Performing Technical Due Diligence on Potential Investments
In the last few years, we’ve seen a dip in the supply of juicy assets for investment firms, creating a more competitive market and pushing venture capital and private equity firms to get creative in their portfolio. This makes performing technical due diligence on potential investments all the more vital for increasing your ROI.
This supply shortage and shift down market has yielded two noteworthy investment trends. Non-traditional tech investors are dipping into the tech industry, and investment firms with private sector portfolios are leaning into the federal and defense supplier markets. These shifts into unfamiliar territory mean that investors need to consider a number of factors they might not have previously encountered, such as the trickle down effects of data governance regulations or the ways that security improvements can drive revenue.
In ideal due diligence scenarios, investors bring in a technical consulting firm to perform network security and system readiness assessments. That’s one of the many areas where Point Solutions Group kicks ass and takes names – helping clients get crystal clear on the technology risks and opportunities of a potential investment. Having a third party step in to run technology baseline assessments and analyze system readiness is the best way to ensure you get the biggest bang for your investment buck. Hands down.
Utilizing an information security consulting firm as part of the technical due diligence process will balance out the problem of internal biases while providing an objective view of system readiness. These factors help shape the overall value of the investment and help to quickly identify opportunities for improved efficiency.
Keep in Mind Internal Biases
First and foremost, when performing technical due diligence it’s important to keep internal biases in mind. When a security officer has been living and breathing a certain environment for a long time, they’re going to have a biased view of the current risk areas as well as the maturity of their environment.
That’s not to say they’re automatically going to be wrong or aren’t thoroughly competent, it’s just that their scope may be limited by the environment and their personal investment in the systems. What a company’s CISO or security leader sees as necessary or up to standard is inevitably connected to whether they were the one who put the systems in place. And when pride is on the line, well, things can get muddled.
Two minds are always better than one, so another set of eyes can only strengthen your assessment and uncover potential oversights. Having a third party give an honest look at system readiness and infrastructure security will get you a lot closer to an objective overview. More often than not, that kind of objectivity is a tangible value driver to the broader company and the long term strategy.
Perform a System Readiness Assessment
Proper technical due diligence for an investment should absolutely include a system readiness assessment in addition to a network security assessment. You have to know what shape a company’s systems and processes are in if you want to understand a company’s value and its risk.
Doing a network assessment includes asking a lot of potentially awkward questions about age of equipment. (Nobody likes being asked how old they are, not even computers). If the equipment on hand is in the more “mature” or “distinguished” category, it’s going to impact the value of the investment. Are the company’s servers still under warranty? Are they getting updates from the manufacturer? If not, the company may be at risk for data breaches, and it might be time to put those servers out to pasture.
Similarly, assessing the security posture requires taking a look across the systems architecture. Are there legacy systems well past retirement age? Is the company maintaining data it doesn’t need? Are there lonely servers out there storing information nobody has looked at in years while costing lots of money to maintain?
An effective systems readiness assessment will help you identify where you can consolidate and where you’ll need to bolster the infrastructure. This might mean equipment, it might mean software, it might mean enhancing overall technical team capabilities to improve efficiency.
Consider the Investment Model: Growth or Consolidation
The value of a potential investment is directly related to the time involved in the investment strategy – whether the goal of the investment is to hold it and grow the business, roll it into a portfolio, or sell it in five years to maximize the value. For any of these investment models, the goals are basically the same: invest in the right areas, keep the overhead costs aligned to the company strategy and get it right the first time.
Once you’ve performed a thorough assessment of the company’s network security and technology infrastructure, then you can decide on what needs to happen to maximize your investment. Approaching technology decisions with the investment model in mind is helpful in determining the appropriate prioritization of technology needs, though it doesn’t mean ignoring potential long-term issues or opportunities.
Moving quickly to check a box is often a strategy that results in disappointing outcomes and frustration. Tech debt is a real thing, and if your goal is to sell, understand that savvy buyers are getting better at uncovering the skeletons in the closet. In particular, if you are planning to move the asset in a relatively short timeline, buyers are getting much better at sniffing out issues where you didn’t spend the time and money to do it right for the value of the company.
Identify Opportunities for Efficiency
Regardless of the investment model, technology efficiency is key for maximizing the value of your assets. This is another place where a technology services firm can help you get the most for your money – looking at an investment from every angle, assessing the technology environment from overall strategy to daily execution.
Most of the time, there are major opportunities to improve efficiency by reducing clicks, eliminating redundancy, automating tasks or speeding up processes. Who are companies supporting? How do they interact with those customers? How do orders get processed? How does the company collect cash at the end of the day? All of those elements have supporting technologies within the architecture, and more often than not there are places where things could be a lot better. One of the biggest levers in technology is time – if you reduce cycle times, you reduce churn.
At heart, the goal is to get rid of things the company doesn’t benefit from or enhance value – whether that’s applications or services. Are there applications that only a small subset of the business uses or provides? They are likely not providing value across the company. Is there a more cost-effective method to modernize some of those applications?
Partner with Technology Experts
The best way to maximize a potential investment and minimize risk is to bring in an IT consulting firm from the get go. At Point Solutions Group, we partner with our clients to help ensure that they’re aware of any potential complications an investment might face. We also help clients see a path forward – the barrier to entry doesn’t have to be daunting.
Drawing on years of experience, we help our investment partners identify risks and to see opportunities that a potential asset may not have considered. Particularly for growth model investments, we can help with the kinds of infrastructure and security improvements that will open new markets and pave the way for exponential growth.