Many organisations experience M&A deals and processes during their time, often requiring the merging of systems, teams and environments to consider. Hydras, an Acora Group company, worked with a start-up EV charging company who had recently been part of a major acquisition from a much larger business.

As part of this acquisition, the companies’ AWS environments were merged into the larger corporate environment along with the existing development and support teams. However, the security status of the new systems was still largely unknown, but they were required to meet corporate security requirements. This created a risk which needed to be mitigated, so our team were brought in to provide strategic security direction with the aim of highlighting security gaps along with a prioritised roadmap to close them.

Strategic Security Assurance

Our AWS Security Consultants worked directly with the company’s management and technical teams to meet the aim. Following our standard assurance process, which consisted of firstly performing a “discovery” phase, the aim of which is to understand the current state of the in-scope environment. This included identifying the technical environment, the people within the organisation and any associated security processes and procedures, as well as the corporate security requirements.

Armed with this information, our team then proceeded into the review phase, the aim of which is to review the environment against corporate security requirements and understand the “as-is” and “to-be” states so that gaps can be identified and an improvement plan can be created. This was performed by creating several streams of work that included architectural deep dives, threat modelling, security vulnerability and posture scanning and DevSecOps reviews.

Following this, we were then able to understand the current state of the environment, review this against the desired state and highlight gaps and risks. Finally, a report was produced that highlighted all the security gaps along with strategic recommendations on how to resolve them, prioritised by security risk. Our team were then engaged in a second piece of work to provide security assurance on the implementation of this strategy, ensuring that the desired outcome of meeting corporate security requirements was met.

Risk Reduction and Compliance in Merged Cloud Platforms

By analysing the current maturity of security within the EV company, our team was able to create and oversee a strategic security initiative to help reduce risk and meet corporate security requirements.

Related Case Studies