A large financial services company has just acquired a smaller fintech startup to integrate its innovative mobile platform. A security architect on the integration team discovers the startup had a relaxed IT policy, allowing developers to use their own cloud services and unmanaged devices. Which of the following presents the most immediate and critical risk to the acquiring company's security posture?
Undocumented and unmanaged assets from the startup creating a shadow IT environment that is not covered by existing security controls.
Consolidating software licenses to reduce redundant spending on productivity tools.
Integrating the startup's employees into the parent company's identity and access management (IAM) system.
Harmonizing the two companies' data classification and acceptable use policies.
The most critical initial risk during a merger or acquisition is the presence of unknown and unmanaged assets, often called 'shadow IT'. These systems are not protected by the acquiring company's security controls, creating significant gaps that attackers can exploit. While integrating IAM systems, consolidating licenses, and harmonizing policies are all important integration tasks, they are secondary to the immediate threat posed by an unsecured and expanded attack surface. The first step must be to discover and gain visibility over all inherited assets to apply necessary security measures.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of untracked systems that could create security gaps during a network integration?
Open an interactive chat with Bash
How can organizations ensure proper security controls are expanded during an integration?
Open an interactive chat with Bash
What regulatory risks might arise if security controls are not extended to the newly acquired systems?