Issue link: https://securitytechnologyexecutive.epubxp.com/i/956571
18 SECURIT Y TECHNOLOGY E XECUTIVE • Februar y/March 2018 • www. SecurityInfoWatch.com COVER STORY wrong with that – (Pfizer CSO John Clark) and his crew knew exactly what they wanted and how they wanted to do it, plus, they found jobs for almost every member of our team." Two weeks later, Colin took the job at MillerCo- ors, and set about expanding on his predecessor 's security plan, which meant centralizing many of the processes and upgrading systems. Of course, Colin's course of action was forced to change again when Molson Coors revealed a different security philoso- phy – one that was much more decentralized. Work- ing closely with a consultant Molson Coors during the transition process yielded mixed results. "It has not been an easy integration" Colin admits. "I have had to go back and rethink how we go to business, since as much as we want to build that global organization with standardization and glo- balization, you face the reality of things being done another way." Soltis agrees, noting that in a largely decentralized organization, many systems will remain standalone, while it becomes more of large integration activity in a centralized organization. "A strict playbook should be established and a strategy in place during your pre-integration plan- ning so you are prepared to execute as part of your integration," Soltis says. "Most companies experi- enced in M&A; integration will have identified all requirements in advance of 'day zero' (or the day the deal closes)." Step Four: Adopt Changes on a Global Scale Colin, who now heads up four business units comprised of Molson Coors Europe, Molson Coors International, Molson Coors Canada and MillerCo- ors, is still working toward his goal of a centralized security model. That means assessing and updating The x-factor of a successful communications strategy is the ability of security and risk teams to get their messages across equally to both the C-suite and the rank- and-file employees. security and procedures and locations scattered around the globe. "It's like going back in time when dealing with some of these locations," Colin says. " We have to take a step back and demonstrate to people what a truly global security program can bring to the table. Some people (in the organization) think we don't have (security) problems, or prefer they be handled locally. It is an old mindset that is not true to the real world." As Colin works towards that preferred model of centralization, he is dealing with outdated security equipment, lack of oversight and KPIs for the vari- ous guard contractors and a general lack of policy and procedure. "You want to implement the best model that fits, "Colin explains. It is a matter of best practices from both parties, which does not always work. In the end, you do what is best for the organization as a whole – you set the standard for your systems and try to leverage good relationships with your previ- ous technology vendors for as smooth a transition as possible." Step Five: Get Buy-in and Assistance from IT Since almost every high-end physical security sys- tem – from access control to video surveillance and beyond – is running on a corporate network, the cooperation between CSO and CISO is invalu- able. "CSO and CISO partnership is essential to understanding the enterprise security risks of the target company," Soltis explains. "The convergence of physical and information security over the years has increased the capabilities of the two organiza- tions to better appreciate each other's function and role in the organization. Developing a risk profile for the target company's data and information security compliance early on will only help to better under- stand the strategy for mitigating risks and allow for a more smooth integration." Colin contends that the migration to network- centric physical security coupled with the laser- focused attention of an IT department on those functions makes his M&A; transitions easier – if the target company and the acquiring company leverage their respective strengths. "As we have more network-based and server- based systems and software that is operating in those virtual environments, finding the consolida- tion and connecting to those servers makes inte- gration easier, but at the same time, it can be more challenging if you are dealing with companies that have big server farms and data centers," Colin says.