Mergers and AcquisitionsSASENetworkingSecurity Transformation
Article10 minute read

The Importance of the Network Bridge to Mergers & Acquisitions

What is a network bridge? How do you establish, test and secure one? How can you prevent issues on Legal Day 1 and increase the likelihood of successful M&A activity?

In this article

The success of any merger and acquisition (M&A) transaction can greatly depend on the robustness of the network bridge — the network connection established between the various companies involved in the merger, acquisition or divestiture. 

The network bridge is typically set up and tested before operational Legal Day 1 — the first day the new company or entity becomes operationally separate from the remaining company in a typical M&A transaction (examples below).

Diagram of a merger.
Diagram of an acquisition.
Diagram of a divestiture.

This article introduces the concept of a network bridge, the two types of bridges, how to establish and test your bridge, and how to mitigate issues on Legal Day 1.

 What is a network bridge?

In the context of M&A activity, a network bridge establishes the key connection needed for application usage and data migration between companies. It essentially links two separate networks into a single network.

The network bridge is typically the only secure form of communication between the two companies prior to integration, and even sometimes post-integration.

Network bridges are not only used to transfer data during M&A activity. They're often leveraged to transfer workloads such as end-user communications, application testing and, in some cases, full system availability once integration is complete.

 4 considerations for establishing a network bridge

WWT's M&A team recommends keeping four high-level considerations in mind when establishing a network bridge:

  1. Permanency: How temporary will the network bridge truly be? Will applications need to leverage the bridge post-migration for any reason?
  2. Availability: Should the bridge experience an outage, how critical is its restoration? What are your service level agreement (SLA) requirements for availability?
  3. Capacity: How much traffic will flow over the network bridge?
  4. Security: How secure does your network bridge need to be?

Paying attention to these considerations will help you plan and implement the right type of network bridge for your specific M&A activity.

 2 types: Temporary vs. permanent

When standing up a network bridge, key M&A stakeholders should consider how long the bridge will last and what purpose it serves. For example, if you only expect to leverage the bridge for a limited use case, like a one-time file transfer that involves no real-time application traffic, a temporary network bridge might be right for you.

 Temporary network bridges

Temporary network bridges are relatively easy and quick to stand up, with a typical turnaround of 30 to 60 days. Temporary bridges leverage existing technologies such as VPN and VDI, and they cost less than permanent network bridges.

On the other hand, because they generally connect through the internet, temporary network bridges require the organizations to relinquish control over the bridge's availability and reliability levels. For example, a large application or data transfer performed via temporary network bridge might consume all of an organization's internet bandwidth and directly affect productivity.

If you decide to go the route of a temporary network bridge, make sure you carefully plan and schedule such transfers to avoid unintended traffic congestion and downstream business impact.

 Permanent network bridges

The alternative is a permanent network bridge. Because it's built on dedicated circuits, the availability and reliability levels of a permanent network bridge are defined and guaranteed by the circuit provider. 

Permanent bridges can be leveraged for real-time application traffic, traditional voice and call center systems, and large and continuous data transfers.

The capacity a permanent network bridge is also adjustable based on your provider contract. However, since permanent bridges involve procuring and contracting new circuits, they take longer to plan and stand up, with a typical window of 12 to 15 months from planning through execution. Likewise, the cost for planning, procuring and executing a permanent network bridge is higher.

 Combining temporary and permanent network bridges

The two options of network bridges are not mutually exclusive. Depending on an organization's needs, both types of bridges can be stood up at different times to ensure the right speed and levels of service. 

There are a variety of external connection technologies, such as VPN, cloud-to-cloud connectivity and circuits (e.g., MPLS and SD-WAN) to choose from for either type of network bridge.

WWT's M&A team helps organizations select and customize the right network bridge(s) to meet their needs based on overall financial, time, availability, security and capacity considerations.

 Securing the network bridge

Security is another key consideration for temporary and permanent network bridges. Due to the highly confidential nature of M&A activity, most organizations require pre-Legal Day 1 network bridges to meet higher security standards. For such bridges, WWT recommends installing higher-end security measurements like a dedicated layer-7 security system, a smart security system, plus firewalls for intrusion and data loss prevention.

Organizations can likely loosen their bridge security profile post-Legal Day 1. Depending on your company's security requirements, the network bridge can even be moved to an internal circuit where no firewall is needed.

 2 examples from the field

To see what various network bridges look like in the wild, we've compiled some sample arrangements from our M&A work in the field. In the various scenarios below, the new company (New Co.) becomes operationally separate from the remaining company (Remain Co.) on Legal Day 1.

 Use Case 1: Temporary network bridge

Pre-Legal Day 1

In the example below, the acquiring company plans to leverage existing VPN or VDI technology to build a federation with the New Co. environment to test traffic flows and accessibility before Legal Day 1. This testing window typically lasts from 30 to 60 days.

Temporary network bridge diagram.
Temporary network bridge diagram example

Testing of the temporary network bridge requires trust between identity systems from both companies. 

All traffic will flow through the internet and be gated by firewalls on each side. With the identity federation in place, traffic can flow through the firewalls to access resources in each company.

Legal Day 1

Once testing is complete, the temporary network bridge will be implemented on Legal Day 1. Users can then leverage VPN or VDI to access applications in the other company.

 Use Case 2: Permanent network bridge

Pre-Legal Day 1

Before Legal Day 1, both companies should expect to dedicate 12 to 15 months planning the network bridge design and implementation, for various legal reasons. Depending on the type of M&A activity and the specific companies involved, legal control can be more or less stringent.

In this example from the field, the infrastructure inquiry needed to establish a permanent network bridge must take place through a secured platform, which drags out the timeline. Moreover, due to market competition between the acquiring company and Remain Co., all testing must be approved by the legal and security departments of each company.

Permanent network bridge diagram example pre-Legal Day 1.
Pre-Legal Day 1: Permanent network bridge diagram example

The diagram above features two fabrics connected from the acquiring company's routers to a switch at New Co. There is a firewall managed by Remain Co. used to determine what traffic can go through to New Co. before Legal Day 1. Another firewall established between New Co. and Remain Co. prevents any traffic going into Remain Co. Similarly, any traffic going into the acquiring company's environment must pass through an acquirer-managed firewall.

Setting up and testing this complex arrangement can be tricky. As part of WWT's end-to-end M&A capabilities, our procurement specialists can facilitate the purchase of the right routers and cables needed to meet an organization's Legal Day 1 requirements and deadlines while guaranteeing quality and speed of delivery. Customers can also leverage WWT's Advanced Technology Center (ATC) to mock-up, test and validate their network bridge design before implementation.

Testing the network bridge

Two types of testing should be conducted prior to Legal Day 1: network testing and application testing.

  • Network testing is relatively straightforward; it measures traffic, ping and network speeds.
  • Application testing involves more coordination between application owners and firewall engineers. In the example above, application owners at New Co. need to provide information on application dependencies and traffic patterns so firewall engineers can add rules in the firewall to prevent any blockage of application usage on Legal Day 1.

All network and application testing must be completed within the designated testing window. Security and legal teams from both companies must validate testing results. Testing of the end-state design can begin a few weeks before Legal Day 1.

Firewall policy testing, which occurs post-Legal Day 1 and is another critical component of overall network bridge testing, is discussed below.

Legal Day 1

On the day of Legal Day 1, New Co. will switch the two network connections to the MPLS (or other circuit of choice) and Remain Co. will remove its firewalls. Any remaining connections between Remain Co. and New Co. are disconnected. The acquiring company's firewall rules, tested before Legal Day 1, should now allow application and user traffic from New Co. to pass over without issue.

Permanent network bridge diagram example post-Legal Day 1.
Post-Legal Day 1: Permanent network bridge diagram example

The permanent network bridge connections will be monitored by firewall and network engineers during the ensuing hypercare period (usually one week after Legal Day 1) to resolve any issues and escalations.

 Proactive Issue Prevention

Legal Day 1 can be a stressful event as thousands of users attempt to access applications via the new network bridge connection. Therefore, it's essential to prepare your help desk to anticipate and handle incident tickets properly.

It's also critical to anticipate issues by creating  thorough firewall policies.

 Firewall Policy Creation

One of the critical steps in network bridge testing involves creating a firewall policy to ensure smooth traffic flow. Firewall policy creation is also used in manufacturing and R&D site migration to provide complex systems that function correctly.

Your firewall policy should set a base rule that allows all traffic (minus malware and viruses) to pass through. Application owners should be able to operate their applications as they would in a typical day. A firewall engineer should then monitor all traffic hitting the firewall and create rules to allow specific traffic to pass through. These newly created rules need to be verified and layered on until no traffic hits the pass-through rule.

When WWT's M&A experts facilitate this firewall rule creation process, they provide application and site owners with step-by-step training on how to raise change requests for new rules to the managed service provider. That way, they're well equipped to handle the system post-migration.

Our M&A team can also leverage artificial intelligence (AI) and machine learning (ML) to study all rules for each site or migration. Based on our findings, we can create a global ruleset customers can leverage in the future.

To significantly reduce the number of tickets escalated to the engineering team monitoring traffic on the network bridge, we recommend creating a step-by-step troubleshooting guide and providing knowledge-transfer training before Legal Day 1.

Example steps in a troubleshooting guide:

  • Step 1: Help desk leverages simple network testing commands to verify if network connection is working properly.
  • Step 2: If network is connected, user should check to see whether the webpage loads.
  • Step 3: If user sees the page cannot be accessed, the issue is unlikely to be firewall related.
  • Step 4: User should connect with the Identity & Access Management team to make sure the proper access is granted.

 Takeaways

Preparing for Operational Legal Day 1 for an M&A deal can seem like a daunting process. But taking the time to properly plan and implement the right network bridge can greatly increase your chances of seamless integration.

WWT's M&A experts are well positioned not only to help your company design, build and deploy the right network bridge for your needs, but we can help manage all related pre- and post-Legal Day 1 activity to provide a continuous experience for both companies and user bases.