspects outside of IT and 30% of their time on technology and delivery (CIO).

Playbook benefits

IT Benefits

• IT will be seen as an innovative partner to the business, and its suggestions and involvement in the organization will lead to benefits, not hindrances.
• Develop a streamlined method to prepare the IT environment for potential carve-out and separations, ensuring risk management concerns are brought to the business’ attention immediately.
• Create a comprehensive list of items that IT needs to do during the separation that can be prioritized and actioned.

Business Benefits

• The business will get accurate and relevant information about its IT environment in order to sell or divest the company to the highest bidder for a true price.
• Fewer business interruptions will happen, because IT can accurately plan for and execute the high-priority separation tasks.
• The business can obtain a high-value offer for the components of IT being sold and can measure the ongoing value the sale will bring.

Insight summary

Overarching Insight

IT controls if and when it gets invited to support the business through a purchasing growth transaction. Take control of the process, demonstrate the value of IT, and ensure that separation of IT environments does not lead to unnecessary and costly decisions.

Proactive Insight

CIOs on the forefront of digital transformation need to actively look for and suggest opportunities to acquire or partner on new digital capabilities to respond to rapidly changing business needs.

Discovery & Strategy Insight

IT organizations that have an effective M&A program plan are more prepared for the transaction, enabling a successful outcome. A structured strategy is particularly necessary for organizations expected to deliver M&As rapidly and frequently.

Due Diligence & Preparation Insight

IT often faces unnecessary separation challenges because of a lack of preparation. Secure the IT environment and establish how IT will retain employees early in the transaction process.

Execution & Value Realization Insight

IT needs to demonstrate value and cost savings within 100 days of the transaction. The most successful transactions are when IT continuously realizes synergies a year after the transaction and beyond.

Blueprint deliverables

Key Deliverable: M&A Sell Playbook

The M&A Sell Playbook should be a reusable document that enables your IT organization to successfully deliver on any divestiture transaction.

M&A Sell One-Pager

See a one-page overview of each phase of the transaction.

M&A Sell Case Studies

Read a one-page case study for each phase of the transaction.

M&A Separation Project Management Tool (SharePoint)

Manage the separation process of the divestiture/sale using this SharePoint template.

M&A Separation Project Management Tool (Excel)

Manage the separation process of the divestiture/sale using this Excel tool if you can’t or don’t want to use SharePoint.

Info-Tech offers various levels of support to best suit your needs

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between 6 to 10 calls over the course of 2 to 4 months.

Proactive Phase

• Call #1: Scope requirements, objectives, and your specific challenges.

Discovery & Strategy Phase

• Call #2: Determine stakeholders and business perspectives on IT.
• Call #3: Identify how M&A could support business strategy and how to communicate.

Due Diligence & Preparation Phase

• Call #4: Establish a transaction team and divestiture/sale strategic direction.
• Call #5: Create program metrics and identify a standard separation strategy.
• Call #6: Prepare to carve out the IT environment.
• Call #7: Identify the separation program plan.

Execution & Value Realization Phase

• Call #8: Establish employee transitions to retain key staff.
• Call #9: Assess IT’s ability to deliver on the divestiture/sale transaction.

The Sell Blueprint

Phase 1

Proactive

This phase will walk you through the following activities:

• Conduct the CEO-CIO Alignment diagnostic
• Conduct the CIO Business Vision diagnostic
• Visualize relationships among stakeholders to identify key influencers
• Group stakeholders into categories
• Prioritize your stakeholders
• Plan to communicate
• Valuate IT
• Assess the IT/digital strategy
• Determine pain points and opportunities
• Align goals to opportunities
• Recommend reduction opportunities

This phase involves the following participants:

• IT and business leadership

What is the Proactive phase?

Embracing the digital drivers

As the number of merger, acquisition, or divestiture transactions driven by digital means continues to increase, IT has an opportunity to not just be involved in a transaction but actively seek out potential deals.

In the Proactive phase, the business is not currently considering a transaction. However, the business could consider one to reach its strategic goals. IT organizations that have developed respected relationships with the business leaders can suggest these potential transactions.

Understand the business’ perspective of IT, determine who the critical M&A stakeholders are, valuate the IT environment, and examine how it supports the business goals in order to suggest an M&A transaction.

In doing so, IT isn’t waiting to be invited to the transaction table – it’s creating it.

Goal: To support the organization in reaching its strategic goals by suggesting M&A activities that will enable the organization to reach its objectives faster and with greater-value outcomes.

Proactive Prerequisite Checklist

Before coming into the Proactive phase, you should have addressed the following:

• Understand what mergers, acquisitions, and divestitures are.
• Understand what mergers, acquisitions, and divestitures mean for the business.
• Understand what mergers, acquisitions, and divestitures mean for IT.

Review the Executive Brief for more information on mergers, acquisitions, and divestitures for selling organizations.

Proactive

Step 1.1

Identify M&A Stakeholders and Their Perspective of IT

Activities

• 1.1.1 Conduct the CEO-CIO Alignment diagnostic
• 1.1.2 Conduct the CIO Business Vision diagnostic
• 1.1.3 Visualize relationships among stakeholders to identify key influencers
• 1.1.4 Group stakeholders into categories
• 1.1.5 Prioritize your stakeholders
• 1.16 Plan to communicate

This step involves the following participants:

• IT executive leader
• IT leadership
• Critical M&A stakeholders

Outcomes of Step

Understand how the business perceives IT and establish strong relationships with critical M&A stakeholders.

Business executives' perspectives of IT

Leverage diagnostics and gain alignment on IT’s role in the organization

• To suggest or get involved with a merger, acquisition, or divestiture, the IT executive leader needs to be well respected by other members of the executive leadership team and the business.
• Specifically, the Proactive phase relies on the IT organization being viewed as an Innovator within the business.
• Identify how the CEO/business executive currently views IT and where they would like IT to move within the Maturity Ladder.
• Additionally, understand how other critical department leaders view IT and how they view the partnership with IT.

Misalignment in target state requires further communication between the CIO and CEO to ensure IT is striving toward an agreed-upon direction.

Info-Tech’s CIO Business Vision (CIO BV) diagnostic measures a variety of high-value metrics to provide a well-rounded understanding of stakeholder satisfaction with IT.

Business Satisfaction and Importance for Core Services

The core services of IT are important when determining what IT should focus on. The most important services with the lowest satisfaction offer the largest area of improvement for IT to drive business value.

1.1.1 Conduct the CEO-CIO Alignment diagnostic

Input: IT organization expertise and the CEO-CIO Alignment diagnostic

Output: An understanding of an executive business stakeholder’s perception of IT

Materials: M&A Sell Playbook, CEO-CIO Alignment diagnostic

Participants: IT executive/CIO, Business executive/CEO

1. The CEO-CIO Alignment diagnostic can be a powerful input. Speak with your Info-Tech account representative to conduct the diagnostic. Use the results to inform current IT capabilities.
2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret and draw conclusions from the results.
3. Examine the results of the survey and note where there might be specific capabilities that could be improved.
4. Determine whether there are any areas of significant disagreement between the you and the CEO. Mark down those areas for further conversations. Additionally, take note of areas that could be leveraged to support transactions or support your rationale in recommending transactions.

Download the sample report.

Record the results in the M&A Sell Playbook.

1.1.2 Conduct the CIO Business Vision diagnostic

2 weeks

Input: IT organization expertise, CIO BV diagnostic

Output: An understanding of business stakeholder perception of certain IT capabilities and services

Materials: M&A Buy Playbook, CIO Business Vision diagnostic

Participants: IT executive/CIO, Senior business leaders

1. The CIO Business Vision (CIO BV) diagnostic can be a powerful tool for identifying IT capability focus areas. Speak with your account representative to conduct the CIO BV diagnostic. Use the results to inform current IT capabilities.
2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret the results and draw conclusions from the diagnostic.
3. Examine the results of the survey and take note of any IT services that have low scores.
4. Read through the diagnostic comments and note any common themes. Especially note which stakeholders identified they have a favorable relationship with IT and which stakeholders identified they have an unfavorable relationship. For those who have an unfavorable relationship, identify if they will have a critical role in a growth transaction.

Download the sample report.

Record the results in the M&A Sell Playbook.

Create a stakeholder network map for M&A transactions

Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

Example:

Legend
• Black arrows indicate the direction of professional influence
• Dashed green arrows indicate bidirectional, informal influence relationships

Info-Tech Insight

Your stakeholder map defines the influence landscape that the M&A transaction will occur within. This will identify who holds various levels of accountability and decision-making authority when a transaction does take place.

Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantial relationships with your stakeholders.

1.1.3 Visualize relationships among stakeholders to identify key influencers

1-3 hours

Input: List of M&A stakeholders

Output: Relationships among M&A stakeholders and influencers

Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

Participants: IT executive leadership

1. The purpose of this activity is to list all the stakeholders within your organization that will have a direct or indirect impact on the M&A transaction.
2. Determine the critical stakeholders, and then determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
4. Construct a diagram linking stakeholders and their influencers together.
   • Use black arrows to indicate the direction of professional influence.
   • Use dashed green arrows to indicate bidirectional, informal influence relationships.

Record the results in the M&A Sell Playbook.

Categorize your stakeholders with a prioritization map

A stakeholder prioritization map helps IT leaders categorize their stakeholders by their level of influence and ownership in the merger, acquisition, or divestiture process.

There are four areas in the map, and the stakeholders within each area should be treated differently.

Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.

Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.

Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.

Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

1.1.4 Group stakeholders into categories

30 minutes

Input: Stakeholder map, Stakeholder list

Output: Categorization of stakeholders and influencers

Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

Participants: IT executive leadership, Stakeholders

1. Identify your stakeholders’ interest in and influence on the M&A process as high, medium, or low by rating the attributes below.
2. Map your results to the model to the right to determine each stakeholder’s category.

Level of Influence

• Power: Ability of a stakeholder to effect change.
• Urgency: Degree of immediacy demanded.
• Legitimacy: Perceived validity of stakeholder’s claim.
• Volume: How loud their “voice” is or could become.
• Contribution: What they have that is of value to you.

Level of Interest

How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

Record the results in the M&A Sell Playbook.

Prioritize your stakeholders

There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by answering the following question: How significant is that stakeholder to the M&A or divestiture process?

These parameters are used to prioritize which stakeholders are most important and should receive your focused attention.

1.1.5 Prioritize your stakeholders

30 minutes

Input: Stakeholder matrix

Output: Stakeholder and influencer prioritization

Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

Participants: IT executive leadership, M&A/divestiture stakeholders

1. Identify the level of support of each stakeholder by answering the following question: How significant is that stakeholder to the M&A transaction process?
2. Prioritize your stakeholders using the prioritization scheme on the previous slide.

Record the results in the M&A Sell Playbook.

Define strategies for engaging stakeholders by type

Info-Tech Insight

Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying stakeholder groups, the IT executive leader can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of Mediators and Players are met.

1.1.6 Plan to communicate

30 minutes

Input: Stakeholder priority, Stakeholder categorization, Stakeholder influence

Output: Stakeholder communication plan

Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

Participants: IT executive leadership, M&A/divestiture stakeholders

The purpose of this activity is to make a communication plan for each of the stakeholders identified in the previous activities, especially those who will have a critical role in the M&A transaction process.

1. In the M&A Sell Playbook, input the type of influence each stakeholder has on IT, how they would be categorized in the M&A process, and their level of priority. Use this information to create a communication plan.
2. Determine the methods and frequency of communication to keep the necessary stakeholder satisfied and maintain or enhance IT’s profile within the organization.

Record the results in the M&A Sell Playbook.

Proactive

Step 1.2

Assess IT’s Current Value and Method to Achieve a Future State

Activities

• 1.2.1 Valuate IT
• 1.2.2 Assess the IT/digital strategy

This step involves the following participants:

• IT executive leader
• IT leadership
• Critical stakeholders to M&A

Outcomes of Step

Identify critical opportunities to optimize IT and meet strategic business goals through a merger, acquisition, or divestiture.

How to valuate your IT environment

And why it matters so much

• Valuating your current organization’s IT environment is a critical step that all IT organizations should take, whether involved in an M&A or not, to fully understand what it might be worth.
• The business investments in IT can be directly translated into a value amount. For every $1 invested in IT, the business might be gaining $100 in value back or possibly even loosing $100.
• Determining, documenting, and communicating this information ensures that the business takes IT’s suggestions seriously and recognizes why investing in IT is so critical.
• There are three ways a business or asset can be valuated:
  • Cost Approach: Look at the costs associated with building, purchasing, replacing, and maintaining a given aspect of the business.
  • Market Approach: Look at the relative value of a particular aspect of the business. Relative value can fluctuate and depends on what the markets and consequently society believe that particular element is worth.
  • Discounted Cash Flow Approach: Focus on what the potential value of the business could be or the intrinsic value anticipated due to future profitability.
(Source: “Valuation Methods,” Corporate Finance Institute)

Four ways to create value through digital

1. Reduced costs
2. Improved customer experience
3. New revenue sources
4. Better decision making
(Source: McKinsey & Company)

1.2.1 Valuate IT

1 day

Input: Valuation of data, Valuation of applications, Valuation of infrastructure and operations, Valuation of security and risk

Output: Valuation of IT

Materials: Relevant templates/tools listed on the following slides, Capital budget, Operating budget, M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership

The purpose of this activity is to demonstrate that IT is not simply an operational functional area that diminishes business resources. Rather, IT contributes significant value to the business.

1. Review each of the following slides to valuate IT’s data, applications, infrastructure and operations, and security and risk. These valuations consider several tangible and intangible factors and result in a final dollar amount.
2. Input the financial amounts identified for each critical area into a summary slide. Use this information to determine where IT is delivering value to the organization.

Info-Tech Insight

Consistency is key when valuating your IT organization as well as other IT organizations throughout the transaction process.

Record the results in the M&A Sell Playbook.

Data valuation

Data valuation identifies how you monetize the information that your organization owns.

Create a data value chain for your organization

When valuating the information and data that exists in an organization, there are many things to consider.

Info-Tech has two tools that can support this process:

1. Information Asset Audit Tool: Use this tool first to take inventory of the different information assets that exist in your organization.
2. Data Valuation Tool: Once information assets have been accounted for, valuate the data that exists within those information assets.

Instructions

1. Using the Data Valuation Tool, start gathering information based on the eight steps above to understand your organization’s journey from data to value.
2. Identify the data value spectrum. (For example: customer sales service, citizen licensing service, etc.)
3. Fill out the columns for data sources, data collection, and data first.
4. Capture data analysis and related information.
5. Then capture the value in data.
6. Add value dimensions such as usage, quality, and economic dimensions.
   • Remember that economic value is not the only dimension, and usage/quality has a significant impact on economic value.
7. Collect evidence to justify your data valuation calculator (market research, internal metrics, etc.).
8. Finally, calculate the value that has a direct correlation with underlying value metrics.

Application valuation

Calculate the value of your IT applications

When valuating the applications and their users in an organization, consider using a business process map. This shows how business is transacted in the company by identifying which IT applications support these processes and which business groups have access to them. Info-Tech has a business process mapping tool that can support this process:

• Enterprise Integration Process Mapping Tool: Complete this tool first to map the different business processes to the supporting applications in your organization.

Instructions

1. Start by calculating user costs. This is the multiplication of: (# of users) × (% of time spent using IT) × (fully burdened salary).
2. Identify the revenue per employee and divide that by the average cost per employee to calculate the derived productivity ratio (DPR).
3. Once you have calculated the user costs and DPR, multiply those total values together to get the application value.

User Costs			Total User Costs	Derived Productivity Ratio (DPR)		Total DPR	Application Value
# of users	% time spent using IT	Fully burdened salary	Multiply values from the 3 user costs columns	Revenue per employee	Average cost per employee	(Revenue P.E) ÷ (Average cost P.E)	(User costs) X (DPR)



4. Once the total application value is established, calculate the combined IT and business costs of delivering that value. IT and business costs include inflexibility (application maintenance), unavailability (downtime costs, including disaster exposure), IT costs (common costs statistically allocated to applications), and fully loaded cost of active (full-time equivalent [FTE]) users.
5. Calculate the net value of applications by subtracting the total IT and business costs from the total application value calculated in step 3.

IT and Business Costs				Total IT and Business Costs	Net Value of Applications
Application maintenance	Downtime costs (include disaster exposure)	Common costs allocated to applications	Fully loaded costs of active (FTE) users	Sum of values from the four IT and business costs columns	(Application value) – (IT and business costs)

(Source: CSO)

Infrastructure valuation

Assess the foundational elements of the business’ information technology

The purpose of this exercise is to provide a high-level infrastructure valuation that will contribute to valuating your IT environment.

Calculating the value of the infrastructure will require different methods depending on the environment. For example, a fully cloud-hosted organization will have different costs than a fully on-premises IT environment.

Instructions:

1. Start by listing all of the infrastructure-related items that are relevant to your organization.
2. Once you have finalized your items column, identify the total costs/value of each item.
   • For example, total software costs would include servers and storage.
3. Calculate the total cost/value of your IT infrastructure by adding all of values in the right column.

For additional support, download the M&A Runbook for Infrastructure and Operations.

Risk and security

Assess risk responses and calculate residual risk

The purpose of this exercise is to provide a high-level risk assessment that will contribute to valuating your IT environment. For a more in-depth risk assessment, please refer to the Info-Tech tools below:

1. Risk Register Tool
2. Security M&A Due Diligence Tool

Instructions

1. Review the probability and impact scales below and ensure you have the appropriate criteria that align to your organization before you conduct a risk assessment.
2. Identify the probability of occurrence and estimated financial impact for each risk category detail and fill out the table on the right. Customize the table as needed so it aligns to your organization.

Probability of Risk Occurrence	Occurrence Criteria (Classification; Probability of Risk Event Within One Year)
Negligible	Very Unlikely; ‹20%
Very Low	Unlikely; 20 to 40%
Low	Possible; 40 to 60%
Moderately Low	Likely; 60 to 80%
Moderate	Almost Certain; ›80%

Note: If needed, you can customize this scale with the severity designations that you prefer. However, make sure you are always consistent with it when conducting a risk assessment.

1.2.2 Assess the IT/digital strategy

4 hours

Input: IT strategy, Digital strategy, Business strategy

Output: An understanding of an executive business stakeholder’s perception of IT, Alignment of IT/digital strategy and overall organization strategy

Materials: Computer, Whiteboard and markers, M&A Sell Playbook

Participants: IT executive/CIO, Business executive/CEO

The purpose of this activity is to review the business and IT strategies that exist to determine if there are critical capabilities that are not being supported.

Ideally, the IT and digital strategies would have been created following development of the business strategy. However, sometimes the business strategy does not directly call out the capabilities it requires IT to support.

1. On the left half of the corresponding slide in the M&A Sell Playbook, document the business goals, initiatives, and capabilities. Input this information from the business or digital strategies. (If more space for goals, initiatives, or capabilities is needed, duplicate the slide).
2. On the other half of the slide, document the IT goals, initiatives, and capabilities. Input this information from the IT strategy and digital strategy.

For additional support, see Build a Business-Aligned IT Strategy.

Record the results in the M&A Sell Playbook.

Proactive

Step 1.3

Drive Innovation and Suggest Growth Opportunities

Activities

• 1.3.1 Determine pain points and opportunities
• 1.3.2 Align goals with opportunities
• 1.3.3 Recommend reduction opportunities

This step involves the following participants:

• IT executive leader
• IT leadership
• Critical M&A stakeholders

Outcomes of Step

Establish strong relationships with critical M&A stakeholders and position IT as an innovative business partner that can suggest reduction opportunities.

1.3.1 Determine pain points and opportunities

1-2 hours

Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade

Output: List of pain points or opportunities that IT can address

Materials: Computer, Whiteboard and markers, M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Business stakeholders

The purpose of this activity is to determine the pain points and opportunities that exist for the organization. These can be external or internal to the organization.

1. Identify what opportunities exist for your organization. Opportunities are the potential positives that the organization would want to leverage.
2. Next, identify pain points, which are the potential negatives that the organization would want to alleviate.
3. Spend time considering all the options that might exist, and keep in mind what has been identified previously.

Opportunities and pain points can be trends, other departments’ initiatives, business perspectives of IT, etc.

Record the results in the M&A Sell Playbook.

1.3.2 Align goals with opportunities

1-2 hours

Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade, List of pain points and opportunities

Output: An understanding of an executive business stakeholder’s perception of IT, Foundations for reduction strategy

Materials: Computer, Whiteboard and markers, M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Business stakeholders

The purpose of this activity is to determine whether a growth or separation strategy might be a good suggestion to the business in order to meet its business objectives.

1. For the top three to five business goals, consider:
   1. Underlying drivers
   2. Digital opportunities
   3. Whether a growth or reduction strategy is the solution
2. Just because a growth or reduction strategy is a solution for a business goal does not necessarily indicate M&A is the way to go. However, it is important to consider before you pursue suggesting M&A.

Record the results in the M&A Sell Playbook.

1.3.3 Recommend reduction opportunities

1-2 hours

Input: Growth or separation strategy opportunities to support business goals, Stakeholder communication plan, Rationale for the suggestion

Output: M&A transaction opportunities suggested

Materials: M&A Sell Playbook

Participants: IT executive/CIO, Business executive/CEO

The purpose of this activity is to recommend a merger, acquisition, or divestiture to the business.

1. Identify which of the business goals the transaction would help solve and why IT is the one to suggest such a goal.
2. Leverage the stakeholder communication plan identified previously to give insight into stakeholders who would have a significant level of interest, influence, or support in the process.

Info-Tech Insight

With technology and digital driving many transactions, leverage your organizations’ IT environment as an asset and reason why the divestiture or sale should happen, suggesting the opportunity yourself.

Record the results in the M&A Sell Playbook.

By the end of this Proactive phase, you should:

Be prepared to suggest M&A opportunities to support your company’s goals through sale or divestiture transactions

Key outcome from the Proactive phase

Develop progressive relationships and strong communication with key stakeholders to suggest or be aware of transformational opportunities that can be achieved through sale or divestiture strategies.

Key deliverables from the Proactive phase

• Business perspective of IT examined
• Key stakeholders identified and relationship to the M&A process outlined
• Ability to valuate the IT environment and communicate IT’s value to the business
• Assessment of the business, digital, and IT strategies and how M&As could support those strategies
• Pain points and opportunities that could be alleviated or supported through an M&A transaction
• Sale or divestiture recommendations

The Sell Blueprint

Phase 2

Discovery & Strategy

This phase will walk you through the following activities:

• Create the mission and vision
• Identify the guiding principles
• Create the future-state operating model
• Determine the transition team
• Document the M&A governance
• Create program metrics
• Establish the separation strategy
• Conduct a RACI
• Create the communication plan
• Assess the potential organization(s)

This phase involves the following participants:

• IT executive/CIO
• IT senior leadership
• Company M&A team

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

What is the Discovery & Strategy phase?

Pre-transaction state

The Discovery & Strategy phase during a sale or divestiture is a unique opportunity for many IT organizations. IT organizations that can participate in the transaction at this stage are likely considered a strategic partner of the business.

For one-off sales/divestitures, IT being invited during this stage of the process is rare. However, for organizations that are preparing to engage in many divestitures over the coming years, this type of strategy will greatly benefit from IT involvement. Again, the likelihood of participating in an M&A transaction is increasing, making it a smart IT leadership decision to, at the very least, loosely prepare a program plan that can act as a strategic pillar throughout the transaction.

During this phase of the pre-transaction state, IT may be asked to participate in ensuring that the IT environment is able to quickly and easily carve out components/business lines and deliver on service-level agreements (SLAs).

Goal: To identify a repeatable program plan that IT can leverage when selling or divesting all or parts of the current IT environment, ensuring customer satisfaction and business continuity

Discovery & Strategy Prerequisite Checklist

Before coming into the Discovery & Strategy phase, you should have addressed the following:

• Understand the business perspective of IT.
• Know the key stakeholders and have outlined their relationship to the M&A process.
• Be able to valuate the IT environment and communicate IT's value to the business.
• Understand the rationale for the company's decision to pursue a sale or divestiture and the opportunities or pain points the sale should address.

Discovery & Strategy

Step 2.1

Establish the M&A Program Plan

Activities

• 2.1.1 Create the mission and vision
• 2.1.2 Identify the guiding principles
• 2.1.3 Create the future-state operating model
• 2.1.4 Determine the transition team
• 2.1.5 Document the M&A governance
• 2.1.6 Create program metrics

This step involves the following participants:

• IT executive/CIO
• IT senior leadership
• Company M&A team

Outcomes of Step

Establish an M&A program plan that can be repeated across sales/divestitures.

The vision and mission statements clearly articulate IT’s aspirations and purpose

The IT vision statement communicates a desired future state of the IT organization, whereas the IT mission statement portrays the organization’s reason for being. While each serves its own purpose, they should both be derived from the business context implications for IT.

2.1.1 Create the mission and vision statements

2 hours

Input: Business objectives, IT capabilities, Rationale for the transaction

Output: IT’s mission and vision statements for reduction strategies tied to mergers, acquisitions, and divestitures

Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to create mission and vision statements that reflect IT’s intent and method to support the organization as it pursues a reduction strategy.

1. Review the definitions and characteristics of mission and vision statements.
2. Brainstorm different versions of the mission and vision statements.
3. Edit the statements until you get to a single version of each that accurately reflects IT’s role in the reduction process.

Record the results in the M&A Sell Playbook.

Guiding principles provide a sense of direction

IT guiding principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting IT investment portfolio management, solution development, and procurement decisions.

IT principles must be carefully constructed to make sure they are adhered to and relevant

Info-Tech has identified a set of characteristics that IT principles should possess. These characteristics ensure the IT principles are relevant and followed in the organization.

Approach focused. IT principles should be focused on the approach – how the organization is built, transformed, and operated – as opposed to what needs to be built, which is defined by both functional and non-functional requirements.

Business relevant. Create IT principles that are specific to the organization. Tie IT principles to the organization’s priorities and strategic aspirations.

Long lasting. Build IT principles that will withstand the test of time.

Prescriptive. Inform and direct decision making with actionable IT principles. Avoid truisms, general statements, and observations.

Verifiable. If compliance can’t be verified, people are less likely to follow the principle.

Easily Digestible. IT principles must be clearly understood by everyone in IT and by business stakeholders. IT principles aren’t a secret manuscript of the IT team. IT principles should be succinct; wordy principles are hard to understand and remember.

Followed. Successful IT principles represent a collection of beliefs shared among enterprise stakeholders. IT principles must be continuously communicated to all stakeholders to achieve and maintain buy-in.

In organizations where formal policy enforcement works well, IT principles should be enforced through appropriate governance processes.

Consider the example principles below

2.1.2 Identify the guiding principles

2 hours

Input: Business objectives, IT capabilities, Rationale for the transaction, Mission and vision statements

Output: IT’s guiding principles for reduction strategies tied to mergers, acquisitions, and divestitures

Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to create the guiding principles that will direct the IT organization throughout the reduction strategy process.

1. Review the role of guiding principles and the examples of guiding principles that organizations have used.
2. Brainstorm different versions of the guiding principles. Each guiding principle should start with the phrase “We will…”
3. Edit and consolidate the statements until you have a list of approximately eight to ten statements that accurately reflect IT’s role in the reduction process.
4. Review the guiding principles every six months to ensure they continue to support the delivery of the business’ reduction strategy goals.

Record the results in the M&A Sell Playbook.

Create two IT teams to support the transaction

IT M&A Transaction Team

• The IT M&A Transaction Team should consist of the strongest members of the IT team who can be expected to deliver on unusual or additional tasks not asked of them in normal day-to-day operations.
• The roles selected for this team will have very specific skills sets or deliver on critical separation capabilities, making their involvement in the combination of two or more IT environments paramount.
• These individuals need to have a history of proving themselves very trustworthy, as they will likely be required to sign an NDA as well.
• Expect to have to certain duplicate capabilities or roles across the M&A Team and Operational Team.

IT Operational Team

• This group is responsible for ensuring the business operations continue.
• These employees might be those who are newer to the organization but can be counted on to deliver consistent IT services and products.
• The roles of this team should ensure that end users or external customers remain satisfied.

Key capabilities to support M&A

Consider the following capabilities when looking at who should be a part of the IT Transaction Team.

Employees who have a significant role in ensuring that these capabilities are being delivered will be a top priority.

Infrastructure & Operations

• System Separation
• Data Management
• Helpdesk/Desktop Support
• Cloud/Server Management

Business Focus

• Service-Level Management
• Enterprise Architecture
• Stakeholder Management
• Project Management

Risk & Security

• Privacy Management
• Security Management
• Risk & Compliance Management

Build a lasting and scalable operating model

An operating model is an abstract visualization, used like an architect’s blueprint, that depicts how structures and resources are aligned and integrated to deliver on the organization’s strategy.

It ensures consistency of all elements in the organizational structure through a clear and coherent blueprint before embarking on detailed organizational design.

The visual should highlight which capabilities are critical to attaining strategic goals and clearly show the flow of work so that key stakeholders can understand where inputs flow in and outputs flow out of the IT organization.

As you assess the current operating model, consider the following:

• Does the operating model contain all the necessary capabilities your IT organization requires to be successful?
• What capabilities should be duplicated?
• Are there individuals with the skill set to support those roles? If not, is there a plan to acquire or develop those skills?
• A dedicated project team strictly focused on M&A is great. However, is it feasible for your organization? If not, what blockers exist?

Info-Tech Insight

Investing time up-front getting the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and allowing your model to change as the business changes.

2.1.3 Create the future-state operating model

4 hours

Input: Current operating model, IT strategy, IT capabilities, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

Output: Future-state operating model for divesting organizations

Materials: Operating model, Capability overlay, Flip charts/whiteboard, Markers, M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to establish what the future-state operating model will be if your organization needs to adjust to support a divestiture transaction. If your organization plans to sell in its entirety, you may choose to skip this activity.

1. Ensuring that all the IT capabilities are identified by the business and IT strategy, document your organization’s current operating model.
2. Identify what core capabilities would be critical to the divesting transaction process and separation. Highlight and make copies of those capabilities in the M&A Sell Playbook. As a result of divesting, there may also be capabilities that will become irrelevant in your future state.
3. Ensure the capabilities that will be decentralized are clearly identified. Decentralized capabilities do not exist within the central IT organization but rather in specific lines of businesses, products, or locations to better understand needs and deliver on the capability.

An example operating model is included in the M&A Sell Playbook. This process benefits from strong reference architecture and capability mapping ahead of time.

Record the results in the M&A Sell Playbook.

2.1.4 Determine the transition team

Input: IT capabilities, Future-state operating model, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

Output: Transition team

Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to create a team that will support your IT organization throughout the transaction. Determining which capabilities and therefore which roles will be required ensures that the business will continue to get the operational support it needs.

1. Based on the outcome of activity 2.1.3, review the capabilities that your organization will require on the transition team. Group capabilities into functional groups containing capabilities that are aligned well with one another because they have similar responsibilities and functionalities.
2. Replace the capabilities with roles. For example, stakeholder management, requirements gathering, and project management might be one functional group. Project management and stakeholder management might combine to create a project manager role.
3. Review the examples in the M&A Sell Playbook and identify which roles will be a part of the transition team.

For more information, see Redesign Your Organizational Structure

What is governance?

And why does it matter so much to IT and the M&A process?

• Governance is the method in which decisions get made, specifically as they impact various resources (time, money, and people).
• Because M&A is such a highly governed transaction, it is important to document the governance bodies that exist in your organization.
• This will give insight into what types of governing bodies there are, what decisions they make, and how that will impact IT.
• For example, funds to support separation need to be discussed, approved, and supplied to IT from a governing body overseeing the acquisition.
• A highly mature IT organization will have automated governance, while a seemingly non-existent governance process will be considered ad hoc.

2.1.5 Document M&A governance

1-2 hours

Input: List of governing bodies, Governing body committee profiles, Governance structure

Output: Documented method on how decisions are made as it relates to the M&A transaction

Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to determine the method in which decisions are made throughout the M&A transaction as it relates to IT. This will require understanding both governing bodies internal to IT and those external to IT.

1. First, determine the other governance structures within the organization that will impact the decisions made about M&A. List out these bodies or committees.
2. Create a profile for each committee that looks at the membership, purpose of the committee, decision areas (authority), and the process of inputs and outputs. Ensure IT committees that will have a role in this process are also documented. Consider the benefits realized, risks, and resources required for each.
3. Organize the committees into a structure, identifying the committees that have a role in defining the strategy, designing and building, and running.

Record the results in the M&A Sell Playbook.

Current-state structure map – definitions of tiers

Strategy: These groups will focus on decisions that directly connect to the strategic direction of the organization.

Design & Build: The second tier of groups will oversee prioritization of a certain area of governance as well as design and build decisions that feed into strategic decisions.

Run: The lowest level of governance will be oversight of more-specific initiatives and capabilities within IT.

Expect tier overlap. Some committees will operate in areas that cover two or three of these governance tiers.

Measure the IT program’s success in terms of its ability to support the business’ M&A goals

Upper management will measure IT’s success based on your ability to support the underlying reasons for the M&A. Using business metrics will help assure business stakeholders that IT understands their needs and is working with the business to achieve them.

Business-Specific Metrics

• Revenue Growth: Increase in the top line as seen by market expansion, product expansion, etc. by percentage/time.
• Synergy Extraction: Reduction in costs as determined by the ability to identify and eliminate redundancies over time.
• Profit Margin Growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs over time.

IT-Specific Metrics

• IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure over time.
• Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
• Meeting or improving on IT budget estimates: Delivering successful IT separation on a budget that is the same or lower than the budget estimated during due diligence.
• Meeting or improving on IT time-to-separation estimates: Delivering successful IT carve-out on a timeline that is the same or shorter than the timeline estimated during due diligence.
• Business capability support: Delivering the end state of IT that supports the expected business capabilities and growth.

Establish your own metrics to gauge the success of IT

Establish SMART M&A Success Metrics

• What should IT consider when looking to identify potential additions, deletions, or modifications that will either add value to the organization or reduce costs/risks?
• Provide a definition of synergies.
• IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure.
• Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
• Meeting or improving on IT budget estimates: Delivering successful IT separation on a budget that is the same or lower than the budget estimated during due diligence.
• Meeting or improving on IT time-to-separation estimates: Delivering successful IT carve-out on a timeline that is the same or shorter than the timeline estimated during due diligence.
• Revenue growth: Increase in the top line as a result, as seen by market expansion, product expansion, etc., as a result of divesting lines of the business and selling service-level agreements to the purchasing organization.
• Synergy extraction: Reduction in costs, as determined by the ability to identify and eliminate redundancies.
• Profit margin growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs.

Metrics for each phase

2.1.6 Create program metrics

1-2 hours

Input: IT capabilities, Mission, vision, and guiding principles, Rationale for the acquisition

Output: Program metrics to support IT throughout the M&A process

Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to determine how IT’s success throughout a growth transaction will be measured and determined.

1. Document a list of appropriate metrics on the whiteboard. Remember to include metrics that demonstrate the business impact. You can use the sample metrics listed on the previous slide as a starting point.
2. Set a target and deadline for each metric. This will help the group determine when it is time to evaluate progression.
3. Establish a baseline for each metric based on information collected within your organization.
4. Assign an owner for tracking each metric as well as someone to be accountable for performance.

Record the results in the M&A Sell Playbook.

Discovery & Strategy

Step 2.2

Prepare IT to Engage in the Separation or Sale

Activities

• 2.2.1 Establish the separation strategy
• 2.2.2 Conduct a RACI
• 2.2.3 Create the communication plan
• 2.2.4 Assess the potential organization(s)

This step involves the following participants:

• IT executive/CIO
• IT senior leadership
• Company M&A team

Outcomes of Step

Identify IT’s plan of action when it comes to the separation/sale and align IT’s separation/sale strategy with the business’ M&A strategy.

Separation strategies

There are several IT separation strategies that will let you achieve your target technology environment.

IT Separation Strategies

• Divest. Carve out elements of the IT organization and sell them to a purchasing organization with or without a service-level agreement.
• Sell. Sell the entire IT environment to a purchasing organization. The purchasing organization takes full responsibility in delivering and running the IT environment.
• Spin-Off Joint Venture. Carve out elements of the IT organization and combine them with elements of a new or purchasing organization to create a new entity.

The approach IT takes will depend on the business objectives for the M&A.

• Generally speaking, the separation strategy is well understood and influenced by the frequency of and rationale for selling.
• Based on the initiatives generated by each business process owner, you need to determine the IT separation strategy that will best support the desired target technology environment, especially if you are still operating or servicing elements of that IT environment.

Key considerations when choosing an IT separation strategy include:

• What are the main business objectives of the M&A?
• What are the key synergies expected from the transaction?
• What IT separation strategy best helps obtain these benefits?
• What opportunities exist to position the business for sustainable and long-term growth?

Separation strategies in detail

Review highlights and drawbacks of different separation strategies

Divest

Highlights
• Recommended for businesses striving to reduce costs and potentially even generate revenue for the business through the delivery of SLAs.
• Opportunity to reduce or scale back on lines of business or products that are not driving profits.

Drawbacks
• May be forced to give up critical staff that have been known to deliver high value.
• The IT department is left to deliver services to the purchasing organization with little support or consideration from the business.
• There can be increased risk and security concerns that need to be addressed.

Sell

Highlights
• Recommended for businesses looking to gain capital to exit the market profitably or to enter a new market with a large sum of capital.
• The business will no longer exist, and as a result all operational costs, including IT, will become redundant.

Drawbacks
• IT is no longer needed as an operating or capital service for the organization.
• Lost resources, including highly trained and critical staff.
• May require packaging employees off and using the profit or capital generated to cover any closing costs.

Spin-Off or Joint Venture

Highlights
• Recommended for businesses looking to expand their market presence or acquire new products. Essentially aligning the two organizations in the same market.
• Each side has a unique offering but complementing capabilities.

Drawbacks
• As much as the organization is going through a separation from the original company, it will be going through an integration with the new company.
• There could be differences in culture.
• This could require a large amount of investment without a guarantee of profit or success.

2.2.1 Establish the separation strategy

1-2 hours

Input: Business separation strategy, Guiding principles, M&A governance

Output: IT’s separation strategy

Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to determine IT’s approach to separating or selling. This approach might differ slightly from transaction to transaction. However, the businesses approach to transactions should give insight into the general separation strategy IT should adopt.

1. Make sure you have clearly articulated the business objectives for the M&A, the technology end state for IT, and the magnitude of the overall separation.
2. Review and discuss the highlights and drawbacks of each type of separation.
3. Use Info-Tech’s Separation Posture Selection Framework on the next slide to select the separation posture that will appropriately enable the business. Consider these questions during your discussion:
   1. What are the main business objectives of the M&A? What key IT capabilities will need to support business objectives?
   2. What key synergies are expected from the transaction? What opportunities exist to position the business for sustainable growth?
   3. What IT separation best helps obtain these benefits?

Record the results in the M&A Sell Playbook.

Separation Posture Selection Framework

M&A separation strategy

You may need a hybrid separation posture to achieve the technology end state.

M&A objectives may not affect all IT domains and business functions in the same way. Therefore, the separation requirements for each business function may differ. Organizations will often choose to select and implement a hybrid separation posture to realize the technology end state.

Each business division may have specific IT domain and capability needs that require an alternative separation strategy.

• Example: Even when conducting a joint venture by forming a new organization, some partners might view themselves as the dominant partner and want to influence the IT environment to a greater degree.
• Example: Some purchasing organizations will expect service-level agreements to be available for a significant period of time following the divestiture, while others will be immediately independent.

2.2.2 Conduct a RACI

1-2 hours

Input: IT capabilities, Transition team, Separation strategy

Output: Completed RACI for Transition team

Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers, M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to identify the core accountabilities and responsibilities for the roles identified as critical to your transition team. While there might be slight variation from transaction to transaction, ideally each role should be performing certain tasks.

1. First, identify a list of critical tasks that need to be completed to support the sale or separation. For example:
   • Communicate with the company M&A team.
   • Identify the key IT solutions that can and cannot be carved out.
   • Gather data room artifacts and provide them to acquiring organization.
2. Next, identify at the activity level which role is accountable or responsible for each activity. Enter an A for accountable, R for responsible, or A/R for both.

Record the results in the M&A Sell Playbook.

Communication and change

Prepare key stakeholders for the potential changes

• Anytime you are starting a project or program that will depend on users and stakeholders to give up their old way of doing things, change will force people to become novices again, leading to lost productivity and added stress.
• Change management can improve outcomes for any project where you need people to adopt new tools and procedures, comply with new policies, learn new skills and behaviors, or understand and support new processes.
• M&As move very quickly, and it can be very difficult to keep track of which stakeholders you need to be communicating with and what you should be communicating.
• Not all organizations embrace or resist change in the same ways. Base your change communications on your organization’s cultural appetite for change in general.
  • Organizations with a low appetite for change will require more direct, assertive communications.
  • Organizations with a high appetite for change are more suited to more open, participatory approaches.

Three key dimensions determine the appetite for cultural change:

• Power Distance. Refers to the acceptance that power is distributed unequally throughout the organization.
  In organizations with a high power distance, the unequal power distribution is accepted by the less powerful employees.
• Individualism. Organizations that score high in individualism have employees who are more independent. Those who score low in individualism fall into the collectivism side, where employees are strongly tied to one another or their groups.
• Uncertainty Avoidance. Describes the level of acceptance that an organization has toward uncertainty. Those who score high in this area find that their employees do not favor uncertain situations, while those that score low in this area find that their employees are comfortable with change and uncertainty.

2.2.3 Create the communication plan

1-2 hours

Input: IT’s M&A mission, vision, and guiding principles, M&A transition team, IT separation strategy, RACI

Output: IT’s M&A communication plan

Materials: Flip charts/whiteboard, Markers, RACI, M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to create a communication plan that IT can leverage throughout the initiative.

1. Create a structured communication plan that allows for continuous communication with the integration management office, senior management, and the business functional heads.
2. Outline key topics of communication, with stakeholders, inputs, and outputs for each topic.
3. Review Info-Tech’s example communication plan in the M&A Sell Playbook and update it with relevant information.
4. Does this communication plan make sense for your organization? What doesn’t make sense? Adjust the communication guide to suit your organization.

Record the results in the M&A Sell Playbook.

Assessing potential organizations

As soon as you have identified organizations to consider, it’s imperative to assess critical risks. Most IT leaders can attest that they will receive little to no notice when the business is pursuing a sale and IT has to assess the IT organization. As a result, having a standardized template to quickly assess the potential acquiring organization is important.

Ways to Assess

1. News: Assess what sort of news has been announced in relation to the organization. Have they had any risk incidents? Has a critical vendor announced working with them?
2. LinkedIn: Scan through the LinkedIn profiles of employees. This will give you a sense of what platforms they have based on employees. It will also give insight into positive or negative employee experiences that could impact retention.
3. Trends: Some industries will have specific solutions that are relevant and popular. Assess what the key players are (if you don’t already know) to determine the solution.
4. Business Architecture: While this assessment won’t perfect, try to understand the business’ value streams and the critical business and IT capabilities that would be needed to support them. Will your organization or employee skills be required to support these long term?

Info-Tech Insight

Assessing potential organizations is not just for the purchaser. The seller should also know what the purchasing organization’s history with M&As is and what potential risks could occur if remaining connected through ongoing SLAs.

2.2.4 Assess the potential organization(s)

Input: Publicized historical risk events, Solutions and vendor contracts likely in the works, Trends

Output: IT’s valuation of the potential organization(s) for selling or divesting

Materials: M&A Sell Playbook

Participants: IT executive/CIO

The purpose of this activity is to assess the organization(s) that your organization is considering selling or divesting to.

1. Complete the Historical Valuation Worksheet in the M&A Sell Playbook to understand the type of IT organization that your company may support.
   • The business likely isn’t looking for in-depth details at this time. However, as the IT leader, it is your responsibility to ensure critical risks are identified and communicated to the business.
2. Use the information identified to help the business narrow down which organizations could be the right organizations to sell or divest to.

Record the results in the M&A Sell Playbook.

By the end of this pre-transaction phase you should:

Have a program plan for M&As and a repeatable M&A strategy for IT when engaging in reduction transactions

Key outcomes from the Discovery & Strategy phase

• Prepare the IT environment to support the potential sale or divestiture by identifying critical program plan elements and establishing a separation or carve-out strategy that will enable the business to reach its goals.
• Create a M&A strategy that accounts for all the necessary elements of a transaction and ensures sufficient governance, capabilities, and metrics exist.

Key deliverables from the Discovery & Strategy phase

• Create vision and mission statements
• Establish guiding principles
• Create a future-state operating model
• Identify the key roles for the transaction team
• Identify and communicate the M&A governance
• Determine target metrics
• Identify the M&A operating model
• Select the separation strategy framework
• Conduct a RACI for key transaction tasks for the transaction team
• Document the communication plan

M&A Sell Blueprint

Phase 3

Due Diligence & Preparation

This phase will walk you through the following activities:

• Drive value with a due diligence charter
• Gather data room artifacts
• Measure staff engagement
• Assess culture
• Create a carve-out roadmap
• Prioritize separation tasks
• Establish the separation roadmap
• Identify the buyer’s IT expectations
• Create a service/transaction agreement
• Estimate separation costs
• Create an employee transition plan
• Create functional workplans for employees
• Align project metrics with identified tasks

This phase involves the following participants:

• IT executive/CIO
• IT senior leadership
• Company M&A team
• Business leaders
• Purchasing organization
• Transition team

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

What is the Due Diligence & Preparation phase?

Mid-transaction state

The Due Diligence & Preparation phase during a sale or divestiture is a critical time for IT. If IT fails to proactively participate in this phase, IT will have to merely react to separation expectations set by the business.

If your organization is being sold in its entirety, staff will have major concerns about their future in the new organization. Making this transition as smooth as possible and being transparent could go a long way in ensuring their success in the new organization.

In a divestiture, this is the time to determine where it’s possible for the organization to divide or separate from itself. A lack of IT involvement in these conversations could lead to an overcommitment by the business and under-delivery by IT.

Goal: To ensure that, as the selling or divesting organization, you comply with regulations, prepare staff for potential changes, and identify a separation strategy if necessary

Due Diligence Prerequisite Checklist

Before coming into the Due Diligence & Preparation phase, you must have addressed the following:

• Understand the rationale for the company's decision to pursue a sale or divestiture and what opportunities or pain points the sale should alleviate.
• Identify the key roles for the transaction team.
• Identify the M&A governance.
• Determine target metrics.
• Select a separation strategy framework.
• Conduct a RACI for key transaction tasks for the transaction team.

Before coming into the Due Diligence & Preparation phase, we recommend addressing the following:

• Create vision and mission statements.
• Establish guiding principles.
• Create a future-state operating model.
• Identify the M&A operating model.
• Document the communication plan.
• Examine the business perspective of IT.
• Identify key stakeholders and outline their relationship to the M&A process.
• Be able to valuate the IT environment and communicate IT’s value to the business.

The Technology Value Trinity

Delivery of Business Value & Strategic Needs

• Digital & Technology Strategy

  The identification of objectives and initiatives necessary to achieve business goals.

• IT Operating Model

  The model for how IT is organized to deliver on business needs and strategies.

• Information & Technology Governance

  The governance to ensure the organization and its customers get maximum value from the use of information and technology.

All three elements of the Technology Value Trinity work in harmony to deliver business value and achieve strategic needs. As one changes, the others need to change as well.

• Digital and IT Strategy tells you what you need to achieve to be successful.
• IT Operating Model and Organizational Design is the alignment of resources to deliver on your strategy and priorities.
• Information & Technology Governance is the confirmation of IT’s goals and strategy, which ensures the alignment of IT and business strategy. It’s the mechanism by which you continuously prioritize work to ensure that what is delivered is in line with the strategy. This oversight evaluates, directs, and monitors the delivery of outcomes to ensure that the use of resources results in the achieving the organization’s goals.

Too often strategy, operating model and organizational design, and governance are considered separate practices. As a result, “strategic documents” end up being wish lists, and projects continue to be prioritized based on who shouts the loudest – not based on what is in the best interest of the organization.

Due Diligence & Preparation

Step 3.1

Engage in Due Diligence and Prepare Staff

Activities

• 3.1.1 Drive value with a due diligence charter
• 3.1.2 Gather data room artifacts
• 3.1.3 Measure staff engagement
• 3.1.4 Assess culture

This step involves the following participants:

• IT executive/CIO
• IT senior leadership
• Company M&A team
• Business leaders
• Prospective IT organization
• Transition team

Outcomes of Step

This step of the process is when IT should prepare and support the business in due diligence and gather the necessary information about staff changes.

3.1.1 Drive value with a due diligence charter

1-2 hours

Input: Key roles for the transaction team, M&A governance, Target metrics, Selected separation strategy framework, RACI of key transaction tasks for the transaction team

Output: IT Due Diligence Charter

Materials: M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to create a charter leveraging the items completed in the previous phase, as listed on the Due Diligence Prerequisite Checklist slide, to gain executive sign-off.

1. In the IT Due Diligence Charter in the M&A Sell Playbook, complete the aspects of the charter that are relevant for you and your organization.
2. We recommend including these items in the charter:
   • Communication plan
   • Transition team roles
   • Goals and metrics for the transaction
   • Separation strategy
   • Sale/divestiture RACI
3. Once the charter has been completed, ensure that business executives agree to the charter and sign off on the plan of action.

Record the results in the M&A Sell Playbook.

3.1.2 Gather data room artifacts

4 hours

Input: Future-state operating model, M&A governance, Target metrics, Selected separation strategy framework, RACI of key transaction tasks for the transaction team

Output: List of items to acquire and verify can be provided to the purchasing organization while in the data room

Materials: Critical domain lists on following slides, M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team, Legal team, Compliance/privacy officers

The purpose of this activity is to create a list of the key artifacts that you could be asked for during the due diligence process.

1. Review the lists on the following pages as a starting point. Identify which domains, stakeholders, artifacts, and information should be requested for the data room.
2. IT leadership may or may not be asked to enter the data room directly. The short notice for having to find these artifacts for the purchasing organization can leave your IT organization scrambling. Identify the critical items worth obtaining ahead of time.
3. Once you have identified the artifacts, provide the list to the legal team or compliance/privacy officers and ensure they also agree those items can be provided. If changes to the documents need to be made, take the time to do so.
4. Store all items in a safe and secure file or provide to the M&A team ahead of due diligence.

**Note that if your organization is not leading/initiating the data room, then you can ignore this activity.

Record the results in the M&A Sell Playbook.

Critical domains

Understand the key stakeholders and outputs for each domain

Critical domains (continued)

Understand the key stakeholders and outputs for each domain

Retain top talent throughout the transition

Focus on retention and engagement

• People are such a critical component of this process, especially in the selling organization.
• Retaining employees, especially the critical employees who hold specific skills or knowledge, will ensure the success and longevity of the divesting organization, purchasing organization, or the new company.
• Giving employees a role in the organization and ensuring they do not see their capabilities as redundant will be critical to the process.
• It is okay if employees need to change what they were doing temporarily or even long-term. However, being transparent about these changes and highlighting their value to the process and organization(s) will help.
• The first step to moving forward with retention is to look at the baseline engagement and culture of employees and the organization. This will help determine where to focus and allow you to identify changes in engagement that resulted from the transaction.

• Job engagement drivers are levers that influence the engagement of employees in their day-to-day roles.
• Organizational engagement drivers are levers that influence an employee’s engagement with the broader organization.
• Retention drivers are employment needs. They don’t necessarily drive engagement, but they must be met for engagement to be possible.

3.1.3 Measure staff engagement

3-4 hours

Input: Engagement survey

Output: Baseline engagement scores

Materials: Build an IT Employee Engagement Program

Participants: IT executive/CIO, IT senior leadership, IT employees of current organization

The purpose of this activity is to measure current staff engagement to have a baseline to measure against in the future state. This is a good activity to complete if you will be divesting or selling in entirety.

The results from the survey should act as a baseline to determine what the organization is doing well in terms of employee engagement and what drivers could be improved upon.

1. Review Info-Tech’s Build an IT Employee Engagement Program research and select a survey that will best meet your needs.
2. Conduct the survey and note which drivers employees are currently satisfied with. Likewise, note where there are opportunities.
3. Document actions that should be taken to mitigate the negative engagement drivers throughout the transaction and enhance or maintain the positive engagement drivers.

Record the results in the M&A Sell Playbook.

Assess culture as a part of engagement

Culture should not be overlooked, especially as it relates to the separation of IT environments

• There are three types of culture that need to be considered.
• Most importantly, this transition is an opportunity to change the culture that might exist in your organization’s IT environment.
• Make a decision on which type of culture you’d like IT to have post transition.

Target Organization's Culture. The culture that the target organization is currently embracing. Their established and undefined governance practices will lend insight into this.

Your Organization’s Culture. The culture that your organization is currently embracing. Examine people’s attitudes and behaviors within IT toward their jobs and the organization.

Ideal Culture. What will the future culture of the IT organization be once separation is complete? Are there aspects that your current organization and the target organization embrace that are worth considering?

Culture categories

Map the results of the IT Culture Diagnostic to an existing framework

Culture Considerations

• What culture category was dominant for each IT organization?
• Do you share the same dominant category?
• Is your current dominant culture category the most ideal to have post-separation?

3.1.4 Assess Culture

3-4 hours

Input: Cultural assessments for current IT organization, Cultural assessment for target IT organization

Output: Goal for IT culture

Materials: IT Culture Diagnostic

Participants: IT executive/CIO, IT senior leadership, IT employees of current organization, IT employees of target organization, Company M&A team

The purpose of this activity is to assess the different cultures that might exist within the IT environments of the organizations involved. By understanding the culture that exists in the purchasing organization, you can identify the fit and prepare impacted staff for potential changes.

1. Complete this activity by leveraging the blueprint Fix Your IT Culture, specifically the IT Culture Diagnostic.
2. Fill out the diagnostic for the IT department in your organization:
   1. Answer the 16 questions in tab 2, Diagnostic.
   2. Find out your dominant culture and review recommendations in tab 3, Results.
3. Document the results from tab 3, Results, in the M&A Sell Playbook if you are trying to record all artifacts related to the transaction in one place.
4. Repeat the activity for the purchasing organization.
5. Leverage the information to determine what the goal for the culture of IT will be post-separation if it will differ from the current culture.

Record the results in the M&A Sell Playbook.

Due Diligence & Preparation

Step 3.2

Prepare to Separate

Activities

• 3.2.1 Create a carve-out roadmap
• 3.2.2 Prioritize separation tasks
• 3.2.3 Establish the separation roadmap
• 3.2.4 Identify the buyer’s IT expectations
• 3.2.5 Create a service/transaction agreement
• 3.2.6 Estimate separation costs
• 3.2.7 Create an employee transition plan
• 3.2.8 Create functional workplans for employees
• 3.2.9 Align project metrics with identified tasks

This step involves the following participants:

• IT executive/CIO
• IT senior leadership
• Transition team
• Company M&A team
• Purchasing organization

Outcomes of Step

Have an established plan of action toward separation across all domains and a strategy toward resources.

Don’t underestimate the importance of separation preparation

Separation involves taking the IT organization and dividing it into two or more separate entities.

Testing the carve capabilities of the IT organization often takes 3 months. (Source: Cognizant, 2014)

Daimler-Benz lost nearly $19 billion following its purchase of Chrysler by failing to recognize the cultural differences that existed between the two car companies. (Source: Deal Room)

Info-Tech Insight

Separating the IT organization requires more time and effort than business leaders will know. Frequently communicate challenges and lost opportunities when carving the IT environment out.

Separation needs

Identify the business objectives of the sale to determine the IT strategy

Set up a meeting with your IT due diligence team to:

• Ensure there will be no gaps in the delivery of products and services in the future state.
• Discuss the people and processes necessary to achieve the target technology environment and support M&A business objectives.

Use this opportunity to:

• Identify data and application complexities between the involved organizations.
• Identify the IT people and process gaps, initiatives, and levels of support expected.
• Determine your infrastructure needs to ensure effectiveness and delivery of services:
  • Does IT have the infrastructure to support the applications and business capabilities?
  • Identify any gaps between the current infrastructure in both organizations and the infrastructure required.
  • Identify any redundancies/gaps.
  • Determine the appropriate IT separation strategies.
• Document your gaps, redundancies, initiatives, and assumptions to help you track and justify the initiatives that must be undertaken and help estimate the cost of separation.

Separation strategies

There are several IT separation strategies that will let you achieve your target technology environment.

IT Separation Strategies

• Divest. Carve out elements of the IT organization and sell them to a purchasing organization with or without a service-level agreement.
• Sell. Sell the entire IT environment to a purchasing organization. The purchasing organization takes full responsibility in delivering and running the IT environment.
• Spin-Off Joint Venture. Carve out elements of the IT organization and combine them with elements of a new or purchasing organization to create a new entity.

The approach IT takes will depend on the business objectives for the M&A.

• Generally speaking, the separation strategy is well understood and influenced by the frequency of and rationale for selling.
• Based on the initiatives generated by each business process owner, you need to determine the IT separation strategy that will best support the desired target technology environment, especially if you are still operating or servicing elements of that IT environment.

Key considerations when choosing an IT separation strategy include:

• What are the main business objectives of the M&A?
• What are the key synergies expected from the transaction?
• What IT separation strategy best helps obtain these benefits?
• What opportunities exist to position the business for sustainable and long-term growth?

Separation strategies in detail

Review highlights and drawbacks of different separation strategies

Divest

Highlights
• Recommended for businesses striving to reduce costs and potentially even generate revenue for the business through the delivery of SLAs.
• Opportunity to reduce or scale back on lines of business or products that are not driving profits.

Drawbacks
• May be forced to give up critical staff that have been known to deliver high value.
• The IT department is left to deliver services to the purchasing organization with little support or consideration from the business.
• There can be increased risk and security concerns that need to be addressed.

Sell

Highlights
• Recommended for businesses looking to gain capital to exit the market profitably or to enter a new market with a large sum of capital.
• The business will no longer exist, and as a result all operational costs, including IT, will become redundant.

Drawbacks
• IT is no longer needed as an operating or capital service for the organization.
• Lost resources, including highly trained and critical staff.
• May require packaging employees off and using the profit or capital generated to cover any closing costs.

Spin-Off or Joint Venture

Highlights
• Recommended for businesses looking to expand their market presence or acquire new products. Essentially aligning the two organizations in the same market.
• Each side has a unique offering but complementing capabilities.

Drawbacks
• As much as the organization is going through a separation from the original company, it will be going through an integration with the new company.
• There could be differences in culture.
• This could require a large amount of investment without a guarantee of profit or success.

Preparing the carve-out roadmap

And why it matters so much

• When carving out the IT environment in preparation for a divestiture, it’s important to understand the infrastructure, application, and data connections that might exist.
• Much to the business’ surprise, carving out the IT environment is not easy, especially when considering the services and products that might depend on access to certain applications or data sets.
• Once the business has indicated which elements they anticipate divesting, be prepared for testing the functionality and ability of this carve-out, either through automation or manually. There are benefits and drawbacks to both methods:
  • Automated requires a solution and a developer to code the tests.
  • Manual requires time to find the errors, possibly more time than automated testing.
• Identify if there are dependencies that will make the carve-out difficult.
  • For example, the business is trying to divest Product X, but that product is integrated with Product Y, which is not being sold.
  • Consider all the processes and products that specific data might support as well.
  • Moreover, the data migration tool will need to enter the ERP system and identify not just the data but all supporting and historical elements that underlie the data.

Critical components to consider:

• Selecting manual or automated testing
• Determining data dependencies
• Data migration capabilities
• Auditing approval
• People and skills that support specific elements being carved out

3.2.1 Create a carve-out roadmap

6 hours

Input: Items included in the carve-out, Dependencies, Whether testing is completed, If the carve-out will pass audit, If the carve-out item is prepared to be separated

Output: Carve-out roadmap

Materials: Business’ divestiture plan, M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Business leaders, Transition team

The purpose of this activity is to prepare the IT environment by identifying a carve-out roadmap, specifically looking at data, infrastructure, and applications. Feel free to expand the roadmap to include other categories as your organization sees fit.

1. In the Carve-Out Roadmap in the M&A Sell Playbook, identify the key elements of the carve-out in the first column.
2. Note any dependencies the items might have. For example:
   • The business is selling Product X, which is linked to Data X and Data Y. The organization does not want to sell Data Y. Data X would be considered dependent on Data Y.
3. Once the dependencies have been confirmed, begin automated or manual testing to examine the possibility of separating the data sets (or other dependencies) from one another.
4. After identifying an acceptable method of separation, inform the auditing individual or body and confirm that there would be no repercussions for the planned process.

Record the results in the M&A Sell Playbook.

3.2.2 Prioritize separation tasks

2 hours

Input: Separation tasks, Transition team, M&A RACI

Output: Prioritized separation list

Materials: Separation task checklist, Separation roadmap

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to prioritize the different separation tasks that your organization has identified as necessary to this transaction. Some tasks might not be relevant for this particular transaction, and others might be critical.

1. Begin by downloading the SharePoint or Excel version of the M&A Separation Project Management Tool.
2. Identify which separation tasks you want to have as part of your project plan. Alter or remove any tasks that are irrelevant to your organization. Add in tasks you think are missing.
3. When deciding criticality of the task, consider the effect on stakeholders, those who are impacted or influenced in the process of the task, and dependencies (e.g. data strategy needs to be addressed first before you can tackle its dependencies, like data quality).
4. Feel free to edit the way you measure criticality. The standard tool leverages a three-point scale. At the end, you should have a list of tasks in priority order based on criticality.

Record the updates in the M&A Separation Project Management Tool (SharePoint).

Record the updates in the M&A Separation Project Management Tool (Excel).

Separation checklists

Prerequisite Checklist

• Build the project plan for separation and prioritize activities
  • Plan first day
  • Plan first 30/100 days
  • Plan first year
• Create an organization-aligned IT strategy
• Identify critical stakeholders
• Create a communication strategy
• Understand the rationale for the sale or divestiture
• Develop IT's sale/divestiture strategy
  • Determine goal opportunities
  • Create the mission and vision statements
  • Create the guiding principles
  • Create program metrics
• Consolidate reports from due diligence/data room
• Conduct culture assessment
• Create a transaction team
• Establish a service/technical transaction agreement
• Plan and communicate culture changes
• Create an employee transition plan
• Assess baseline engagement

Business

• Design an enterprise architecture
• Document your business architecture
• Meet compliance and regulatory standards
• Identify and assess all of IT's risks

Applications

• Prioritize and address critical applications
  • CRM
  • HRIS
  • Financial
  • Sales
  • Risk
  • Security
  • ERP
  • Email
• Develop method of separating applications
• Model critical applications that have dependencies on one another
• Identify the infrastructure capacity required to support critical applications
• Prioritize and address critical applications

Leadership/IT Executive

• Build an IT budget
• Structure operating budget
• Structure capital budget
• Identify the workforce demand vs. capacity
• Establish and monitor key metrics
• Communicate value realized/cost savings

Data

• Confirm data strategy
• Confirm data governance
• Build a data architecture roadmap
• Analyze data sources and domains
• Evaluate data storage (on-premises vs. cloud)
• Develop an enterprise content management strategy and roadmap
• Ensure cleanliness/usability of data sets
• Identify data sets that can remain operational if reduced/separated
• Develop reporting and analytics capabilities
• Confirm data strategy

Operations

• Manage sales access to customer data
• Determine locations and hours of operation
• Separate/terminate phone lists and extensions
• Split email address books
• Communicate helpdesk/service desk information

Separation checklists (continued)

Infrastructure

• Manage organization domains
• Consolidate data centers
• Compile inventory of vendors, versions, switches, and routers
• Review hardware lease or purchase agreements
• Review outsourcing/service provider agreements
• Review service-level agreements
• Assess connectivity linkages between locations
• Plan to migrate to a single email system if necessary
• Determine network access concerns

Vendors

• Establish a sustainable vendor management office
• Review vendor landscape
• Identify warranty options
• Identify the licensing grant
• Rationalize vendor services and solutions

People

• Design an IT operating model
• Design your future IT organizational structure
• Conduct a RACI for prioritized activities
• Conduct a culture assessment and identify goal IT culture
• Build an IT employee engagement program
• Determine critical roles and systems/process/products they support
• Define new job descriptions with meaningful roles and responsibilities
• Create employee transition plans
• Create functional workplans

Projects

• Identify projects to be on hold
• Communicate project intake process
• Reprioritize projects

Products & Services

• Redefine service catalog
• Ensure customer interaction requirements are met
• Select a solution for product lifecycle management
• Plan service-level agreements

Security

• Conduct a security assessment
• Develop accessibility prioritization and schedule
• Establish an information security strategy
• Develop a security awareness and training program
• Develop and manage security governance, risk, and compliance
• Identify security budget
• Build a data privacy and classification program

IT Processes

• Evaluate current process models
• Determine productivity/capacity levels of processes
• Identify processes to be changed/terminated
• Establish a communication plan
• Develop a change management process
• Establish/review IT policies
• Evaluate current process models

3.2.2 Establish the separation roadmap

Input: Prioritized separation tasks, Carve-out roadmap, Employee transition plan, Separation RACI, Costs for activities, Activity owners

Output: Separation roadmap

Materials: M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel), SharePoint Template: Step-by-Step Deployment Guide

Participants: IT executive/CIO, IT senior leadership, Transition team, Company M&A team

The purpose of this activity is to create a roadmap to support IT throughout the separation process. Using the information gathered in previous activities, you can create a roadmap that will ensure a smooth separation.

1. Use our Separation Project Management Tool to help track critical elements in relation to the separation project. There are a few options available:
   1. Follow the instructions on the next slide if you are looking to upload our SharePoint project template. Additional instructions are available in the SharePoint Template Step-by-Step Deployment Guide.
   2. If you cannot or do not want to use SharePoint as your project management solution, download our Excel version of the tool.
      **Remember that this your tool, so customize to your liking.
2. Identify who will own or be accountable for each of the separation tasks and establish the time frame for when each project should begin and end. This will confirm which tasks should be prioritized.

Record the updates in the M&A Separation Project Management Tool (SharePoint).

Record the updates in the M&A Separation Project Management Tool (Excel).

Separation Project Management Tool (SharePoint Template)

Follow these instructions to upload our template to your SharePoint environment

1. Create or use an existing SP site.
2. Download the M&A Separation Project Management Tool (SharePoint) .wsp file from the Mergers & Acquisitions: The Sell Blueprint landing page.
3. To import a template into your SharePoint environment, do the following:
   1. Open PowerShell.
   2. Connect-SPO Service (need to install PowerShell module).
   3. Enter in your tenant admin URL.
   4. Enter in your admin credentials.
   5. Set-SPO Site https://YourDomain.sharepoint.com/sites/YourSiteHe... -DenyAddAndCustomizePages 0
   OR
   1. Turn on both custom script features to allow users to run custom

4. Enable the SharePoint Server feature.
5. Upload the .wsp file in Solutions Gallery.
6. Deploy by creating a subsite and select from custom options.
   • Allow or prevent custom script
   • Security considerations of allowing custom script
   • Save, download, and upload a SharePoint site as a template
Refer to Microsoft documentation to understand security considerations and what is and isn’t supported:

For more information, check out the SharePoint Template: Step-by-Step Deployment Guide.

Supporting the transition and establishing service-level agreements

The purpose of this part of the transition is to ensure both buyer and seller have a full understanding of expectations for after the transaction.

• Once the organizations have decided to move forward with a deal, all parties need a clear level of agreement.
• IT, since it is often seen as an operational division of an organization, is often expected to deliver certain services or products once the transaction has officially closed.
• The purchasing organization or the new company might depend on IT to deliver these services until they are able to provide those services on their own.
• Having a clear understanding of what the buyer’s expectations are and what your company, as the selling organization, can provide is important.
• Have a conversation with the buyer and document those expectations in a signed service agreement.

3.2.4 Identify the buyer's IT expectations

Input: Carve-out roadmap, Separation roadmap, Up-to-date version of the agreement

Output: Buyer’s IT expectations

Materials: Questions for meeting

Participants: IT executive/CIO, IT senior leadership, Company M&A team, Purchasing company M&A team, Purchasing company IT leadership

The purpose of this activity is to determine if the buyer has specific service expectations for your IT organization. By identifying, documenting, and agreeing on what services your IT organization will be responsible for, you can obtain a final agreement to protect you as the selling organization.

1. Buyers should not assume certain services will be provided. Organize a meeting with IT leaders and the company M&A teams to determine what services will be provided.
2. The next slide has a series of questions that you can start from. Ensure you get detailed information about each of the services.
3. Once you fully understand the buyer’s IT expectations, create an SLA in the next activity and obtain sign-off from both organizations.

Questions to ask the buyer

1. What services would you like my IT organization to provide?
2. How long do you anticipate those services will be provided to you?
3. How do you expect your staff/employees to communicate requests or questions to my staff/employees?
4. Are there certain days or times that you expect these services to be delivered?
5. How many staff do you expect should be available to support you?
6. What should be the acceptable response time on given service requests?
7. When it comes to the services you require, what level of support should we provide?
8. If a service requires escalation to Level 2 or Level 3 support, are we still expected to support this service? Or are we only Level 1 support?
9. What preventative security methods does your organization have to protect our environment during this agreement period?

3.2.5 Create a service/ transaction agreement

6 hours

Input: Buyer's expectations, Separation roadmap

Output: SLA for the purchasing organization

Materials: Service Catalog Internal Service Level Agreement Template, M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel)

Participants: IT executive/CIO, IT senior leadership, Company M&A team, Purchasing company M&A team, Purchasing company IT leadership

The purpose of this activity is to determine if the buyer has specific service expectations for your IT organization post-transaction that your IT organization is agreeing to provide.

1. Document the expected services and the related details in a service-level agreement.
2. Provide the SLA to the purchasing organization.
3. Obtain sign-off from both organizations on the level of service that is expected of IT.
4. Update the M&A Separation Project Management Tool Excel or SharePoint document to reflect any additional items that the purchasing organization identified.

*For organizations being purchased in their entirety, this activity may not be relevant.

Modify the Service Catalog Internal Service Level Agreement with the agreed-upon terms of the SLA.

Importance of estimating separation costs

Change is the key driver of separation costs

Separation costs are dependent on the following:

• Meeting synergy targets – whether that be cost saving or growth related.
  • Employee-related costs, licensing, and reconfiguration fees play a huge part in meeting synergy targets.
• Adjustments related to compliance or regulations – especially if there are changes to legal entities, reporting requirements, or risk mitigation standards.
• Governance or third party–related support required to ensure timelines are met and the separation is a success.

Separation costs vary by industry type.

• Certain industries may have separation costs made up of mostly one type, differing from other industries, due to the complexity and demands of the transaction. For example:
  • Healthcare separation costs are mostly driven by regulatory, safety, and quality standards, as well as consolidation of the research and development function.
  • Energy and Utilities tend to have the lowest separation costs due to most transactions occurring within the same sector rather than as cross-sector investments. For example, oil and gas transactions tend to be for oil fields and rigs (strategic fixed assets), which can easily be added to the buyer’s portfolio.

Separation costs are more related to the degree of change required than the size of the transaction.

3.2.6 Estimate separation costs

3-4 hours

Input: Separation tasks, Transition team, Valuation of current IT environment, Valuation of target IT environment, Outputs from data room, Technical debt, Employees

Output: List of anticipated costs required to support IT separation

Materials: Separation task checklist, Separation roadmap, M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

The purpose of this activity is to estimate the costs that will be associated with the separation. Identify and communicate a realistic figure to the larger M&A team within your company as early in the process as possible. This ensures that the funding required for the transaction is secured and budgeted for in the overarching transaction.

1. On the associated slide in the M&A Sell Playbook, input:
   • Task
   • Domain
   • Cost type
   • Total cost amount
   • Level of certainty around the cost
2. Provide a copy of the estimated costs to the company’s M&A team. Also provide any additional information identified earlier to help them understand the importance of those costs.

Record the results in the M&A Sell Playbook.

Employee transition planning

Considering employee impact will be a huge component to ensure successful separation

• Meet With Leadership
• Plan Individual and Department Redeployment
• Plan Individual and Department Layoffs
• Monitor and Manage Departmental Effectiveness

• For employees, the transition could mean:
  • Changing from their current role to a new role to meet requirements and expectations throughout the transition.
  • Being laid off because the role they are currently occupying has been made redundant.
• It is important to plan for what the M&A separation needs will be and what the IT operational needs will be.
• A lack of foresight into this long-term plan could lead to undue costs and headaches trying to retain critical staff, rehiring positions that were already let go, and keeping redundant employees longer then necessary.

Info-Tech Insight

Being transparent throughout the process is critical. Do not hesitate to tell employees the likelihood that their job may be made redundant. This will ensure a high level of trust and credibility for those who remain with the organization after the transaction.

3.2.7 Create an employee transition plan

3-4 hours

Input: IT strategy, IT organizational design

Output: Employee transition plans

Materials: M&A Sell Playbook, Whiteboard, Sticky notes, Markers

Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

The purpose of this activity is to create a transition plan for employees.

1. Transition planning can be done at specific individual levels or more broadly to reflect a single role. Consider these four items in the transition plan:
   • Understand the direction of the employee transitions.
   • Identify employees that will be involved in the transition (moved or laid off).
   • Prepare to meet with employees.
   • Meet with employees.
2. For each employee that will be facing some sort of change in their regular role, permanent or temporary, create a transition plan.
3. For additional information on transitioning employees, review the blueprint Streamline Your Workforce During a Pandemic.

**Note that if someone’s future role is a layoff, then there is no need to record anything for skills needed or method for skill development.

Record the results in the M&A Sell Playbook.

3.2.8 Create functional workplans for employees

3-4 hours

Input: Prioritized separation tasks, Employee transition plan, Separation RACI, Costs for activities, Activity owners

Output: Employee functional workplans

Materials: M&A Sell Playbook, Learning and development tools

Participants: IT executive/CIO, IT senior leadership, IT management team, Company M&A team, Transition team

The purpose of this activity is to create a functional workplan for the different employees so that they know what their key role and responsibilities are once the transaction occurs.

1. First complete the transition plan from the previous activity (3.2.7) and the separation roadmap. Have these documents ready to review throughout this process.
2. Identify the employees who will be transitioning to a new role permanently or temporarily. Creating a functional workplan is especially important for these employees.
3. Identify the skills these employees need to have to support the separation. Record this in the corresponding slide in the M&A Sell Playbook.
4. For each employee, identify someone who will be a point of contact for them throughout the transition.

It is recommended that each employee have a functional workplan. Leverage the IT managers to support this task.

Record the results in the M&A Sell Playbook.

Metrics for separation

Valuation & Due Diligence

• % Defects discovered in production
• $ Cost per user for enterprise applications
• % In-house-built applications vs. enterprise applications
• % Owners identified for all data domains
• # IT staff asked to participate in due diligence
• Change to due diligence
• IT budget variance
• Synergy target

Execution & Value Realization

• % Satisfaction with the effectiveness of IT capabilities
• % Overall end-customer satisfaction
• $ Impact of vendor SLA breaches
• $ Savings through cost-optimization efforts
• $ Savings through application rationalization and technology standardization
• # Key positions empty
• % Frequency of staff turnover
• % Emergency changes
• # Hours of unplanned downtime
• % Releases that cause downtime
• % Incidents with identified problem record
• % Problems with identified root cause
• # Days from problem identification to root cause fix
• % Projects that consider IT risk
• % Incidents due to issues not addressed in the security plan
• # Average vulnerability remediation time
• % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
• # Time (days) to value realization
• % Projects that realized planned benefits
• $ IT operational savings and cost reductions that are related to synergies/divestitures
• % IT staff–related expenses/redundancies
• # Days spent on IT separation
• $ Accurate IT budget estimates
• % Revenue growth directly tied to IT delivery
• % Profit margin growth

3.2.9 Align project metrics with identified tasks

3-4 hours

Input: Prioritized separation tasks, Employee transition plan, Separation RACI, Costs for activities, Activity owners, M&A goals

Output: Separation-specific metrics to measure success

Materials: Separation roadmap, M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Transition team

The purpose of this activity is to understand how to measure the success of the separation project by aligning metrics to each identified task.

1. Review the M&A goals identified by the business. Your metrics will need to tie back to those business goals.
2. Identify metrics that align to identified tasks and measure achievement of those goals. For each metric you consider, ask the following questions:
   • What is the main goal or objective that this metric is trying to solve?
   • What does success look like?
   • Does the metric promote the right behavior?
   • Is the metric actionable? What is the story you are trying to tell with this metric?
   • How often will this get measured?
   • Are there any metrics it supports or is supported by?

Record the results in the M&A Sell Playbook.

By the end of this mid-transaction phase you should:

Have successfully evaluated your IT people, processes, and technology to determine a roadmap forward for separating or selling.

Key outcomes from the Due Diligence & Preparation phase

• Participate in due diligence activities to comply with regulatory and auditing standards and prepare employees for the transition.
• Create a separation roadmap that considers the tasks that will need to be completed and the resources required to support separation.

Key deliverables from the Due Diligence & Preparation phase

• Drive value with a due diligence charter
• Gather data room artifacts
• Measure staff engagement
• Assess culture
• Create a carve-out roadmap
• Prioritize separation tasks
• Establish the separation roadmap
• Identify the buyer’s IT expectations
• Create a service/transaction agreement
• Estimate separation costs
• Create an employee transition plan
• Create functional workplans for employees
• Align project metrics with identified tasks

M&A Sell Blueprint

Phase 4

Execution & Value Realization

This phase will walk you through the following activities:

• Monitor service agreements
• Continually update the project plan
• Confirm separation costs
• Review IT’s transaction value
• Conduct a transaction and separation SWOT
• Review the playbook and prepare for future transactions

This phase involves the following participants:

• IT executive/CIO
• IT senior leadership
• Vendor management team
• IT transaction team
• Company M&A team

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

What is the Execution & Value Realization phase?

Post-transaction state

Once the transaction comes to a close, it’s time for IT to deliver on the critical separation tasks. As the selling organization in this transaction, you need to ensure you have a roadmap that properly enables the ongoing delivery of your IT environment while simultaneously delivering the necessary services to the purchasing organization.

Throughout the separation transaction, some of the most common obstacles IT should prepare for include difficulty separating the IT environment, loss of key personnel, disengaged employees, and security/compliance issues.

Post-transaction, the business needs to understands the value they received by engaging in the transaction and the ongoing revenue they might obtain as a result of the sale. You also need to ensure that the IT environment is functioning and mitigating any high-risk outcomes.

Goal: To carry out the planned separation activities and deliver the intended value to the business.

Execution Prerequisite Checklist

Before coming into the Execution & Value Realization phase, you must have addressed the following:

• Understand the rationale for the company's decisions to pursue a sale or divestiture and what opportunities or pain points the sale should alleviate.
• Identify the key roles for the transaction team.
• Identify the M&A governance.
• Determine target metrics.
• Select a separation strategy framework.
• Conduct a RACI for key transaction tasks for the transaction team.
• Create a carve-out roadmap.
• Prioritize separation tasks.
• Establish the separation roadmap.
• Create employee transition plans.

Before coming into the Execution & Value Realization phase, we recommend addressing the following:

• Create vision and mission statements.
• Establish guiding principles.
• Create a future-state operating model.
• Identify the M&A operating model.
• Document the communication plan.
• Examine the business perspective of IT.
• Identify key stakeholders and outline their relationship to the M&A process.
• Establish a due diligence charter.
• Be able to valuate the IT environment and communicate IT’s value to the business.
• Gather and present due diligence data room artifacts.
• Measure staff engagement.
• Assess and plan for culture.
• Estimate separation costs.
• Create functional workplans for employees.
• Identify the buyer’s IT expectations.
• Create a service/ transaction agreement.

Separation checklists

Prerequisite Checklist

• Build the project plan for separation and prioritize activities
  • Plan first day
  • Plan first 30/100 days
  • Plan first year
• Create an organization-aligned IT strategy
• Identify critical stakeholders
• Create a communication strategy
• Understand the rationale for the sale or divestiture
• Develop IT's sale/divestiture strategy
  • Determine goal opportunities
  • Create the mission and vision statements
  • Create the guiding principles
  • Create program metrics
• Consolidate reports from due diligence/data room
• Conduct culture assessment
• Create a transaction team
• Establish a service/technical transaction agreement
• Plan and communicate culture changes
• Create an employee transition plan
• Assess baseline engagement

Business

• Design an enterprise architecture
• Document your business architecture
• Meet compliance and regulatory standards
• Identify and assess all of IT's risks

Applications

• Prioritize and address critical applications
  • CRM
  • HRIS
  • Financial
  • Sales
  • Risk
  • Security
  • ERP
  • Email
• Develop method of separating applications
• Model critical applications that have dependencies on one another
• Identify the infrastructure capacity required to support critical applications
• Prioritize and address critical applications

Leadership/IT Executive

• Build an IT budget
• Structure operating budget
• Structure capital budget
• Identify the workforce demand vs. capacity
• Establish and monitor key metrics
• Communicate value realized/cost savings

Data

• Confirm data strategy
• Confirm data governance
• Build a data architecture roadmap
• Analyze data sources and domains
• Evaluate data storage (on-premises vs. cloud)
• Develop an enterprise content management strategy and roadmap
• Ensure cleanliness/usability of data sets
• Identify data sets that can remain operational if reduced/separated
• Develop reporting and analytics capabilities
• Confirm data strategy

Operations

• Manage sales access to customer data
• Determine locations and hours of operation
• Separate/terminate phone lists and extensions
• Split email address books
• Communicate helpdesk/service desk information

Separation checklists (continued)

Infrastructure

• Manage organization domains
• Consolidate data centers
• Compile inventory of vendors, versions, switches, and routers
• Review hardware lease or purchase agreements
• Review outsourcing/service provider agreements
• Review service-level agreements
• Assess connectivity linkages between locations
• Plan to migrate to a single email system if necessary
• Determine network access concerns

Vendors

• Establish a sustainable vendor management office
• Review vendor landscape
• Identify warranty options
• Identify the licensing grant
• Rationalize vendor services and solutions

People

• Design an IT operating model
• Design your future IT organizational structure
• Conduct a RACI for prioritized activities
• Conduct a culture assessment and identify goal IT culture
• Build an IT employee engagement program
• Determine critical roles and systems/process/products they support
• Define new job descriptions with meaningful roles and responsibilities
• Create employee transition plans
• Create functional workplans

Projects

• Identify projects to be on hold
• Communicate project intake process
• Reprioritize projects

Products & Services

• Redefine service catalog
• Ensure customer interaction requirements are met
• Select a solution for product lifecycle management
• Plan service-level agreements

Security

• Conduct a security assessment
• Develop accessibility prioritization and schedule
• Establish an information security strategy
• Develop a security awareness and training program
• Develop and manage security governance, risk, and compliance
• Identify security budget
• Build a data privacy and classification program

IT Processes

• Evaluate current process models
• Determine productivity/capacity levels of processes
• Identify processes to be changed/terminated
• Establish a communication plan
• Develop a change management process
• Establish/review IT policies
• Evaluate current process models

Execution & Value Realization

Step 4.1

Execute the Transaction

Activities

• 4.1.1 Monitor service agreements
• 4.1.2 Continually update the project plan

This step will walk you through the following activities:

• Monitor service agreements
• Continually update the project plan

This step involves the following participants:

• IT executive/CIO
• IT senior leadership
• Vendor management team
• IT transaction team
• Company M&A team

Outcomes of Step

Successfully execute the separation of the IT environments and update the project plan, strategizing against any roadblocks as they come.

Key concerns to monitor during separation

If you are entering the transaction at this point, consider and monitor the following three items above all else.

Your IT environment, reputation as an IT leader, and impact on key staff will depend on monitoring these aspects.

• Risk & Security. Make sure that the channels of communication between the purchasing organization and your IT environment are properly determined and protected. This might include updating or removing employees’ access to certain programs.
• Retaining Employees. Employees who do not see a path forward in the organization or who feel that their skills are being underused will be quick to move on. Make sure they are engaged before, during, and after the transaction to avoid losing employees.
• IT Environment Dependencies. Testing the IT environment several times and obtaining sign-off from auditors that this has been completed correctly should be completed well before the transaction occurs. Have a strong architecture outlining technical dependencies.

For more information, review:

• Reduce and Manage Your Organization’s Insider Threat Risk
• Map Technical Skills for a Changing Infrastructure Operations Organization
• Build a Data Architecture Roadmap

4.1.1 Monitor service agreements

Input: Original service agreement, Risk register

Output: Service agreement confirmed

Materials: Original service agreement

Participants: IT executive/CIO, IT senior leadership, External organization IT senior leadership

The purpose of this activity is to monitor the established service agreements on an ongoing basis. Your organization is most at risk during the initial months following the transaction.

1. Ensure the right controls exist to prevent the organization from unnecessarily opening itself up to risks.
2. Meet with the purchasing organization/subsidiary three months after the transaction to ensure that everyone is satisfied with the level of services provided.
3. This is not a quick and completed activity, but one that requires ongoing monitoring. Repeatedly identify potential risks worth mitigating.

For additional information and support for this activity, see the blueprint Build an IT Risk Management Program.

4.1.2 Continually update the project plan

Input: Prioritized separation tasks, Separation RACI, Activity owners

Output: Updated separation project plan

Materials: M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel)

Participants: IT executive/CIO, IT senior leadership, IT transaction team, Company M&A team

The purpose of this activity is to ensure that the project plan is continuously updated as your transaction team continues to execute on the various components outlined in the project plan.

1. Set a regular cadence for the transaction team to meet, update the project plan, review the status of the various separation task items, and strategize how to overcome any roadblocks.
2. Employ governance best practices in these meetings to ensure decisions can be made effectively and resources allocated strategically.

Record the updates in the M&A Separation Project Management Tool (SharePoint).

Record the updates in the M&A Separation Project Management Tool (Excel).

Execution & Value Realization

Step 4.2

Reflection and Value Realization

Activities

• 4.2.1 Confirm separation costs
• 4.2.2 Review IT’s transaction value
• 4.2.3 Conduct a transaction and separation SWOT
• 4.2.4 Review the playbook and prepare for future transactions

This step involves the following participants:

• IT executive/CIO
• IT senior leadership
• Transition team
• Company M&A team

Outcomes of Step

Review the value that IT was able to generate around the transaction and strategize about how to improve future selling or separating transactions.

4.2.1 Confirm separation costs

3-4 hours

Input: Separation tasks, Carve-out roadmap, Transition team, Previous RACI, Estimated separation costs

Output: Actual separation costs

Materials: M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Transaction team, Company M&A team

The purpose of this activity is to confirm the associated costs around separation. While the separation costs would have been estimated previously, it’s important to confirm the costs that were associated with the separation in order to provide an accurate and up-to-date report to the company’s M&A team.

1. Taking all the original items identified previously in activity 3.2.6, identify if there were changes in the estimated costs. This can be an increase or a decrease.
2. Ensure that each cost has a justification for why the cost changed from the original estimation.

Record the results in the M&A Sell Playbook.

Track cost savings and revenue generation

Throughout the transaction, the business would have communicated its goals, rationales, and expectations for the transaction. Sometimes this is done explicitly, and other times the information is implicit. Either way, IT needs to ensure that metrics have been defined and are measuring the intended value that the business expects. Ensure that the benefits realized to the organization are being communicated regularly and frequently.

1. Define Metrics: Select metrics to track synergies through the separation.
   1. You can track value by looking at percentages of improvement in process-level metrics depending on the savings or revenue being pursued.
   2. For example, if the value being pursued is decreasing costs, metrics could range from capacity to output, highlighting that the output remains high despite smaller IT environments.
2. Prioritize Value-Driving Initiatives: Estimate the cost and benefit of each initiative's implementation to compare the amount of business value to the cost. The benefits and costs should be illustrated at a high level. Estimating the exact dollar value of fulfilling a synergy can be difficult and misleading.
   Steps
   • Determine the benefits that each initiative is expected to deliver.
   • Determine the high-level costs of implementation (capacity, time, resources, effort).
3. Track Cost Savings and Revenue Generation: Develop a detailed workplan to resource the roadmap and track where costs are saved and revenue is generated as the initiatives are undertaken.

4.2.2 Review IT’s transaction value

3-4 hours

Input: Prioritized separation tasks, Separation RACI, Activity owners, M&A company goals

Output: Transaction value

Materials: M&A Sell Playbook

Participants: IT executive/CIO, IT senior leadership, Company's M&A team

The purpose of this activity is to track how your IT organization performed against the originally identified metrics.

1. If your organization did not have the opportunity to identify metrics, determine from the company M&A what those metrics might be. Review activity 3.2.9 for more information on metrics.
2. Identify whether the metric (which should support a goal) was at, below, or above the original target metric. This is a very critical task for IT to complete because it allows IT to confirm that they were successful in the transaction and that the business can count on them in future transactions.
3. Be sure to record accurate and relevant information on why the outcomes (good or bad) are supporting the M&A goals set out by the business.

Record the results in the M&A Sell Playbook.

4.2.3 Conduct a transaction and separation SWOT

2 hours

Input: Separation costs, Retention rates, Value that IT contributed to the transaction

Output: Strengths, weaknesses, opportunities, and threats

Materials: Flip charts, Markers, Sticky notes

Participants: IT executive/CIO, IT senior leadership, Business transaction team

The purpose of this activity is to assess the positive and negative elements of the transaction.

1. Consider the internal and external elements that could have impacted the outcome of the transaction.
   • Strengths. Internal characteristics that are favorable as they relate to your development environment.
   • Weaknesses Internal characteristics that are unfavorable or need improvement.
   • Opportunities External characteristics that you may use to your advantage.
   • Threats External characteristics that may be potential sources of failure or risk.

Record the results in the M&A Sell Playbook.

M&A Sell Playbook review

With an acquisition complete, your IT organization is now more prepared then ever to support the business through future M&As

• Now that the transaction is more than 80% complete, take the opportunity to review the key elements that worked well and the opportunities for improvement.
• Critically examine the M&A Sell Playbook your IT organization created and identify what worked well to help the transaction and where your organization could adjust to do better in future transactions.
• If your organization were to engage in another sale or divestiture under your IT leadership, how would you go about the transaction to make sure the company meets its goals?

4.2.4 Review the playbook and prepare for future transactions

4 hours

Input: Transaction and separation SWOT

Output: Refined M&A playbook

Materials: M&A Sell Playbook

Participants: IT executive/CIO

The purpose of this activity is to revise the playbook and ensure it is ready to go for future transactions.

1. Using the outputs from the previous activity, 4.2.3, determine what strengths and opportunities there were that should be leveraged in the next transaction.
2. Likewise, determine which threats and weaknesses could be avoided in the future transactions.
   Remember, this is your M&A Sell Playbook, and it should reflect the most successful outcome for you in your organization.

Record the results in the M&A Sell Playbook.

By the end of this post-transaction phase you should:

Have completed the separation post-transaction and be fluidly delivering the critical value that the business expected of IT.

Key outcomes from the Execution & Value Realization phase

• Ensure the separation tasks are being completed and that any blockers related to the transaction are being removed.
• Determine where IT was able to realize value for the business and demonstrate IT’s involvement in meeting target goals.

Key deliverables from the Execution & Value Realization phase

• Monitor service agreements
• Continually update the project plan
• Confirm separation costs
• Review IT’s transaction value
• Conduct a transaction and separation SWOT
• Review the playbook and prepare for future transactions

Summary of Accomplishment

Problem Solved

Congratulations, you have completed the M&A Sell Blueprint!

Rather than reacting to a transaction, you have been proactive in tackling this initiative. You now have a process to fall back on in which you can be an innovative IT leader by suggesting how and why the business should engage in a separation or sale transaction. You have:

• Created a standardized approach for how your IT organization should address divestitures or sales.
• Retained critical staff and complied with any regulations throughout the transaction.
• Delivered on the separation project plan successfully and communicated IT’s transaction value to the business.

Now that you have done all of this, reflect on what went well and what can be improved if you were to engage in a similar divestiture or sale again.

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

Contact your account representative for more information
workshops@infotech.com 1-888-670-8899

Research Contributors and Experts

Research Contributors and Experts

Research Contributors and Experts

Bibliography

“5 Ways for CIOs to Accelerate Value During Mergers and Acquisitions.” Okta, n.d. Web.

Altintepe, Hakan. “Mergers and acquisitions speed up digital transformation.” CIO.com, 27 July 2018. Web.

“America’s elite law firms are booming.” The Economist, 15 July 2021. Web.

Barbaglia, Pamela, and Joshua Franklin. “Global M&A sets Q1 record as dealmakers shape post-COVID world.” Nasdaq, 1 April 2021. Web.

Boyce, Paul. “Mergers and Acquisitions Definition: Types, Advantages, and Disadvantages.” BoyceWire, 8 Oct. 2020. Web.

Bradt, George. “83% Of Mergers Fail -- Leverage A 100-Day Action Plan For Success Instead.” Forbes, 27 Jan. 2015. Web.

Capgemini. “Mergers and Acquisitions: Get CIOs, IT Leaders Involved Early.” Channel e2e, 19 June 2020. Web.

Chandra, Sumit, et al. “Make Or Break: The Critical Role Of IT In Post-Merger Integration.” IMAA Institute, 2016. Web.

Deloitte. “How to Calculate Technical Debt.” The Wall Street Journal, 21 Jan. 2015. Web.

Ernst & Young. “IT As A Driver Of M&A Success.” IMAA Institute, 2017. Web.

Fernandes, Nuno. “M&As In 2021: How To Improve The Odds Of A Successful Deal.” Forbes, 23 March 2021. Web.

“Five steps to a better 'technology fit' in mergers and acquisitions.” BCS, 7 Nov. 2019. Web.

Fricke, Pierre. “The Biggest Opportunity You’re Missing During an M&Aamp; IT Integration.” Rackspace, 4 Nov. 2020. Web.

Garrison, David W. “Most Mergers Fail Because People Aren't Boxes.” Forbes, 24 June 2019. Web.

Harroch, Richard. “What You Need To Know About Mergers & Acquisitions: 12 Key Considerations When Selling Your Company.” Forbes, 27 Aug. 2018. Web.

Hope, Michele. “M&A Integration: New Ways To Contain The IT Cost Of Mergers, Acquisitions And Migrations.” Iron Mountain, n.d. Web.

“How Agile Project Management Principles Can Modernize M&A.” Business.com, 13 April 2020. Web.

Hull, Patrick. “Answer 4 Questions to Get a Great Mission Statement.” Forbes, 10 Jan. 2013. Web.

Kanter, Rosabeth Moss. “What We Can Learn About Unity from Hostile Takeovers.” Harvard Business Review, 12 Nov. 2020. Web.

Koller, Tim, et al. “Valuation: Measuring and Managing the Value of Companies, 7th edition.” McKinsey & Company, 2020. Web.

Labate, John. “M&A Alternatives Take Center Stage: Survey.” The Wall Street Journal, 30 Oct. 2020. Web.

Lerner, Maya Ber. “How to Calculate ROI on Infrastructure Automation.” DevOps.com, 1 July 2020. Web.

Loten, Angus. “Companies Without a Tech Plan in M&A Deals Face Higher IT Costs.” The Wall Street Journal, 18 June 2019. Web.

Low, Jia Jen. “Tackling the tech integration challenge of mergers today” Tech HQ, 6 Jan. 2020. Web.

Lucas, Suzanne. “5 Reasons Turnover Should Scare You.” Inc. 22 March 2013. Web.

“M&A Trends Survey: The future of M&A. Deal trends in a changing world.” Deloitte, Oct. 2020. Web.

Maheshwari, Adi, and Manish Dabas. “Six strategies tech companies are using for successful divesting.” EY, 1 Aug. 2020. Web.

Majaski, Christina. “Mergers and Acquisitions: What's the Difference?” Investopedia, 30 Apr. 2021.

“Mergers & Acquisitions: Top 5 Technology Considerations.” Teksetra, 21 Jul. 2020. Web.

“Mergers Acquisitions M&A Process.” Corporate Finance Institute, n.d. Web.

“Mergers and acquisitions: A means to gain technology and expertise.” DLA Piper, 2020. Web.

Nash, Kim S. “CIOs Take Larger Role in Pre-IPO Prep Work.” The Wall Street Journal, 5 March 2015. Web.

O'Connell, Sean, et al. “Divestitures: How to Invest for Success.” McKinsey, 1 Aug. 2015. Web

Paszti, Laila. “Canada: Emerging Trends In Information Technology (IT) Mergers And Acquisitions.” Mondaq, 24 Oct. 2019. Web.

Patel, Kiison. “The 8 Biggest M&A Failures of All Time” Deal Room, 9 Sept. 2021. Web.

Peek, Sean, and Paula Fernandes. “What Is a Vision Statement?” Business News Daily, 7 May 2020. Web.

Ravid, Barak. “How divestments can re-energize the technology growth story.” EY, 14 July 2021. Web.

Ravid, Barak. “Tech execs focus on growth amid increasingly competitive M&A market.” EY, 28 April 2021. Web.

Resch, Scott. “5 Questions with a Mergers & Acquisitions Expert.” CIO, 25 June 2019. Web.

Salsberg, Brian. “Four tips for estimating one-time M&A integration costs.” EY, 17 Oct. 2019. Web.

Samuels, Mark. “Mergers and acquisitions: Five ways tech can smooth the way.” ZDNet, 15 Aug. 2018. Web.

“SAP Divestiture Projects: Options, Approach and Challenges.” Cognizant, May, 2014. Web.

Steeves, Dave. “7 Rules for Surviving a Merger & Acquisition Technology Integration.” Steeves and Associates, 5 Feb. 2020. Web.

Tanaszi, Margaret. “Calculating IT Value in Business Terms.” CSO, 27 May 2004. Web.

“The CIO Playbook. Nine Steps CIOs Must Take For Successful Divestitures.” SNP, 2016. Web.

“The Role of IT in Supporting Mergers and Acquisitions.” Cognizant, Feb. 2015. Web.

Torres, Roberto. “M&A playbook: How to prepare for the cost, staff and tech hurdles.” CIO Dive, 14 Nov. 2019. Web.

“Valuation Methods.” Corporate Finance Institute, n.d. Web.

Weller, Joe. “The Ultimate Guide to the M&A Process for Buyers and Sellers.” Smartsheet, 16 May 2019. Web.

Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud

Don't revolve around a legacy design; choose a network design that evolves with the organization.

Analyst Perspective

Cloud adoption among organizations increases gradually across both the number of services used and the amount those services are used. However, network builders tend to overlook the vulnerabilities of network topologies, which leads to complications down the road, especially since the structures of cloud network topologies are not all of the same quality. A network design that suits current needs may not be the best solution for the future state of the organization.

Even if on-prem network strategies were retained for ease of migration, it is important to evaluate and identify the cloud network topology that can not only elevate the performance of your infrastructure in the cloud, but also that can make it easier to manage and provision resources.

An "as the need arises" strategy will not work efficiently since changing network designs will change the way data travels within your network, which will then need to be adopted to existing application architectures. This becomes more complicated as the number of services hosted in the cloud grows.

Keep a network strategy in place early on and start designing your infrastructure accordingly. This gives you more control over your networks and eliminates the need for huge changes to your infrastructure down the road.

Nitin Mukesh
Senior Research Analyst, Infrastructure and Operations
Info-Tech Research Group

Executive Summary

Your Challenge

The organization is planning to move resources to the cloud or devise a networking strategy for their existing cloud infrastructure to harness value from the cloud.

The right topology needs to be selected to deploy network level isolation, design the cloud for management efficiencies, and provide access to shared services in the cloud.

A perennial challenge for infrastructure in the cloud is planning for governance vs. flexibility, which is often overlooked.

Common Obstacles

The choice of migration method may result in retaining existing networking patterns and only making changes when the need arises.

Networking in the cloud is still new, and organizations new to the cloud may not be aware of the cloud network designs they can consider for their business needs.

Info-Tech's Approach

Define organizational needs and understand the pros and cons of cloud network topologies to strategize for the networking design.

Consider the layered complexities of addressing the governance vs. flexibility spectrum for your domains when designing your networks.

Insight Summary

Don't wait until the necessity arises to evaluate your networking in the cloud. Get ahead of the curve and choose the topology that optimizes benefits and supports organizational needs in the present and future.

Your challenge

Selecting the right topology: Many organizations migrate to the cloud retaining a mesh networking topology from their on-prem design, or they choose to implement the mesh design leveraging peering technologies in the cloud without a strategy in place for when business needs change. While there may be many network topologies for on-prem infrastructure, the network design team may not be aware of the best approach in cloud platforms for their requirements, or a cloud networking strategy may even go overlooked during the migration.

Finding the right cloud networking infrastructure for:

• Management efficiencies
• Network-level isolation of resources
• Access to shared services

Deciding between governance and flexibility in networking design: In the hub and spoke model, if a domain is in the hub, the greater the governance over it, and if it sits in the spoke, the higher the flexibility. Having a strategy for the most important domains is key. For example, some security belongs in the hub and some security belongs in the spoke. The tradeoff here is if it sits completely in the spoke, you give it a lot of freedom, but it becomes harder to standardize across the organization.

Mesh network topology

A mesh is a design where virtual private clouds (VPCs) are connected to each other individually creating a mesh network. The network traffic is fast and can be redirected since the nodes in the network are interconnected. There is no hierarchical relationship between the networks, and any two networks can connect with each other directly.

In the cloud, this design can be implemented by setting up peering connections between any two VPCs. These VPCs can also be set up to communicate with each other internally through the cloud service provider's network without having to route the traffic via the internet.

While this topology offers high redundancy, the number of connections grows tremendously as more networks are added, making it harder to scale a network using a mesh topology.

Mesh Network on AWS

Source: AWS, 2018

Constraints

The disadvantages of peering VPCs into a mesh quickly arise with:

• Transitive connections: Transitive connections are not supported in the cloud, unlike with on-prem networking. This means that if there are two networks that need to communicate, a single peering link can be set up between them. However, if there are more than two networks and they all need to communicate, they should all be connected to each other with separate individual connections.
• Cost of operation: The lack of transitive routing requires many connections to be set up, which adds up to a more expensive topology to operate as the number of networks grows. Cloud providers also usually limit the number of peering networks that can be set up, and this limit can be hit with as few as 100 networks.
• Management: Mesh tends to be very complicated to set up, owing to the large number of different peering links that need to be established. While this may be manageable for small organizations with small operations, for larger organizations with robust cybersecurity practices that require multiple VPCs to be deployed and interconnected for communications, mesh opens you up to multiple points of failure.
• Redundancy: With multiple points of failure already being a major drawback of this design, you also cannot have more than one peered connection between any two networks at the same time. This makes designing your networking systems for redundancy that much more challenging.

Proportional relationship of virtual networks to required peering links in a mesh topology

Case study

INDUSTRY: Blockchain
SOURCE: Microsoft

An organization with four members wants to deploy a blockchain in the cloud, with each member running their own virtual network. With only four members on the team, a mesh network can be created in the cloud with each of their networks being connected to each other, adding up to a total of 12 peering connections (four members with three connections each). While the members may all be using different cloud accounts, setting up connections between them will still be possible.

The organization wants to expand to 15 members within the next year, with each new member being connected with their separate virtual networks. Once grown, the organization will have a total of 210 peering connections since each of the virtual networks will then need 14 peering connections. While this may still be possible to deploy, the number of connections makes it harder to manage and would be that much more difficult to deploy if the organization grows to even 30 or 40 members. The new scale of virtual connections calls for an alternative networking strategy that cloud providers offer – the hub and spoke topology.

Source: Microsoft, 2017

Hub and spoke network topology

In hub and spoke network design, each network is connected to a central network that facilitates intercommunication between the networks. The central network, also called the hub, can be used by multiple workloads/servers/services for hosting services and for managing external connectivity. Other networks connected to the hub through network peering are called spokes and host workloads.

Communications between the workloads/servers/services on spokes pass in or out of the hub where they are inspected and routed. The spokes can also be centrally managed from the hub with IT rules and processes.

A hub and spoke design enable a larger number of virtual networks to be interconnected as each network only needs one peered connection (to the hub) to be able to communicate with any other network in the system.

Hub and Spoke Network on AWS

What hub and spoke networks do better

1. Ease of connectivity: Hub and spoke decreases the liabilities of scale that come from a growing business by providing a consistent connection that can be scaled easily. As more networks are added to an organization, each will only need to be connected once – to the hub. The number of connections is considerably lower than in a mesh topology and makes it easier to maintain and manage.
2. Business agility and scalability: It is easier to increase the number of networks than in mesh, making it easier to grow your business into new channels with less time, investment, and risk.
3. Data collection: With a hub and spoke design, all data flows through the hub – depending on the design, this includes all ingress and egress to and from the system. This makes it an excellent central network to collect all business data.
4. Network-level isolation: Hub and spoke enables separation of workloads and tiers into different networks. This is particularly useful to ensure an issue affecting a network or a workload does not affect the rest.
5. Network changes: Changes to a separated network are much easier to carry out knowing the changes made will not affect all the other connected networks. This reduces work-hours significantly when systems or applications need to be altered.
6. Compliance: Compliance requirements such as SOC 1 and SOC 2 require separate environments for production, development, and testing, which can be done in a hub and spoke model without having to re-create security controls for all networks.

Hub and spoke constraints

While there are plenty of benefits to using this topology, there are still a few notable disadvantages with the design.

Point-to-point peering

The total number of total peered connections required might be lower than mesh, but the cost of running independent projects is cheaper on mesh as point-to-point data transfers are cheaper.

Global access speeds with a monolithic design

With global organizations, implementing a single monolithic hub network for network ingress and egress will slow down access to cloud services that users will require. A distributed network will ramp up the speeds for its users to access these services.

Costs for a resilient design

Connectivity between the spokes can fail if the hub site dies or faces major disruptions. While there are redundancy plans for cloud networks, it will be an additional cost to plan and build an environment for it.

Leverage the hub and spoke strategy for:

Providing access to shared services: Hub and spoke can be used to give workloads that are deployed on different networks access to shared services by placing the shared service in the hub. For example, DNS servers can be placed in the hub network, and production or host networks can be connected to the hub to access it, or if the central network is set up to host Active Directory services, then servers in other networks can act as spokes and have full access to the central VPC to send requests. This is also a great way to separate workloads that do not need to communicate with each other but all need access to the same services.

Adding new locations: An expanding organization that needs to add additional global or domestic locations can leverage hub and spoke to connect new network locations to the main system without the need for multiple connections.

Cost savings: Apart from having fewer connections than mesh that can save costs in the cloud, hub and spoke can also be used to centralize services such as DNS and NAT to be managed in one location rather than having to individually deploy in each network. This can bring down management efforts and costs considerably.

Centralized security: Enterprises can deploy a center of excellence on the hub for security, and the spokes connected to it can leverage a higher level of security and increase resilience. It will also be easier to control and manage network policies and networking resources from the hub.

Network management: Since each spoke is peered only once to the hub, detecting connectivity problems or other network issues is made simpler in hub and spoke than on mesh. A network manager deployed on the cloud can give access to network problems faster than on other topologies.

Hub and spoke – mesh hybrid

The advantages of using a hub and spoke model far exceed those of using a mesh topology in the cloud and go to show why most organizations ultimately end up using the hub and spoke as their networking strategy.

However, organizations, especially large ones, are complex entities, and choosing only one model may not serve all business needs. In such cases, a hybrid approach may be the best strategy. The following slides will demonstrate the advantages and use cases for mesh, however limited they might be.

Where it can be useful:

An organization can have multiple network topologies where system X is a mesh and system Y is a hub and spoke. A shared system Z can be a part of both systems depending on the needs.

An organization can have multiple networks interconnected in a mesh and some of the networks in the mesh can be a hub for a hub-spoke network. For example, a business unit that works on data analysis can deploy their services in a spoke that is connected to a central hub that can host shared services such as Active Directory or NAT. The central hub can then be connected to a regional on-prem network where data and other shared services can be hosted.

Hub and spoke – mesh hybrid network on AWS

Why mesh can still be useful

Designing for governance vs. flexibility in hub and spoke

Governance and flexibility in managing resources in the cloud are inversely proportional: The higher the governance, the less freedom you have to innovate.

The complexities of designing an organization's networks grow with the organization as it becomes global and takes on more services and lines of business. Organizations that choose to deploy the hub and spoke model face a dilemma in choosing between governance and flexibility for their networks. Organizations need to find that sweet spot to find the right balance between how much they want to govern their systems, mainly for security- and cost-monitoring, and how much flexibility they want to provide for innovation and other operations, since the two usually tend to have an inverse relationship.

This decision in hub and spoke usually means that the domains chosen for higher governance must be placed in the hub network, and the domains that need more flexibility in a spoke. The key variables in the following slide will help determine the placement of the domain and will depend entirely on the organization's context.

The two networking patterns in the cloud have layered complexities that need to be systematically addressed.

Designing for governance vs. flexibility in hub and spoke

If a network has more flexibility in all or most of these domains, it may be a good candidate for a spoke-heavy design; otherwise, it may be better designed in a hub-centric pattern.

• Function: The function the domain network is assigned to and the autonomy the function needs to be successful. For example, software R&D usually requires high flexibility to be successful.
• Regulations: The extent of independence from both internal and external regulatory constraints the domain has. For example, a treasury reporting domain typically has high internal and external regulations to adhere to.
• Human resources: The freedom a domain has to hire and manage its resources to perform its function. For example, production facilities in a huge organization have the freedom to manage their own resources.
• Operations: The freedom a domain has to control its operations and manage its own spending to perform its functions. For example, governments usually have different departments and agencies, each with its own budget to perform its functions.
• Technology: The independence and the ability a domain has to manage its selection and implementation of technology resources in the cloud. For example, you may not want a software testing team to have complete autonomy to deploy resources.

Optimal placement of services between the hub and spoke

Shared services and vendor management

Resources that are shared between multiple projects or departments or even by the entire organization should be hosted on the hub network to simplify sharing these services. For example, e-learning applications that may be used by multiple business units to train their teams, Active Directory accessed by most teams, or even SAAS platforms such as O365 and Salesforce can leverage buying power and drive down the costs for the organization. Shared services should also be standardized across the organization and for that, it needs to have high governance.

Services that are an individual need for a network and have no preexisting relationship with other networks or buying power and scale can be hosted in a spoke network. For example, specialized accounting software used exclusively by the accounting team or design software used by a single team. Although the services are still a part of the wider network, it helps separate duties from the shared services network and provides flexibility to the teams to customize and manage their services to suit their individual needs.

Network egress and interaction

Network connections, be they in the cloud or hybrid-cloud, are used by everyone to either connect to the internet, access cloud services, or access the organization's data center. Since this is a shared service, a centralized networking account must be placed in the hub for greater governance. Interactions between the spokes in a hub and spoke model happens through the hub, and providing internet access to the spokes through the hub can help leverage cost benefits in the cloud. The network account will perform routing duties between the spokes, on-prem assets, and egress out to the internet.

For example, NAT gateways in the cloud that are managed services are usually charged by the hour, and deploying NAT on each spoke can be harder to manage and expensive to maintain. A NAT gateway deployed in a central networking hub can be accessed by all spokes, so centralizing it is a great option.

Note that, in some cases, when using edge locations for data transfers, it may be cost effective to deploy a NAT in the spoke, but such cases usually do not apply to most organizational units.

A centralized network hub can also be useful to configure network policies and network resources while organizational departments can configure non-network resources, which helps separate responsibilities for all the spokes in the system. For example, subnets and routes can be controlled from the central network hub to ensure standardized network policies across the network.

Security

While there needs to be security in the hub and the spokes individually, finding the balance of operation can make the systems more robust. Hub and spoke design can be an effective tool for security when a principal security hub is hosted in the hub network. The central security hub can collect data from the spokes as well as non-spoke sources such as regulatory bodies and threat intelligence providers, and then share the information with the spokes.

Threat information sharing is a major benefit of using this design, and the hub can take actions to analyze and enrich the data before sharing it with spokes. Shared services such as threat intelligence platforms (TIP) can also benefit from being centralized when stationed in the hub. A collective defense approach between the hub and spoke can be very successful in addressing sophisticated threats.

Compliance and regulatory requirements such as HIPAA can also be placed in the hub, and the spokes connected to it can make use of it instead of having to deploy it in each spoke individually.

Cloud metering

The governance vs. flexibility paradigm usually decides the placement of cloud metering, i.e. if the organization wants higher control over cloud costs, it should be in the central hub, whereas if it prioritizes innovation, the spokes should be allowed to control it. Regardless of the placement of the domain, the costs can be monitored from the central hub using cloud-native monitoring tools such as Azure Monitor or any third-party software deployed in the hub.

For ease of governance and since resources are usually shared at a project level, most cloud service providers suggest that an individual metering service be placed in the spokes. The centralized billing system of the organization, however, can make use of scale and reserved instances to drive down the costs that the spokes can take advantage of. For example, billing and access control resources are placed in the lower levels in GCP to enable users to set up projects and perform their tasks. These billing systems in the lower levels are then controlled by a centralized billing system to decide who pays for the resources provisioned.

Don't get stuck with your on-prem network design. Design for the cloud.

1. Peering VPCs into a mesh design can be an easy way to get onto the cloud, but it should not be your networking strategy for the long run.
2. Hub and spoke network design offers more benefits than any other network strategy to be adopted only when the need arises. Plan for the design early on and keep a strategy in place to deploy it as early as possible.
3. Hybrid of mesh and hub and spoke will be very useful in connecting multiple large networks especially when they need to access the same resources without having to route the traffic over the internet.
4. Governance vs. flexibility should be a key consideration when designing for hub and spoke to leverage the best out of your infrastructure.
5. Distribute domains across the hub or spokes to leverage costs, security, data collection, and economies of scale, and to foster secure interactions between networks.

Cloud network design strategy

Bibliography

Borschel, Brett. "Azure Hub Spoke Virtual Network Design Best Practices." Acendri Solutions, 13 Jan. 2022. Web.
Singh, Garvit. "Amazon Virtual Private Cloud Connectivity Options." AWS, January 2018. Web.
"What Is the Hub and Spoke Information Sharing Model?" Cyware, 16 Aug. 2021. Web.
Youseff, Lamia. "Mesh and Hub-and-Spoke Networks on Azure." Microsoft, Dec. 2017. Web.

2022 Tech Trends

Enabling the digital economy

Supporting the CEO for growth

The post-pandemic pace of change

The disruptions to the way we work caused by the pandemic haven’t bounced back to normal.

As part of its research process for the 2022 Tech Trends Report, Info-Tech Research Group conducted an open online survey among its membership and wider community of professionals. The survey was fielded from August 2021 through to September 2021, collecting 475 responses. We asked some of the same questions as last year’s survey so we can compare results as well as new questions to explore new trends.

How much do you expect your organization to change permanently compared to how it was operating before the pandemic?

• 7% – No change. We'll keep doing business as we always have.
• 33% – A bit of change. Some ways of working will shift long term
• 47% – A lot of change. The way we work will be differ in many ways long term. But our business remains...
• 13% – Transformative change. Our fundamental business will be different and we'll be working in new ways.

This year, about half of IT professionals expect a lot of change to the way we work and 13% expect a transformative change with a fundamental shift in their business. Last year, the same percentage expected a lot of change and only 10% expected transformative change.

30% more professionals expect transformative permanent change compared to one year ago.

47% of professionals expect a lot of permanent change; this remains the same as last year. (Info-Tech Tech Trends 2022 Survey)

The pandemic accelerated the speed of digital transformation

With the massive disruption preventing people from gathering, businesses shifted to digital interactions with customers.

Companies also accelerated the pace of creating digital or digitally enhanced products and services.

“The Digital Economy incorporates all economic activity reliant on or significantly enhanced by the use of digital inputs, including digital technologies, digital infrastructure, digital services and data.” (OECD Definition)

IT must enable participation in the digital economy

Consumer spending is tilting more digital.

Consumers have cut back spending on sectors where purchases are mostly made offline. That spending has shifted to digital services and online purchases. New habits formed during the pandemic are likely to stick for many consumers, with a continued shift to online consumption for many sectors.

Purchases on online platforms are projected to rise from 10% today to 33% by 2030.

Estimated online share of consumption

Changing customer expectations pose a risk.

IT practitioners agree that customer expectations are changing. They expect this to be more likely to disrupt their business in the next 12 months than new competition, cybersecurity incidents, or government-enacted policy changes.

Factors likely to disrupt business in next 12 months

This poses a challenge to IT departments below the “expand” level of maturity

CIOs must climb the maturity ladder to help CEOs drive growth.

Most IT departments rated their maturity in the “optimize” or “support” level on Info-Tech’s maturity ladder.

CIOs at the “optimize” level can play a role in digital transformation by improving back-office processes but should aim for a higher mandate.

CIOs achieving at the “expand” level can help directly improve revenues by improving customer-facing products and services, and those at the “transform” level can help fundamentally change the business to create revenue in new ways. CIOs can climb the maturity ladder by enabling new digital capabilities.

Maturity is heading in the wrong direction.

Only half of IT practitioners described their department’s maturity as “transform” compared to last year’s survey, and more than twice the number rated themselves as “struggle.”

48% rate their IT departments as low maturity.

Improve maturity by focusing on key capabilities to compete in the digital economy

Capabilities to unlock digital

Innovation: Identify innovation opportunities and plan how to use technology innovation to create a competitive advantage or achieve improved operational effectiveness and efficiency.

Human Resources Management: Provide a structured approach to ensure optimal planning, evaluation, and development of human resources.

Data Architecture: Manage the business’ data stores, including technology, governance, and people that manage them. Establish guidelines for the effective use of data.

Security Strategy: Define, operate, and monitor a system for information security management. Keep the impact and occurrence of information security incidents within risk appetite levels.

Business Process Controls and Internal Audit: Manage business process controls such as self-assessments and independent assurance reviews to ensure information related to and used by business processes meets security and integrity requirements. (ISACA, 2020)

5 Tech Trends for 2022

In this report, we explore five use cases for emerging technology that can improve on capabilities needed to compete in the digital economy. Use cases combine emerging technologies with new processes and strategic planning.

DIGITAL ECONOMY

TREND 01 | Human Resources Management

HYBRID COLLABORATION
Provide a digital employee experience that is flexible, contextual, and free from the friction of hybrid operating models.

TREND 02 | Security Strategy

BATTLE AGAINST RANSOMWARE
Prevent ransomware infections and create a response plan for a worst-case scenario. Collaborate with relevant external partners to access resources and mitigate risks.

TREND 03 | Business Process Controls and Internal Audit

CARBON METRICS IN ENERGY 4.0
Use internet of things (IoT) and auditable tracking to provide insight into business process implications for greenhouse gas emissions.

TREND 04 | Data Architecture

INTANGIBLE VALUE CREATION
Provide governance around digital marketplace and manage implications of digital currency. Use blockchain technology to turn unique intellectual property into saleable digital products

TREND 05 | Innovation

AUTOMATION AS A SERVICE
Automate business processes and access new sophisticated technology services through platform integration.

Hybrid Collaboration

TREND 01 | HUMAN RESOURCES MANAGEMENT

Provide a digital employee experience that is flexible, contextual, and free from the friction of hybrid operating models.

Emerging technologies:
Intelligent conference rooms; intelligent workflows, platforms

Introduction

Hybrid work models enable productive, diverse, and inclusive talent ecosystems necessary for the digital economy.

Hybrid work models have become the default post-pandemic work approach as most knowledge workers prefer the flexibility to choose whether to work remotely or come into the office. CIOs have an opportunity lead hybrid work by facilitating collaboration between employees mixed between meeting at the office and virtually.

IT departments rose to the challenge to quickly facilitate an all-remote work scenario for their organizations at the outset of the pandemic. Now they must adapt again to facilitate the hybrid work model, which brings new friction to collaboration but also new opportunities to hire a talented, engaged, and diverse workforce.

79% of organizations will have a mix of workers in the office and at home. (Info-Tech Tech Trends 2022 Survey)

35% view role type as a determining factor in the feasibility of the hybrid work model.

Return-to-the-office tensions

Only 18% of employees want to return to the office full-time.

But 70% of employers want people back in the office. (CNBC, April 2021)

Signals

IT delivers the systems needed to make the hybrid operating model a success.

IT has an opportunity to lead by defining the hybrid operating model through technology that enables collaboration. To foster collaboration, companies plan to invest in the same sort of tools that helped them cope during the pandemic.

As 79% of organizations envision a hybrid model going forward, investments into hybrid work tech stacks – including web conferencing tools, document collaboration tools, and team workspaces – are expected to continue into 2022.

Plans for future investment in collaboration technologies

Drivers

COVID-19

Vaccination rates around the world are rising and allowing more offices to welcome back workers because the risk of COVID-19 transmission is reduced and jurisdictions are lifting restrictions limiting gatherings.

Worker satisfaction

Most workers don't want to go to the office full-time. In a Bloomberg poll (2021), almost half of millennial and Gen Z workers say they would quit their job if not given an option to work remotely.

IT spending

Companies are investing more into IT budgets to find ways to support a mix of remote work and in-office resources to cope with work disruption. This extra spending is offset in some cases by companies saving money from having employees work from home some portion of the time. (CIO Dive, 2021)

Risks and Benefits

Benefits

Risks

“We have to be careful what we automate. Do we want to automate waste? If a company is accustomed to having a ton of meetings and their mode in the new world is to move that online, what are you going to do? You're going to end up with a lot of fatigue and disenchantment…. You have to rethink your methods before you think about the automation part of it." (Vijay Sundaram, Chief Strategy Officer, Zoho)

Listen to the Tech Insights podcast: Unique approach to hybrid collaboration

Case Study: Zoho

Situation

Zoho Corp. is a cloud software firm based in Chennai, India. It develops a wide range of cloud software, including enterprise collaboration software and productivity tools. Over the past decade, Zoho has used flexible work models to grant remote work options to some employees.

When the coronavirus pandemic hit, not only did the office have to shut down but also many employees had to relocate back with families in rural areas. The human costs of the pandemic experienced by staff required Zoho to respond by offering counseling services and material support to employees.

Complication

Zoho prides itself as an employee-centric company and views its culture as a community that's purpose goes beyond work. That sense of community was lost because of the disruption caused by the pandemic. Employees lost their social context and their work role models. Zoho had to find a way to recreate that without the central hub of the office or find a way to work with the limitations of it not being possible.

Resolution

To support employees in rural settings, Zoho sent out phones to provide redundant bandwidth. As lockdowns in India end, Zoho is taking a flexible approach and giving employees the option to come to the office. It's seeing more people come back each week, drawn by the strong community.

Zoho supports the hybrid mix of workers by balancing synchronous and asynchronous collaboration. It holds meetings when absolutely necessary through tools like Zoho Meet but tries to keep more work context to asynchronous collaboration that allows people to complete tasks quickly and move on. Its applications are connected to a common platform that is designed to facilitate workflows between employees with context and intelligence. (Interview with Vijay Sundaram, Chief Strategy Officer, Zoho)

“We tend to think of it on a continuum of synchronous to asynchronous work collaboration. It’s become the paramount norm for so many different reasons…the point is people are going to work at different times in different locations. So how do we enable experiences where everyone can participate?" (Jason Brommet, Head of Modern Work and Security Business Group at Microsoft)

Listen to the Tech Insights podcast: Microsoft on the ‘paradox of hybrid work’

Case Study: Microsoft

Situation

Before the pandemic, only 18% of Microsoft employees were working remotely. As of April 1, 2020, they were joined by the other 82% of non-essential workers at the company in working remotely.

As with its own customers, Microsoft used its own software to enable this new work experience, including Microsoft Teams for web conferencing and instant messaging and Office 365 for document collaboration. Employees proved just as productive getting their work done from home as they were working in the office.

Complication

At Microsoft, the effects of firm-wide remote work changed the collaboration patterns of the company. Even though a portion of the company was working remotely before the pandemic, the effects of everyone working remotely were different. Employees collaborated in a more static and siloed way, focusing on scheduled meetings with existing relationships. Fewer connections were made with more disparate parts of the organization. There was also a decrease in synchronous communication and an increase in asynchronous communication.

Resolution

Microsoft is creating new tools to break down the silos in organizations that are grappling with hybrid work challenges. For example, Viva Insights is designed to inform workers about their collaboration habits with analytics. Microsoft wants to provide workers with insights on their collaborative networks and whether they are creating new connections or deepening existing connections. (Interview with Jason Brommet, Head of Modern Work and Security Business Group, Microsoft; Nature Human Behaviour, 2021)

What's Next?

Distributed collaboration space:

International Workplace Group says that more companies are taking advantage of its full network deals on coworking spaces. Companies such as Standard Charter are looking to provide their workers with a happy compromise between working from home and making the commute all the way to the central office. The hub-and-spoke model gives employees the opportunity to work near home and looks to be part of the hybrid operating model mix for many companies. (Interview with Wayne Berger, CEO of IWG Canada & Latin America)

Optimized hybrid meetings:

Facilitating hybrid meetings between employees grouped in the office and remote workers will be a major pain point. New hybrid meeting solutions will provide cameras embedded with intelligence to put boardroom participants into independent video streams. They will also focus on making connecting to the same meeting from various locations as convenient as possible and capture clear and crisp audio from each speaker.

Uncertainties

Mix between office and remote work:

It's clear we're not going to work the way we used to previously with central work hubs, but full-on remote work isn't the right path forward either. A new hybrid work model is emerging, and organizations are experimenting to find the right approach.

Attrition:

Between April and September 2021, 15 million US workers quit their jobs, setting a record pace. Employees seek a renewed sense of purpose in their work, and many won’t accept mandates to go back to the office. (McKinsey, 2021)

Equal footing in meetings:

What are the new best practices for conducting an effective meeting between employees in the office and those who are remote? Some companies ask each employee to connect via a laptop. Others are using conference rooms with tech to group in-office workers together and connect them with remote workers.

Hybrid Collaboration Scenarios

Organizations can plan their response to the hybrid work context by plotting their circumstances across two continuums: synchronous to asynchronous collaboration approach and remote work to central hub work model.

Recommendations

Rethink technology solutions. Don't expect your pre-pandemic videoconference rooms to suffice. And consider how to optimize your facilities and infrastructure for hot-desking scenarios.

Optimize remote work. Shift from the collaboration approach you put together just to get by to the program you'll use to maximize flexibility.

Enable effective collaboration. Enable knowledge sharing no matter where and when your employees work and choose the best collaboration software solutions for your scenario.

Run better meetings. Successful hybrid workplace plans must include planning around hybrid meetings. Seamless hybrid meetings are the result of thoughtful planning and documented best practices.

89% of organizations invested in web conferencing technology to facilitate better collaboration, but only 43% invested in office meeting room solutions. (Info-Tech Tech Trends 2022 Survey)

Info-Tech Resources

• Rethink Technology Solutions
• Optimize Remote Work
• Enable Effective Collaboration
• Run Better Meetings

Battle Against Ransomware

TREND 02 | SECURITY STRATEGY

Prevent ransomware infections and create a response plan for a worst-case scenario. Collaborate with relevant external partners to access resources and mitigate risks.

Emerging technologies:
Open source intelligence; AI-powered threat detection

“It has been a national crisis for some time…. For every [breach] that hits the news there are hundreds that never make it.” (Steve Orrin, Federal Chief Technology Officer, Intel)

Listen to the Tech Insights podcast: Ransomware crisis and AI in military

Introduction

Between 2019 and 2020, ransomware attacks rose by 62% worldwide and by 158% in North America. (PBS NewsHour, 2021)

Security strategies are crucial for companies to control access to their digital assets and confidential data, providing it only to the right people at the right time. Now security strategies must adapt to a new caliber of threat in ransomware to avoid operational disruption and reputational damage.

In 2021, ransomware attacks exploiting flaws in widely used software from vendors Kaseya, SolarWinds, and Microsoft affected many companies and saw record-breaking ransomware payments made to state-sponsored cybercriminal groups.

After a ransomware attack caused Colonial Pipeline to shut down its pipeline operations across the US, the ransomware issue became a topic of federal attention with executives brought before Senate committees. A presidential task force to combat ransomware was formed.

62% of IT professionals say they are more concerned about being a victim of ransomware than they were one year ago. (Info-Tech Tech Trends 2022 Survey)

$70 million demanded by REvil gang in ransom to unlock firms affected by the Kaseya breach. (TechRadar, 2021)

Signals

Organizations are taking a multi-faceted approach to preparing for the event of a ransomware breach.

The most popular methods to prepare for ransomware are to buy an insurance policy or create offline backups and redundant systems. Few are making an effort to be aware of free decryption tools, and only 2% admit to budgeting to pay ransoms.

44% of IT professionals say they spent time and money specifically to prevent ransomware over the past year. (Info-Tech Tech Trends 2022 Survey)

Approaches to prepare for ransomware

(Info-Tech Tech Trends 2022 Survey)

Drivers

National security concerns

Attacks on US infrastructure and government agencies have prompted the White House to treat ransomware as a matter of national security. The government stance is that Russia supports the attacks. The US is establishing new mechanisms to address the threat. Plans include new funding to support ransomware response, a mandate for organizations to report incidents, and requirements for organizations to consider the alternatives before paying a ransom. (Institute for Security and Technology, 2021)

Advice from cybersecurity insurance providers

Increases in ransom payouts have caused cybersecurity insurance providers to raise premiums and put in place more security requirements for policyholders to try and prevent ransomware infection. However, when clients are hit with ransomware, insurance providers advise to pay the ransom as it's usually the cheapest option. (ProPublica, 2019)

Reputational damage

Ransomware attacks also often include a data breach event with hackers exfiltrating the data before encrypting it. Admitting a breach to customers can seriously damage an organization's reputation as trustworthy. Organizations may also be obligated to pay for credit protection of their customers. (Interview with Frank Trovato, Research Director – Infrastructure, Info-Tech Research Group)

Risks and Benefits

Benefits

Risks

Case Study: Victim to ransomware

Situation

In February 2020, a large organization found a ransomware note on an admin’s workstation. They had downloaded a local copy of the organization’s identity management database for testing and left a port open on their workstation. Hackers exfiltrated it and encrypted the data on the workstation. They demanded a ransom payment to decrypt the data.

Complication

Because private information of employees and customers was breached, the organization decided to voluntarily inform the state-level regulator. With 250,000 accounts affected, plans were made to require password changes en masse. A public announcement was made two days after the breach to ensure that everyone affected could be reached.

The organization decided not to pay the ransom because it didn’t need the data back, since it had a copy on an unaffected server.

Resolution

After a one-day news cycle for the breach, the story about the ransom was over. The organization also received praise for handling the situation well and quickly informing stakeholders.

The breach motivated the organization to put more protections in place. It implemented a deny-by-default network and turned off remote desktop protocol and secure shell. It mandated multi-factor authentication and put in a new endpoint-detection and response system. (Interview with CIO of large enterprise)

What's Next

AI for cybersecurity:

New endpoint protections using AI are being deployed to help defend against ransomware and other cybersecurity intrusions. The solutions focus on the prevention and detection of ransomware by learning about the expected behavior of an environment and then detecting anomalies that could be attack attempts. This type of approach can be applied to everything from reading the contents of an email to helping employees detect phishing attempts to lightweight endpoint protection deployed to an Internet of Things device to detect an unusual connection attempt.

Unfortunately, AI is a tool available to both the cybersecurity industry and hackers. Examples of hackers tampering with cybersecurity AI to bypass it have already surfaced. (Forbes, 23 Sept. 2021)

Uncertainties

Government response:

In the US, the Ransomware Task Force has made recommendations to the government but it's not clear whether all of them will be followed. Other countries such as Russia are reported to be at least tolerating ransomware operations if not supporting them directly with resources.

Supply chain security:

Sophisticated attacks using zero-day exploits in widely used software show that organizations simply can't account for every potential vulnerability.

Arms escalation:

The ransomware-as-a-service industry is doing good business and finding new ways to evade detection by cybersecurity vendors. New detection techniques involving AI are being introduced by vendors, but will it just be another step in the back-and-forth game of one-upmanship? (Interview with Frank Trovato)

Battle Against Ransomware Scenarios

Determine your organization’s threat profile for ransomware by plotting two variables: the investment made in cybersecurity and the sophistication level of attacks that you should be prepared to guard against.

Recommendations

Create a ransomware incident response plan. Assess your current security practices and identify gaps. Quantify your ransomware risk to prioritize investments and run tabletop planning exercises for ransomware attacks.

Reduce your exposure to ransomware. Focus on securing the frontlines by improving phishing awareness among staff and deploying AI tools to help flag attacks. Use multi-factor authentication. Take a zero-trust approach and review your use of RDP, SSH, and VPN.

Require security in contracts. Security must be built into vendor contracts. Government contracts are now doing this, elevating security to the same level as functionality and support features. This puts money incentives behind improving security. (Interview with Intel Federal CTO Steve Orrin)

42% of IT practitioners feel employees must do much more to help defend against ransomware. (Info-Tech Tech Trends 2022 Survey)

Info-Tech Resources

• Create a Ransomware Incident Response Plan
• Defend Against the Evolving Threat of Ransomware

Carbon Metrics in Energy 4.0

TREND 03 | BUSINESS PROCESS CONTROLS AND INTERNAL AUDIT

Use Internet of Things (IoT) and auditable tracking to provide insight into business process implications for greenhouse gas emissions.

Emerging technologies:
IoT

Introduction

Making progress towards a carbon-neutral future.

A landmark report published in 2021 by the United Nations Intergovernmental Panel on Climate Change underlines that human actions can still determine the future course of climate change. The report calls on governments, individuals, and organizations to stop putting new greenhouse gas emissions into the atmosphere no later than 2050, and to be at the halfway point to achieving that by 2030.

With calls to action becoming more urgent, organizations are making plans to reduce the use of fossil fuels, move to renewable energy sources, and reduce consumption that causes more emissions downstream. As both voluntary and mandatory regulatory requirements task organizations with reducing emissions, they will first be challenged to accurately measure the size of their footprint.

CIOs in organizations are well positioned to make conscious decisions to both influence how technology choices impact carbon emissions and implement effective tracking of emissions across the entire enterprise.

Canada’s CIO strategy council is calling on organizations to sign a “sustainable IT pledge” to cut emissions from IT operations and supply chain and to measure and disclose emissions annually. (CIO Strategy Council, Sustainable IT Pledge)

SCOPE 3 – Indirect Consumption

• Goods and services
• Fuel, travel, distribution
• Waste, investments, leased assets, employee activity

SCOPE 2 – Indirect Energy

• Electricity
• Heat and cooling

SCOPE 1 – Direct

• Facilities
• Vehicles

Signals

Emissions tracking requires a larger scope.

About two-thirds of organizations have a commitment to reduce greenhouse gas emissions. When asked about what tactics they use to reduce emissions, the most popular options affect either scope 1 emissions (retiring older IT equipment) or scope 2 emissions (using renewable energy sources). Fewer are using tactics that would measure scope 3 emissions such as using IoT to track or using software or AI.

68% of organizations say they have a commitment to reduce greenhouse gas emissions. (Info-Tech Tech Trends 2022 Survey)

Approaches to reducing carbon emissions

(Info-Tech Tech Trends 2022 Survey)

Drivers

Investor pressure

The world’s largest asset manager, at $7 trillion in investments, says it will move away from investing in firms that are not aligned to the Paris Agreement. (The New York Times, 2020)

Compliance tipping point

International charity CDP has been collecting environmental disclosure from organizations since 2002. In 2020, more than 9,600 of the world’s largest companies – representing over 50% of global market value – took part. (CDP, 2021)

International law

In 2021, six countries have net-zero emissions policies in law, six have proposed legislations, and 20 have policy documents. (Energy & Climate Intelligence Unit, 2021)

Employee satisfaction

In 2019, thousands of workers walked out of offices of Amazon, Google, Twitter, and Microsoft to demand their employers do more to reduce carbon emissions. (NBC News, 2021)

High influence factors for carbon reduction

• 25% – New government laws or policies
• 9% – External social pressures
• 9% – Pressure from investors
• 8% – International climate compliance efforts
• 7% – Employee satisfaction

(Info-Tech Tech Trends 2022 Survey)

Risks and Benefits

Benefits

Risks

“When you can take technology and embed that into management change decisions that impact the environment, you can essentially guarantee that [greenhouse gas] offset. Companies that are looking to reduce their emissions can buy those offsets and it creates value for everybody.” (Wade Barnes, CEO and founder of Farmers Edge)

Listen to the Tech Insights podcast: The future of farming is digital

Case Study

Situation

The Alberta Technology Innovation and Emissions Reduction Regulation is Alberta’s approach to reduce emissions from large industrial emitters. It prices GHG and provides a trading system.

No-till farming and nitrogen management techniques sequester up to 0.3 metric tons of GHG per year.

Complication

Farmers Edge offers farmers a digital platform that includes IoT and a unified data warehouse. It can turn farm records into digital environmental assets, which are aggregated and sold to emitters.

Real-time data from connected vehicles, connected sensors, and other various inputs can be verified by third-party auditors.

Resolution

Farmers Edge sold aggregated carbon offsets to Alberta power producer Capital Power to help it meet regulatory compliance.

Farmers Edge is expanding its platform to include farmers in other provinces and in the US, providing them opportunity to earn revenue via its Smart Carbon program.

The firm is working to meet standards outlined by the U.S. Department of Agriculture’s Natural Resources Conservation Service. (Interview with Wade Barnes, CEO, Farmers Edge)

What's Next

Global standards:

The International Sustainability Standards Board (ISSB) has been formed by the International Financial Reporting Standards Foundation and will have its headquarters location announced in November at a United Nations conference. The body is already governing a set of global standards that have a roadmap for development through 2023 through open consultation. The standards are expected to bring together the multiple frameworks for sustainability standards and offer one global set of standards. (Business Council of Canada, 2021)

CIOs take charge:

The CIO is well positioned to take the lead role on corporate sustainability initiatives, including measuring and reducing an organization’s carbon footprint (or perhaps even monetizing carbon credits for an organization that is a negative emitter). CIOs can use their position as facilities managers and cross-functional process owners and mandate to reduce waste and inefficiency to take accountability for this important role. CIOs will expand their roles to deliver transparent and auditable reporting on environmental, social, and governance (ESG) goals for the enterprise.

Uncertainties

International resolve:

Fighting the climate crisis will require governments and private sector collaboration from around the world to commit to creating new economic structures to discourage greenhouse gas emissions and incentivize long-term sustainable thinking. If some countries or private sector forces continue to prioritize short-term gains over sustainability, the U.N.’s goals won’t be achieved and the human costs as a result of climate change will become more profound.

Cap-and-trade markets:

Markets where carbon credits are sold to emitters are organized by various jurisdictions around the world and have different incentive structures. Some are created by governments and others are voluntary markets created by industry. This type of organization for these markets limits their size and makes it hard to scale the impact. Organizations looking to sell carbon credits at volume face the friction of having to navigate different compliance rules for each market they want to participate in.

Carbon Metrics in Energy 4.0 Scenarios

Determine your organization’s approach to measuring carbon dioxide and other greenhouse gas emissions by considering whether your organization is likely to be a high emitter or a carbon sink. Also consider your capability to measure and report on your carbon footprint.

Recommendations

Measure the whole footprint. Devise a plan to measure scope 1, 2, and 3 greenhouse gas emissions at a level that is auditable by a third party.

Gauge the impact of Industry 4.0. New technologies in Industry 4.0 include IoT, additive manufacturing, and advanced analytics. Make sustainability a core part of your focus as you plan out how these technologies will integrate with your business.

Commit to net zero. Make a clear commitment to achieve net-zero emissions by a specific date as part of your organization’s core strategy. Take a continuous improvement approach to make progress towards the goal with measurable results.

New laws from governments will have the highest degree of influence on an organization’s decision to reduce emissions. (Info-Tech Tech Trends 2022 Survey)

Info-Tech Resources

• Durable Goods Manufacturing Industry 4.0 Report
• Getting to Zero
• Green IT Is Now a Key Component of Sustainability and Competitiveness

Intangible Value Creation

TREND 04 | DATA ARCHITECTURE

Use blockchain technology to turn unique intellectual property into saleable digital products. Provide governance around marketplaces where sales are made.

Emerging technologies:
Blockchain, Distributed Ledger Technology, Virtual Environments

Introduction

Decentralized technologies are propelling the digital economy.

As the COVID-19 pandemic has accelerated our shift into virtual social and economic systems, blockchain technology poses a new technological frontier – further disrupting digital interactions and value creation by providing a modification of data without relying on third parties. New blockchain software developments are being used to redefine how central banks distribute currency and to track provenance for scarce digital assets.

Tokenizing the blockchain

Non-fungible tokens (NFTs) are distinct cryptographic tokens created from blockchain technology. The rarity systems in NFTs are redefining digital ownership and being used to drive creator-centric communities.

Not crypto-currency, central currency

Central Bank Digital Currencies (CBDC) combine the same architecture of cryptocurrencies built on blockchain with the financial authority of a central bank. These currencies are not decentralized because they are controlled by a central authority, rather they are distributed systems. (Decrypt, 2021)

80% of banks are working on a digital currency. (Atlantic Council, 2021)

Brands that launched NFTs

NBA, NFL, Formula 1, Nike, Stella Artois, Coca-Cola, Mattel, Dolce & Gabbana, Ubisoft, Charmin

Banks that launched digital currencies

The Bahamas, Saint Kitts and Nevis, Antigua and Barbuda, Saint Lucia, Grenada

Signals

ID on the blockchain

Blockchains can contain smart contracts that automatically execute given specific conditions, protecting stakeholders involved in a transaction. These have been used by central banks to automate when and how currency can be spent and by NFT platforms to attribute a unique identity to a digital asset. Automation and identity verification are the most highly valued digital capabilities of IT practitioners.

$69.3 million – The world’s most expensive NFT artwork sale, for Beeple’s “Everydays: The First 5,000 Days” (The New York Times, Mar. 2021)

Digital capabilities that provide high value to the organization

(Info-Tech Tech Trends 2022 Survey)

Drivers

Financial autonomy

Central banks view cryptocurrencies as "working against the public good" and want to maintain control over their financial system to maintain the integrity of payments and provide financial crime oversight and protections against money laundering. (Board of Governors of the Federal Reserve System, 2021)

Bitcoin energy requirements and greenhouse gas emissions

Annual energy consumption of the Bitcoin blockchain in China is estimated to peak in 2024 at 297 TwH and generate 130.5 million metric tons of carbon emissions. That would exceed the annual GHG of the Czech Republic and Qatar and rank in the top 10 among 182 cities and 42 industrial sectors in China. This is motiving cryptocurrency developers and central banks to move away from the energy-intensive "Proof of Work" mining approach and towards the "Proof of Stake" approach. (Nature Communications, 2021)

Digital communities

During the pandemic, people spent more time exploring digital spaces and interacting in digital communities. Asset ownership within those communities is a way for individuals to show their own personal investment in the community and achieve a status that often comes with additional privileges. The digital assets can also be viewed as an investment vehicle or to gain access to exclusive experiences.

“The pillars of the music economy have always been based on three things that the artist has never had full control of. The idea of distribution is freed up. The way we are going to connect to fans in this direct to fan value prop is very interesting. The fact we can monetize it, and that money exchange, that transaction is immediate. And on a platform like S!NG we legitimately have a platform to community build…. Artists are getting a superpower.” (Raine Maida, Chief Product Officer, S!NG Singer, Our Lady Peace)

Listen to the Tech Insights podcast: Raine Maida's startup is an NFT app for music

Case Study

Situation

Artists can create works and distribute them to a wide audience more easily than ever with the internet. Publishing a drawing or a song to a website allows it to be infinitely copied. Creators can use social media accounts and digital advertisements to build up a fan base for their work and monetize it through sales or premium-access subscriber schemes.

Complication

The internet's capacity for frictionless distribution is a boon and a burden for artists at the same time. Protecting copyright in a digital environment is difficult because there is no way to track a song or a picture back to its creator. This devalues the work because it can be freely exchanged by users.

Resolution

S!NG allows creators to mint their works with a digital token that stamps its origin to the file and tracks provenance as it is reused and adapted into other works. It uses the ERC 721 standard on the Ethereum blockchain to create its NFT tokens. They are portable files that the user can create for free on the S!NG platform and are interoperable with other digital token platforms. This enables a collaboration utility by reducing friction in using other people's works while giving proper attribution. Musicians can create mix tracks using the samples of others’ work easily and benefit from a smart-contract-based revenue structure that returns money to creators when sales are made. (Interview with Geoff Osler and Raine Maida, S!NG Executives)

Risks and Benefits

Benefits

Risks

What's Next

Into the Metaverse:

Digital tokens are finding new utility in virtual environments known as the Metaverse. Decentraland is an example of a virtual reality environment that can be accessed via a web browser. Based on the Ethereum blockchain, it's seen sales of virtual land plots for hundreds of thousands of dollars. Sotheby's is one buyer, building a digital replica of its New Bond Street gallery in London, complete with commissionaire Hans Lomuldur in avatar form to greet visitors. The gallery will showcase and sell Sotheby's digital artworks. (Artnet News, 2021)

Bitcoin as legal tender:

El Salvador became the first country in the world to make Bitcoin legal tender in September 2021. The government intended for this to help citizens avoid remittance fees when receiving money sent from abroad and to provide a way for citizens without bank accounts to receive payments. Digital wallet Chivo launched with technical glitches and in October a loophole that allowed “price scalping” had to be removed to stop speculators from using the app to trade for profit. El Salvador’s experiment will influence whether other countries consider using Bitcoin as legal tender. (New Scientist, 2021)

Uncertainties

Stolen goods at the mint:

William Shatner complained that Twitter account @tokenizedtweets had taken his content without permission and minted tokens for sale. In doing so, he pointed out there’s no guarantee a minted digital asset is linked to the creator of the attached intellectual property.

Decentralized vs. distributed finance:

Will blockchain-based markets be controlled by a single platform operator or become truly open? For example, Dapper Labs centralizes the minting of NFTs on its Flow blockchain and controls sales through its markets. OpenSea allows NFTs minted elsewhere to be brought to the platform and sold.

Supply and demand:

Platforms need to improve the reliability of minting technology to create tokens in the future. Ethereum's network is facing more demand than it can keep up with and requires future upgrades to improve its efficiency. Other platforms that support minting tokens are also awaiting upgrades to be fully functional or have seen limited NFT projects launched on their platform.

Intangible Value Creation Scenarios

Determine your organization’s strategy by considering the different scenarios based on two main factors. The design decisions are made around whether digital assets are decentralized or distributed and whether the assets facilitate transactions or collections.

Recommendations

Determine your role in the digital asset ecosystem.

• Becoming a platform provider for digital tokens will require a minting capability to create blockchain-based assets and a marketplace for users to exchange them.
• Issuing digital tokens to a platform through a sale will require making partnerships and marketing.
• Investing in digital assets will require management of digital wallets and subject-matter expert analysis of the emerging markets.

Track the implications of digital currencies.

Track what your country’s central bank is planning for digital currency and determine if you’ll need to prepare to support it. Be informed about payment partner support for cryptocurrency and consider any complications that may introduce.

$1 billion+ – The amount of cryptocurrency spent by consumers globally through crypto-linked Visa cards in first half of 2021. (CNBC, July 2021)

Info-Tech Resources

• Demystify Blockchain: How Can It Bring Value to Your Organization?
• The Obvious Case: Blockchain in Financial Services
• Build a Platform-Based Organization

Automation as a Service

TREND 05 | INNOVATION

Automate business processes and access new sophisticated technology services through platform integration.

Emerging technologies:
Cloud platforms, APIs, Generative AI

Introduction

The glue for innovation

Rapidly constructing a business model that is ready to compete in a digital economy requires continuous innovation. Application programming interfaces (APIs) can accelerate innovation by unlocking marketplaces of ready-to-use solutions to business problems and automating manual tasks to make more time for creativity. APIs facilitate a microarchitecture approach and make it possible to call upon a new capability with a few lines of code. This is not a new tool, as the first API was specified in 1951, but there were significant advances of both scale and capability in this area in 2021.

In the past 18 months, API adoption has exploded and even industries previously considered as digital laggards are now integrating them to reinvent back-office processes. Technology platforms specializing in API management are attracting record-breaking investment. And sophisticated technology services such as artificial intelligence are being delivered by APIs.

APIs can play a role in every company’s digital strategy, from transforming back-office processes to creating revenue as part of a platform.

$500,000 was invested in API companies in 2016. (Forbes, May 2021)

$2,000,000,000+ was invested in API companies in 2020. (Forbes, May 2021)

69% of IT practitioners say digital transformation has been a high priority for their organization during the pandemic. (Info-Tech Tech Trends 2022 Survey)

51% of developers used more APIs in 2020 than in 2019. (InsideHPC, 2021)

71% of developers planned to use even more APIs in 2021. (InsideHPC, 2021)

Signals

IT practitioners indicate that digital transformation was a strong focus for their organization during the pandemic and will remain so during the period afterwards, and one-third say their organizations were “extremely focused” on digital transformation.

When it came to shifting processes from being done manually to being completed digitally, more than half of IT practitioners say they shifted at least 21% of their processes during the past year. More than one in five say that at least 60% of their processes were shifted from manual to digital in the past year.

3.5 trillion calls were performed on API management platform Apigee, representing a 50% increase year over year. (SiliconANGLE, 2021)

Processes shifted from manual to digital in the past year

Drivers

Covid-19

The pandemic lockdowns pushed everyone into a remote-work scenario. With in-person interaction not an option, even more traditional businesses had to adapt to digital processes.

Customer Expectations

The success of digital services in the consumer space is causing expectations to rise in other areas, such as professional services. Consumers now want their health records to be portable and they want to pay their lawyer through e-transfer, not by writing a cheque. (Interview with Mik Lernout)

Standardization

Technology laggard industries such as legal and healthcare are recognizing the pain of working with siloed systems. New standardization efforts are driving the adoption of open APIs at a rapid rate. (Interview with Jennifer Jones, Research Director – Industry, Info-Tech Research Group)

Risks and Benefits

Benefits

Risks

“When we think about what the pandemic did, we had this internal project called 'back to the future.' It kind of put the legal industry in a time machine and it kind of accelerated the legal industry 5, maybe even 10 years. A lot of the things we saw with the innovators became table stakes.” (Mik Lernout, Vice President of Product, Clio)

Listen to the Tech Insights podcast: Clio drives digital transformation to redefine the legal industry

Case Study

Situation

The COVID-19 pandemic required the legal industry to shift to remote work. A typically change-resistant industry was now holding court hearings over videoconference, taking online payments, and collecting e-signatures on contracts. For Clio, a software-as-a-service software vendor that serves the legal industry, its client base grew and its usage increased. It previously focused on the innovators in the legal industry, but now it noticed laggards were going digital too.

Complication

Law firms have very different needs depending on their legal practice area (e.g. family law, corporate law, or personal injury) and what jurisdiction they operate in.

Clients are also demanding more from their lawyers in terms of service experience. They don't want to travel to the law office to drop off a check but expect digital interactions on par with service they receive in other areas.

Resolution

Since its inception, Clio built its software product so that all of its functions could be called upon by an API as well. It describes its platform as the "operating system for the legal industry." Its API functions include capabilities like managing activities, billing, and contracts. External developers can submit applications to the Clio Marketplace to add new functionality. Its platform approach enables it to find solutions for its 150,000+ users. During the pandemic, Clio saw its customers rely on its APIs more than ever before. It expects this accelerated adoption to be the way of working in the future. (ProgrammableWeb, 2021; Interview with Mik Lernout)

What's Next

GOOGLE’S API-FIRST APPROACH:

Google is expanding its Apigee API management platform so enterprises will be able to connect existing data and applications and access them via APIs. It's part of Google's API-first approach to digital transformation, helping enterprises with their integration challenges. The new release includes tools and a framework that's needed to integrate services in this way and includes pre-built connectors for common business apps and services such as Salesforce, Cloud SQL, MySQL, and BigQuery. (SiliconANGLE, 2021)

Uncertainties

API SECURITY:

APIs represent another potential vulnerability for hackers to exploit and the rise in popularity has come with more security incidents. Companies using APIs have leaked data through APIs, with one research report on the state of API security finding that 91% of organizations have suffered an API security incident. Yet more than a quarter of firms running production APIs don’t have an API security strategy. (VentureBeat, 2021)

For low IT maturity organizations moving onto platforms that introduce API capabilities, education is required about the consequences of creating more integrations. Platforms must bear some responsibility for monitoring for irregular activity. (Interview with Mik Lernout)

Automation as a Service Scenarios

Determine your organization’s platform strategy from the basis of your digital maturity – from that of a laggard to a native – and whether it involves monetized APIs vs. freely available public APIs. A strategy can include both the consumption of APIs and the creation of them.

Recommendations

Leverage APIs to connect your systems. Create a repeatable process to improve the quality, reusability, and governance of your web APIs.

Transform your business model with digital platforms. Use the best practices of digital native enterprises and leverage your core assets to compete in a digital economy.

Deliver sophisticated new capabilities with APIs. Develop an awareness of new services made available through API integration, such as artificial intelligence, and take advantage of them.

4.5 billion words per day generated by the OpenAI natural language API GPT-3, just nine months after launch. (OpenAI, 2021)

Info-Tech Resources

• Develop APIs That Work Properly for the Organization
• Build a Data Integration Strategy
• Design Data-as-a-Service

Behind the design

Inspiration provided by the golden ratio

The golden ratio has long fascinated humans for its common occurrence in nature and inspired artists who adopted its proportions as a guiding principle for their creations. A new discovery of the golden ratio in economic cycles was published in August 2021 by Bert de Groot, et al. As the boundaries of value creation blur between physical and digital and the pace of change accelerates, these digital innovations may change our lives in many ways. But they are still bound by the context of the structure of the economy. Hear more about this surprising finding from de Groot and from this report’s designer by listening to our podcast. (Technological Forecasting and Social Change, 2021)

“Everything happening will adapt itself into the next cycle, and that cycle is one phi distance away.” (Bert de Groot, professor of economics at Erasmus University Rotterdam)

Listen to the Tech Insights podcast: New discovery of the golden ratio in the economy

Contributing Experts

Vijay Sundaram Chief Strategy Officer, Zoho		Jason Brommet Head of Modern Work and Security Business Group, Microsoft
Steve Orrin Federal Chief Technology Officer, Intel		Wade Barnes CEO and Founder, Farmers Edge

Contributing Experts

Raine Maida Chief Product Officer, S!NG Singer, Our Lady Peace		Geoff Osler CEO, S!NG
Mik Lernout Vice President of Product, Clio		Bert de Groot Professor of Economics, Erasmus University Rotterdam

Bibliography – Enabling the Digital Economy

“2021 Canada Dealer Financing Satisfaction Study.” J.D. Power, 13 May 2021. Accessed 27 May 2021.

Brown, Sara. “The CIO Role Is Changing. Here’s What’s on the Horizon.” MIT Sloan, 2 Aug. 2021. Accessed 16 Aug. 2021.

de Groot, E. A., et al. “Disentangling the Enigma of Multi-Structured Economic Cycles - A New Appearance of the Golden Ratio.” Technological Forecasting and Social Change, vol. 169, Aug. 2021, pp. 120793. ScienceDirect, https://doi.org/10.1016/j.techfore.2021.120793.

Hatem, Louise, Daniel Ker, and John Mitchell. “Roadmap toward a common framework for measuring the Digital Economy.” Report for the G20 Digital Economy Task Force, OECD, 2020. Accessed 19 Oct. 2021.

LaBerge, Laura, et al. “How COVID-19 has pushed companies over the technology tipping point—and transformed business forever.” McKinsey, 5 Oct. 2020. Accessed 14 June 2021.

Pomeroy, James. The booming digital economy. HSBC, Sept. 2020. Web.

Salman, Syed. “Digital Transformation Realized Through COBIT 2019.” ISACA, 13 Oct. 2020. Accessed 25 Oct. 2021.

Bibliography – Hybrid Collaboration

De Smet, Aaron, et al. “Getting Real about Hybrid Work.” McKinsey Quarterly, 9 July 2021. Web.

Herskowitz, Nicole. “Brace Yourselves: Hybrid Work Is Hard. Here’s How Microsoft Teams and Office 365 Can Help.” Microsoft 365 Blog, 9 Sept. 2021. Web.

Melin, Anders, and Misyrlena Egkolfopoulou. “Employees Are Quitting Instead of Giving Up Working From Home.” Bloomberg, 1 June 2021. Web.

Spataro, Jared. “Microsoft and LinkedIn Share Latest Data and Innovation for Hybrid Work.” The Official Microsoft Blog, 9 Sept. 2021. Web.

Subin, Samantha. “The new negotiation over job benefits and perks in post-Covid hybrid work.” CNBC, 23 Apr. 2021. Web.

Torres, Roberto. “How to Sidestep Overspend as Hybrid Work Tests IT.” CIO Dive, 26 July 2021. Accessed 16 Sept. 2021.

Wong, Christine. “How the hybrid workplace will affect IT spending.” ExpertIP, 15 July 2021. Web.

Yang, Longqi, et al. “The Effects of Remote Work on Collaboration among Information Workers.” Nature Human Behaviour, Sept. 2021, pp. 1-12. Springer Nature, https://doi.org/10.1038/s41562-021-01196-4.

Bibliography – Battle Against Ransomware

Berg, Leandro. “RTF Report: Combatting Ransomware.” Institute for Security and Technology (IST), 2021. Accessed 21 Sept. 2021.

Dudley, Renee. “The Extortion Economy: How Insurance Companies Are Fueling a Rise in Ransomware Attacks.” ProPublica, 27 Aug. 2019. Accessed 22 Sept. 2021.

Durbin, Steve. “Council Post: Artificial Intelligence: The Future Of Cybersecurity?” Forbes, 23 Sept. 2021. Accessed 21 Oct. 2021.

“FACT SHEET: Ongoing Public U.S. Efforts to Counter Ransomware.” The White House, 13 Oct. 2021. Web.

Jeffery, Lynsey, and Vignesh Ramachandran. “Why ransomware attacks are on the rise — and what can be done to stop them.” PBS NewsHour, 8 July 2021. Web.

McBride, Timothy, et al. Data Integrity: Recovering from Ransomware and Other Destructive Events. NIST Special Publication (SP) 1800-11, National Institute of Standards and Technology, 22 Sept. 2020. NIST Computer Security Resource Center (CSRC), https://doi.org/10.6028/NIST.SP.1800-11.

Mehrotra, Karitkay, and Jennifer Jacobs. “Crypto Channels Targeted in Biden’s Fight Against Ransomware.” BNN Bloomberg, 21 Sept. 2021. Web.

Sharma, Mayank. “Hackers demand $70m ransom after executing massive Solar Winds-like attack.” TechRadar, 5 July 2021. Web.

“Unhacked: 121 Tools against Ransomware on a Single Website.” Europol, 26 July 2021. Web.

Bibliography – Carbon Metrics in Energy 4.0

“The A List 2020.” CDP, 2021. Web.

Baazil, Diedrik, Hugo Miller, and Laura Hurst. “Shell loses climate case that may set precedent for big oil.” Australian Financial Review, 27 May 2021. Web.

“BlackRock’s 2020 Carbon Footprint.” BlackRock, 2020. Accessed 25 May 2021.

“CDP Media Factsheet.” CDP, n.d. Accessed 25 May 2021.

Glaser, April, and Leticia Miranda. “Amazon workers demand end to pollution hitting people of color hardest.” NBC News, 24 May 2021. Accessed 25 May 2021.

Little, Mark. “Why Canada should be the home of the new global sustainability standards board.” Business Council of Canada, 1 Oct. 2021. Accessed 22 Oct. 2021.

McIntyre, Catherine. “Canada vying for global headquarters to oversee sustainable-finance standards.” The Logic, 22 July 2021. Web.

“Net Zero Scorecard.” Energy & Climate Intelligence Unit, 2021. Accessed 25 May 2021.

Sayer, Peter. “Greenhouse gas emissions: The next big issue for CIOs.” CIO, 13 Oct. 2021. Web.

“Scope 1 and Scope 2 Inventory Guidance.” US EPA, OAR. 14 Dec. 2020. Web.

Sorkin, Andrew Ross. “BlackRock C.E.O. Larry Fink: Climate Crisis Will Reshape Finance.” The New York Times, 14 Jan. 2020. Web.

“Sustainable IT Pledge.” CIO Strategy Council, 2021. Accessed 22 Oct. 2021.

Bibliography – Intangible Value Creation

Areddy, James T. “China Creates Its Own Digital Currency, a First for Major Economy.” Wall Street Journal, 5 Apr. 2021. Web.

Boar, Codruta, et al. Impending arrival - a sequel to the survey on central bank digital currency. BIS Papers No 107, Jan. 2020. Web.

Brainard, Lael. “Speech by Governor Brainard on Private Money and Central Bank Money as Payments Go Digital: An Update on CBDCs.” Board of Governors of the Federal Reserve System, 24 May 2021. Accessed 28 May 2021.

Howcroft, Elizabeth, and Ritvik Carvalho. “How a 10-second video clip sold for $6.6 million.” Reuters, 1 Mar. 2021. Web.

“Central Bank Digital Currency Tracker.” Atlantic Council, 2021. Accessed 10 Sept. 2021.

“Expert Comment From Warwick Business School: Problems With El Salvador’s Bitcoin Experiment Are Unsurprising.” Mondo Visione, 8 Sept. 2021. Accessed 10 Sept. 2021.

Goldstein, Caroline. “In Its Ongoing Bid to Draw Crypto-Collectors, Sotheby’s Unveils a Replica of Its London H.Q. in the Blockchain World Decentraland.” Artnet News, 7 June 2021. Web.

Hamacher, Adriana. “Taco Bell to Charmin: 10 Big Brands Jumping On The NFT Bandwagon.” Decrypt, 22 Mar. 2021. Web.

Hazan, Eric, et al. “Getting tangible about intangibles: The future of growth and productivity?” McKinsey. 16 June 2021. Web.

Bibliography – Intangible Value Creation

Herrera, Pedro. “Dapp Industry Report: Q3 2021 Overview.” DappRadar, 1 Oct. 2021. Web.

Holland, Frank. “Visa Says Crypto-Linked Card Usage Tops $1 Billion in First Half of 2021.” CNBC, 7 July 2021. Web.

Jiang, Shangrong, et al. “Policy Assessments for the Carbon Emission Flows and Sustainability of Bitcoin Blockchain Operation in China.” Nature Communications, vol. 12, no. 1, Apr. 2021, p. 1938. Springer Nature, https://doi.org/10.1038/s41467-021-22256-3.

Reyburn, Scott. “JPG File Sells for $69 Million, as ‘NFT Mania’ Gathers Pace.” The New York Times, 11 Mar. 2021. Web.

Taylor, Luke. “Bitcoin: El Salvador’s Cryptocurrency Gamble Hit by Trading Loophole.” New Scientist, 25 Oct. 2021. Web.

Bibliography – Automation as a Service

Belsky, Scott. “The Furry Lisa, CryptoArt, & The New Economy Of Digital Creativity.” Medium, 21 Feb. 2021. Web.

Culbertson, Joy. “10 Top Law APIs.” ProgrammableWeb, 14 Feb. 2021. Web.

Caballar, Rina Diane. “Programming by Voice May Be the Next Frontier in Software Development - IEEE Spectrum.” IEEE Spectrum: Technology, Engineering, and Science News, 22 Mar 2021. Accessed 23 Mar. 2021.

Gonsalves, Chris. “The Problem with APIs.” VentureBeat, 7 May 2021. Web.

Graca, Joao. “Council Post: How APIs Are Democratizing Access To AI (And Where They Hit Their Limits).” Forbes, 24 Sept 2021. Accessed 28 Sept. 2021.

Harris, Tony. “What is the API Economy?” API Blog: Everything You Need to Know, 4 May 2021. Web.

Kitsing, Meelis. Scenarios for Digital Platform Ecosystems, 2020, pp. 453-57. ResearchGate, https://doi.org/10.1109/ICCCS49078.2020.9118571.

Pilipiszyn, Ashley. “GPT-3 Powers the Next Generation of Apps.” OpenAI, 25 Mar. 2021. Web.

Rethans, John. “So You Want to Monetize Your APIs?” APIs and Digital Transformation, 29 June 2018. Web.

Bibliography – Automation as a Service

Salyer, Patrick. “API Stack: The Billion Dollar Opportunities Redefining Infrastructure, Services & Platforms.” Forbes, 4 May 2021. Accessed 27 Oct. 2021.

staff. “RapidAPI Raises $60M for Expansion of API Platform.” InsideHPC, 21 Apr. 2021. Web.

Taulli, Tom. “API Economy: Is It The Next Big Thing?” Forbes, 18 Jan. 2021. Accessed 5 May 2021.

Warren, Zach. “Clio Taking 2021 Cloud Conference Virtual, Announces New Mission Among Other News.” Legaltech News, 11 Mar. 2021. Web.

Wheatley, Mike. “Google Announces API-First Approach to Application Data Integration with Apigee.” SiliconANGLE, 28 Sept. 2021. Web.

About the research

Tech trends survey

As part of its research process for the 2022 Tech Trends Report, Info-Tech Research Group conducted an open online survey among its membership and wider community of professionals. The survey was fielded from August 2021 to September 2021, collecting 475 responses.

The underlying metrics are diverse, capturing 14 countries and regions and 16 Industries.

Industry

Department

Role

IT Spend

Respondents on average spent 35 million per year on their IT budget.

Accounting for the outlier responses – the median spend sits closer to 4.5 million per year. The highest spend on IT was within the Government, Healthcare, and Retail & Wholesale sectors.

What strategic, technical, and support implications should be considered in support of a move to VDI or DaaS?

Executive Summary

Insight

End-user experience is your #1 consideration

Virtual desktop infrastructure (VDI)/desktop as a service (DaaS) users expect their user experience to be at least equal to that provided by a physical PC, and they do not care about the underlying infrastructure. If the experience is less, then IT has failed in the considerations for VDI/ DaaS. In this research we analyze the data that the IT industry tracks but doesn't use or sometimes even look at regarding user experience (UX).

Identify the gaps in your IT resources that are critical to success

Understanding the strengths and weaknesses in your in-house technical skills and business requirements will assist you in making the right decision when it comes to VDI or DaaS solutions. In the case of DaaS this will include a managed service provider for small to medium-sized IT teams. Many IT teams lack a seasoned IT project manager who can identify gaps, risks, and weaknesses in the organization's preparedness. Redeploy your IT staff to new roles that impact management and monitoring of UX.

IT should think about VDI and DaaS solutions

Ultimately, IT needs to reduce its complexity, increase user satisfaction, reduce management and storage costs, and maintain a secure and effective environment for both the end user and the business. They must also ensure productivity standards throughout the considerations, strategically, tactically, and in support of a move to a VDI or DaaS solution.

Executive Summary

Info-Tech Insight

Every IT organization needs to be asking what success looks like. If you do not consider how your end user will be impacted, whether they are doing something as simple as holding a team meeting with voice and video or working with highly technical workloads on a virtual environment, you will run into multiple issues that affect end-user satisfaction, productivity, and adoption. Understand the tension metrics that may conflict with meeting business objectives and KPIs.

Voice of the customer

The enterprise end-user compute landscape is changing

Surveys are telling us a story

End-user KPI metrics are difficult to gather

Security is always quoted as a primary justification for VDI/DaaS, while UX is far down the list of KPIs. WHY? IT engineers use network and performance metrics to manage end-user complaints of “slowness,” which in reality is not what the user is experiencing. IT needs to invest in more meaningful metrics to manage end-user pain: Logon duration App load time App response time Session response time Graphic quality and responsiveness and latency Application availability and performance

(Source: Enterprise Strategy Group, 2020)

Dimensions of user experience

The dimensions of end-user experience can be broken down into four distinct categories that will impact not only the end user but also the business. Picturing your landscape in this framework will help clearly define your considerations when deciding on whether a VDI or DaaS solution is right for your business. We will investigate how these scenarios impact the end user, what that means, and how that can guide the questions that you are asking as you move to an RFP. Info-Tech Insight In the world of VDI and DaaS, if you do not get buy-in from the end user, the rate of adoption and the overall success of the implementation will prove difficult to measure. It will be impossible to calculate ROI even as you feel the impact of your TCO.

KPIs and metrics

Understand the types of end-user activities that are most likely to be reported as being slow. You need to know what storage, CPU, memory, and network resources are being used when the user performs those activities. In other words, what is the OS doing behind the scenes and what hardware is it using? Once you have determined which resources are being used by the various activities you will have to monitor the UX metrics to see which OS, network, storage, or server configuration issue is causing the performance issue that the user is reporting. What IT measures Most business KPI objectives concentrate on business goals, whether it be cost containment, security, simplification, ease of management, or centralization of apps and data, but rarely is there a KPI for end-user experience. You can’t fix what you can’t see. Putting a cost benefit to end-user satisfaction may come in the form of productivity. This may be a central reason why VDI has not been widely adopted as an architecture since it came to the marketplace more than 15 years ago.

VDI processes to monitor

Monitoring end-user metrics will mitigate the tension between business KPIs and end-user satisfaction

“If employees are the competitive edge and key differentiator for a business, I&O has a duty of care to ensure that the employees’ digital experience enables and does not impede the value of that asset.” (John Annand, Principal Director, Info-Tech Research Group)

The case for VDI today

Is security and data sovereignty the only reason?

“Though the desktops are moving to the cloud, accountability is not.” (Gary Bea, Director of Consulting Services and Technical Operations, Goliath Technologies)

The case for DaaS

Any device anywhere: key benefits of DaaS

Technical capability comparison

X as an endpoint client

From an end-user experience perspective, what makes sense in terms of usage and cost?

Security: on-premises versus cloud

Security decisions based on risk tolerance

• What is your risk tolerance? When deciding between VDI and DaaS, the first consideration is whether the business is better served with an on-premises or a cloud solution.
• Low risk tolerance: Considerer data sovereignty, complex compliance requirements, and data classification. For example, at the Pentagon, DoD requires heavy compliance with security and data sovereignty. DaaS cloud providers may be in a better position to respond to threats and attacks in a timely manner.
• Low risk tolerance: If the business mandates security tools that cannot be deployed in cloud solutions, VDI is a better solution.
• Low risk tolerance: Smaller businesses that don’t have resources with the expertise and skill set to handle security are better served in cloud. Security operations centers (SOCs) are more likely to present in large corporations.
• Low risk tolerance: When patching requires customization, for example in legacy applications, the ability to test patches is impacted, which may cause possible complications or failures.
• High risk tolerance: For cloud-based solutions, patching is taken out of the IT team’s hands, and testing is done against the complete cloud solution.

Info-Tech Insight

What is the better security posture and control plane? Clarify your stakeholders’ objectives, then see if VDI is an adequate solution.

Security needs for VDI and DaaS

• IDENTITY AND ACCESS MANAGEMENT — MFA, authorization, provisioning, SSO, identity federation, data owners, workflows, role-based access control (RBAC), user lifecycle management
• ENCRYPTION — TLS 1.3, and 256-bit, endpoint encryption, file encryption, AES, PKI, BitLocker
• DATA LOSS PREVENTION — Centralized policy management, sensitive data detection, HIPAA, GDPR
• ANTIVIRUS & PATCH MANAGEMENT — Group policy management, AV exclusions, anti-ransomware, keylogger mitigation
• DDoS protection — HTTP, UDP flood mitigation, content delivery network, always-on services
• ENDPOINT DETECTION & RESPONSE — Detect and react to advanced active attacks on endpoints

Activity

Define the virtual infrastructure solution for your end users

1. Define and build your value hypothesis/proposition
   1. What is the business case? Who is championing the investment?
   2. Identify the project management team and stakeholders.
   3. Set goals to be achieved based on value.
   4. Identify KPIs and metrics to measure success.
2. Identify use cases and personas
   1. Identify possible user friction (e.g. emotional, cognitive, interaction).
   2. Understand current infrastructure shortcomings/capabilities (e.g. network, security posture/tolerance, staffing needs, qualified technicians, end-user devices).
3. Articulate use cases into functional and nonfunctional requirements
   1. Separate must haves and nice to haves.
   2. Categorize requirements into identifiable functionality capabilities.
   3. Review your outputs and identify “gotchas” using the MECE (mutually exclusive, collectively exhaustive) principle.

Related Info-Tech Research

	Modernize and Transform Your End-User Computing Strategy Phase 3.2 of this research set covers virtual desktop infrastructure.
	Implement Desktop Virtualization and Transition to Everything as a Service Follow Info-Tech’s process for implementing the right desktop virtualization solution to create a project plan that will help ensure that you not only choose the right solution but also implement it effectively.
	Cloud Strategy Workbook Use this tool to assess cloud services (desktop-as-a-service).
	Desktop Virtualization TCO Calculator This tool is designed to help you understand what desktop virtualization looks like from a cost perspective.

Bibliography

Anderson, Joseph. “Five Ways VDI Will Grow in 2022 Thanks to Hybrid Work.” StratoDesk, 28 Feb. 2022. Web.

Bowker, Mark. “Are Desktops Doomed? Trends in Digital Workspaces, VDI, and DaaS.” ESG, May 2020. Web.

“The CISO's Dilemma: How Chief Information Security Officers Are Balancing Enterprise Endpoint Security and Worker Productivity in Response to COVID-19.” Hysolate, Oct. 2020. Web.

King, Val. “Why the End-User Experience Is Not Good for Your Remote Workforce .” Whitehat Virtual Technologies, 2 Dec. 2021. Web.

Perry, Yifat. “VDI vs DaaS: 5 Key Differences and 6 Leading Solutions.” NetApp, 26 Aug. 2020. Web.

Rigg, Christian. “Best virtual desktop services 2022.” TechRadar, 20 Jan. 2022 . Web.

Seget, Vladan. “Key metrics to consider when assessing the performance of your VDI/DaaS environment.” vladan.fr, 19 April 2021. Web.

Spruijt, Ruben. “Why Should You Care About VDI and Desktop-as-a-Service?” Nutanix, 28 Jan. 2020. Web.

Stowers, Joshua. “The Best Desktop as a Service (DaaS) Providers 2022.” business.com, 21 Dec. 2021. Web.

“Virtual Desktop Infrastructure(VDI) Market 2022.” MarketWatch, 5 Jan. 2022. Web. Press release.

Zamir, Tal. “VDI Security Best Practices: Busting the Myths.” Hysolate, 29 Nov. 2021. Web.

Zychowicz, Paul. “Why do virtual desktop deployments fail?” Turbonomic Blog, 16 Dec. 2016. Web.

Security Priorities 2022

The pandemic has changed how we work

disruptions to the way we work caused by the pandemic are here to stay.

The pandemic has introduced a lot of changes to our lives over the past two years, and this is also true for various aspects of how we work. In particular, a large workforce moved online overnight, which shifted the work environment rapidly.

People changed how they communicate, how they access company information, and how they connect to the company network. These changes make cybersecurity a more important focus than ever.

Although changes like the shift to remote work occurred in response to the pandemic, they are largely expected to remain, regardless of the progression of the pandemic itself. This report will look into important security trends and the priorities that stemmed from these trends.

30% more professionals expect transformative permanent change compared to one year ago.

47% of professionals expect a lot of permanent change; this remains the same as last year. (Source: Info-Tech Tech Trends 2022 Survey; N=475)

The cost of a security breach is rising steeply

The shift to remote work exposes organizations to more costly cyber incidents than ever before.

Remote work is here to stay, and the cost of a breach is higher when remote work is involved.

The cost comes not only directly from payments but also indirectly from reputational loss. (Source: IBM, 2021)

Security teams can participate in the solution

The numbers are clear: in 2022, when we face a threat environment like WE’VE never EXPERIENCED before, good security is worth the investment

Breaches are 34% less costly when mature zero trust is implemented.

A fully staffed and well-prepared security team could save the cost through quick responses. (Source: IBM, 2021)

Top security priorities and constraints in 2022

Survey results

As part of its research process for the 2022 Security Priorities Report, Info-Tech Research Group surveyed security and IT leaders (N=97) to ask their top security priorities as well as their main obstacles to security success in 2022:

Top Priorities Survey respondents were asked to force-rank their security priorities. Among the priorities chosen most frequently as #1 were talent management, addressing ransomware threats, and securing hybrid/remote work.

Top Obstacles Talent management is both the #1 priority and the top obstacle facing security leaders in 2022. Unsurprisingly, the ever-changing environment in a world emerging from a pandemic and budget constraints are also top obstacles.

We know the priorities…

But what are security leaders actually working on?

This report details what we see the world demanding of security leaders in the coming year.

Setting aside the demands – what are security leaders actually working on?

Many organizations are still mastering the foundations of a mature cybersecurity program. This is a good idea! Most breaches are still due to gaps in foundational security, not lack of advanced controls.

We know the priorities…

But what are security leaders actually working on?

One industry plainly stands out from the rest. Government organizations are proportionally much more active in security than other industries, and for good reason: they are common targets. Manufacturing and professional services are proportionally less interested in security. This is concerning, given the recent targeting of supply chain and personal data holders by ransomware gangs.

5 Security Priorities for 2022

People

1. Acquiring and Retaining Talent
   Create a good working environment for existing and potential employees. Invest time and effort into talent issues to avoid being understaffed.
2. Securing a Remote Workforce
   Create a secure environment for users and help your people build safe habits while working remotely.

Process

3. Securing Digital Transformation
   Build in security from the start and check in frequently to create agile and secure user experiences.

Technology

4. Adopting Zero Trust
   Manage access of sensitive information based on the principle of least privilege.
5. Protecting Against and Responding to Ransomware
   Put in your best effort to build defenses but also prepare for a breach and know how to recover.

Acquire and Retain Talent

Priority 01

Security talent was in short supply before the pandemic, and it's even worse now.

Executive summary

Background

Cybersecurity talent has been in short supply for years, but this shortage has inflected upward since the pandemic.

The Great Resignation contributed to the existing talent gap. The pandemic has changed how people work as well as how and where they choose work. More and more senior workers are retiring early or opting for remote working opportunities.

The cost to acquire cybersecurity talent is huge, and the challenge doesn’t end there. Retaining top talent can be equally difficult.

Current situation

• A 2021 survey by ESG shows that 76% of security professional agree it’s difficult to recruit talent, and 57% said their organization is affected by this talent shortage.
• (ISC)2 reports there are 2.72 million unfilled job openings and an increasing workforce gap (2021).

2.72 million unfilled cybersecurity openings (Source: (ISC)2, 2021)

IT leaders must do more to attract and retain talent in 2022

• Over 70% of IT professionals are considering quitting their jobs (TalentLMS, 2021). Meanwhile, 51% of surveyed cybersecurity professionals report extreme burnout during the last 12 months and many of them have considered quitting because of it (VMWare, 2021).
• Working remotely makes it easier for people to look elsewhere, lowering the barrier to leaving.
• This is a big problem for security leaders, as cybersecurity talent is in very short supply. The cost of acquiring and retaining quality cybersecurity staff in 2022 is significant, and many organizations are unwilling or unable to pay the premium.
• Top talent will demand flexible working conditions – even though remote work comes with security risk.
• Most smart, talented new hires in 2022 are demanding to work remotely most of the time.

Talent will be 2022’s #1 strength and #1 weakness

Recommended Actions

Talent acquisition and retention plan

Use this template to explain the priorities you need your stakeholders to know about.

Provide a brief value statement for the initiative.

Address a top priority and a top obstacle with a plan to attract and retain top organizational and cybersecurity talent.

Initiative Description: Provide secure remote work capabilities for staff. Work with HR to refine a hiring plan that addresses geographical and compensation gaps with cybersecurity and general staff. Survey staff engagement to identify points of friction and remediate where needed. Define a career path and growth plan for staff.		Description must include what IT will undertake to complete the initiative.
Primary Business Benefits: Reduction in costs due to turnover and talent loss	Other Expected Business Benefits: Productivity due to good morale/ engagement Improved corporate culture	Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.
Risks: Big organizational and cultural changes Increased attack surface of remote/hybrid workforce		Related Info-Tech Research: Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan Build an IT Employee Engagement Program

Secure a Remote Workforce

Priority 02

Trends suggest remote work is here to stay. Addressing the risk of insecure endpoints can no longer be deferred.

Executive summary

Remote work poses unique challenges to cybersecurity teams. The personal home environment may introduce unauthorized people and unknown network vulnerabilities, and the organization loses nearly all power and influence over the daily cyber hygiene of its users.

In addition, the software used for enabling remote work itself can be a target of cybersecurity criminals.

Current situation

• 70% of workers in technical services work from home.
• Employees of larger firms and highly paid individuals are more likely to be working outside the office.
• 80% of security and business leaders find that remote work has increased the risk of a breach.
(Source: StatCan, 2021)

70% of tech workers work from home (Source: Statcan, 2021)

Remote work demands new security solutions