惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
P
Proofpoint News Feed
Apple Machine Learning Research
Apple Machine Learning Research
WordPress大学
WordPress大学
博客园 - Franky
V
V2EX
爱范儿
爱范儿
J
Java Code Geeks
小众软件
小众软件
Last Week in AI
Last Week in AI
The Cloudflare Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Hugging Face - Blog
Hugging Face - Blog
T
The Blog of Author Tim Ferriss
酷 壳 – CoolShell
酷 壳 – CoolShell
The Register - Security
The Register - Security
GbyAI
GbyAI
Vercel News
Vercel News
Y
Y Combinator Blog
腾讯CDC
F
Fortinet All Blogs
I
InfoQ
N
Netflix TechBlog - Medium
B
Blog RSS Feed
D
Docker
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
量子位
博客园 - 司徒正美
阮一峰的网络日志
阮一峰的网络日志
The GitHub Blog
The GitHub Blog
Microsoft Security Blog
Microsoft Security Blog
V
Visual Studio Blog
博客园 - 三生石上(FineUI控件)
宝玉的分享
宝玉的分享
Blog — PlanetScale
Blog — PlanetScale
H
Help Net Security
云风的 BLOG
云风的 BLOG
A
About on SuperTechFans
Scott Helme
Scott Helme
T
Tor Project blog
U
Unit 42
Google Online Security Blog
Google Online Security Blog
PCI Perspectives
PCI Perspectives
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
NISL@THU
NISL@THU
D
Darknet – Hacking Tools, Hacker News & Cyber Security
aimingoo的专栏
aimingoo的专栏
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Stack Overflow Blog
Stack Overflow Blog
Security Archives - TechRepublic
Security Archives - TechRepublic

Blog on 1Password Blog

Why secure-by-design is an incentives problem, with Bob Lord | 1Password NIST and AI agents: 1Password’s approach to agent identity | 1Password Go beyond device health with External Checks in 1Password Device Trust | 1Password Natoma and 1Password help enterprises scale AI securely with governed agent access | 1Password New integrations between 1Password SaaS Manager and EPM | 1Password A first step toward post-quantum security | 1Password RSA 2026: Leading the way to secure agentic AI | 1Password How 1Password is Building a Culture of AI Fluency Through AI Champions | 1Password 1Password vs. Keeper Security: A comparison | 1Password 1Password vs. LastPass: Which is right for you? | 1Password Secure MCP credentials with 1Password and Runlayer | 1Password The next layer of AI security | 1Password Building the next chapter of Go-to-Market in EMEA | 1Password Automating SOC workflows with 1Password Enterprise Password Manager | 1Password Automated Provisioning hosted by 1Password: A Simpler, Smarter Way to Manage Access | 1Password Introducing 1Password® Unified Access: Identity Security for Humans and Their AI Agents | 1Password Next-generation automated provisioning, without compromising zero-knowledge security | 1Password Bitwarden vs. 1Password: Which password manager is right for you? | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password How to wrangle SaaS contract renewals | 1Password Stop trusting consumer browsers with work credentials | 1Password IAM stops at sign-in. Your credentials do not. | 1Password Your digital pit crew: a 10-minute pre-race security checklist | 1Password 1Password Device Trust is coming to EMEA | 1Password The identity transformation: Analyst and CIO insights | 1Password Why now is the moment to join 1Password Go-To-Market | 1Password Identity and Accountability in the Age of AI Agents | 1Password How 1Password secures agent architectures | 1Password 1Password becomes the first global partner to transact through Express Private Offers in AWS Marketplace | 1Password Start Learning on 1Password Academy | 1Password Expanding Programmatic Access to 1Password | 1Password Zero knowledge vs. a malicious server: A look at ETH Zurich’s research | 1Password Agents are making filesystems cool again | 1Password Black History Month employee spotlight: Joseph Ojelade | 1Password 1Password's new benchmark teaches AI agents how not to get scammed | 1Password Streamlining SaaS onboarding and offboarding | 1Password 3 common SaaS Management challenges and how to avoid them | 1Password How 1Password Is Evolving Its Partner Ecosystem | 1Password How to build secure agent swarms that power production-grade autonomous systems | 1Password From magic to malware: How OpenClaw's agent skills become an attack surface | 1Password Solving the unsanctioned SaaS problem | 1Password 1Password and 60 Day Hustle: cybersecurity for small businesses | 1Password Security advisory for AI-assisted browsing interactions with the 1Password browser extension | 1Password It’s incredible. It’s terrifying. It’s OpenClaw. | 1Password Managing the risks of social logins | 1Password What’s the first security tool your small business should buy? | 1Password As AI Supercharges Phishing Scams, 1Password Introduces Built-In Protection | 1Password How to interview with confidence at 1Password | 1Password Five tips for successful SaaS Management | 1Password SaaS Manager | 1Password Why SaaS License Waste Is a Cost and Security Problem | 1Password AI is changing the IDE. With 1Password, security keeps up | 1Password How IT teams can get a handle on shadow IT | 1Password Bringing secure, just-in-time secrets to Cursor with 1Password | 1Password The Chasing Entropy Podcast Season One is in the Books | 1Password Now available via QBS Software: 1Password Enterprise Password Manager – MSP Edition | 1Password The role of credentials in the AI espionage campaign reported by Anthropic | 1Password The hidden offboarding step draining your budget | 1Password AWS and 1Password: Innovation in AI and beyond | 1Password Simplifying credential security on OpenAI Atlas | 1Password From Social Work to Social Impact: Growing at 1Password | 1Password Improving in-page notifications in the 1Password browser extension | 1Password Password Manager for Families, Enterprise & Business | 1Password | 1Password Now available via Renaissance: 1Password Enterprise Password Manager – MSP Edition | 1Password Behind the wheel at Oracle Red Bull Racing | 1Password Securing MCP servers with 1Password: Stop credential exposure in your agent configurations | 1Password What’s new in 1Password Enterprise Password Manager - Q4, 2025 | 1Password Belonging as a catalyst for high performance | 1Password Password habits are worsening, but leaders see a path to passwordless | 1Password A simpler, faster way to unlock 1Password | 1Password Oracle Red Bull Racing Episode 4, CIO Matt Cadieux | 1Password 70% of IT and security pros say SSO is falling short | 1Password 1Password's Phishing Survey: Avoid Holiday Phishing Scams | 1Password Securing the Win | 1Password SaaS optimization: How to maximize value and reduce costs | 1Password The enterprise AI crisis: Unsanctioned tools and unenforced policies | 1Password An Identity Security taxonomy for Agentic AI | 1Password Introducing new .env file support in 1Password environments | 1Password Speed and security: Mark Hazelton on protecting Oracle Red Bull Racing’s most valuable asset – its data | 1Password 1Password for Good: Giving back during cybersecurity awareness month | 1Password Utah Mammoth and Utah Jazz score with identity security | 1Password Oracle Red Bull Racing CEO and Team Principal | 1Password Three signs you need a SaaS Management Platform | 1Password Closing the credential risk gap for AI agents using a browser | 1Password Microsoft and Dropbox password managers are sunsetting: What it means and what to do next | 1Password From hackathon nerves to internship wins: Kavya’s journey at 1Password | 1Password 1Password now available in Comet, the AI-powered browser by Perplexity | 1Password 1Password announces new integration with Zscaler | 1Password Breaking the mold: Why more women should consider a career in sales | 1Password Clickjacking: What it means for 1Password users | 1Password AI and security at Black Hat: 5 key takeaways from a security expert panel | 1Password Blog | 1Password Do any CISOs feel lucky? | 1Password How to lead with confidence in the AI era: a conversation with Nancy Wang, VP, Engineering | 1Password New Device Trust Check makes browser extension enforcement easier | 1Password Purpose, performance, and trust: Inside the culture powering 1Password’s next chapter | 1Password Now available on Pax8 Marketplace: 1Password Enterprise Password Manager - MSP Edition | 1Password The security principles guiding 1Password’s approach to AI | 1Password Choosing the right SaaS management platform for your business | 1Password Simplify access reviews with 1Password SaaS Manager | 1Password How great usability tripled Duke University's password manager adoption | 1Password
What security leaders need to know about mergers and acquisitions | 1Password
info@1password.com (1Password) · 2025-09-03 · via Blog on 1Password Blog

For security teams, the stakes are rarely as high as they are during mergers and acquisitions (M&A). Suddenly, you’re tasked with managing two companies' worth of devices, applications, identities, and data. There can be serious issues lurking within the newly acquired (or soon-to-be-acquired) company, including legacy systems, poorly vetted third-party contractors, and incompatible security policies.

Examples of what can go wrong during an M&A are legion, but the mergers of Verizon and Yahoo, as well as Marriott and Starwood, stand out as two particularly public fiascos. During both mergers, it was discovered that security oversights led to massive data breaches, costing hundreds of millions of dollars and creating a PR nightmare for all involved.

Due diligence

Stories of M&As gone wrong demonstrate the importance of the due diligence phase. For security leaders, the most critical window in an M&A is before the ink dries. To mitigate any unpleasant post-acquisition surprises, security should be integrated into the process as soon as negotiations begin. Kane Narraway, Canva’s Head of Enterprise Security, suggests that, if you work at a larger company with a Corporate Development (Corp Dev) team, “they tend to be the people running the acquisitions and doing the deals… Make friends with them so that you can get ahead of any acquisitions.”

When doing your due diligence, resist the temptation to prioritize speed over scrutiny. This is your opportunity to identify risks that could impact the value of an acquisition before any agreements are signed.

Because these deals often move fast, it’s likely you won’t have the time to do a full red-team exercise; instead, you need to focus on signal-rich evidence. This requires security to run both discovery and validation in parallel.

  • Discovery: Review policies, read documentation, and interview the IT and InfoSec teams.

  • Validation: Perform pentesting, lightweight recon, and surface any high-risk exposure areas.

Signal-rich evidence can come in a variety of forms, but prioritize requesting key documentation, such as compliance certifications, security policies and procedures, organizational charts, and recent audits. These can quickly reveal a company’s security posture and organizational maturity.

Wendy Nather, Senior Research Initiatives Director at 1Password, points out that maturity isn’t necessarily about the amount of documentation a company has. “Smaller companies don't have time to do a lot of the really fancy documentation that people will look for. So it's not necessarily a sign that you're getting a lemon from a security point of view, it's just natural.” Instead, she suggests focusing on how the team responds to requests. “If they can pull out some papers and say, ‘here, here's all we have, ask us if you need anything else,’ that's super impressive.”

Pentesting is also an important way to validate your assumptions, though in an aquihire scenario, this is less crucial. But if the primary motivation for an acquisition is a product, then you’ll want to ensure there are no obvious vulnerabilities that could lead to a breach and unfavorable headlines.

Understanding integration scenarios

No two M&A deals are exactly alike, and one major way they can differ is how the two companies integrate. There are three general flavors:

  • No integration: In this scenario, systems remain separate. There are several reasons for this choice, but often it’s in an “acquire to kill” scenario.

  • Partial integration: Some systems, such as laptops and identity platforms, are fully integrated, while others, like cloud infrastructure, may remain separate.

  • Full integration: This is rare and typically only seen in the acquisition of very new products or companies.

For security leaders, it’s essential to be clear on the strategy behind an acquisition. If you don’t understand why you’re doing the acquisition, you’ll waste time securing systems that don’t need to be integrated. If it’s a simple acquihire where a product is being depreciated, there’s no need to spend valuable time and resources on it.

This clarity is also key to conveying potential risks to the executive, engineering, and Corp Dev teams. It’s not enough to simply say, “This team doesn’t have a mature access control policy.” Instead, focus on translating that into tangible business impacts such as potential data exposure, integration delays, and privilege abuse. If you don’t know the purpose of an acquisition, then it will be impossible to understand what risks will actually have an impact on the deal.

In addition to deciding which systems to integrate and how, you’ll need to determine how to solve policy and compliance differences. While two companies may technically be compliant, they might use different compliance frameworks with conflicting data privacy, logging, and retention policies. Compliance can become a significant headache overnight as you try to reconcile multiple frameworks, and it may be the easiest and most effective approach to simply apply the stricter model across the board.

The due diligence phase of the M&A ends once integration begins, but it’s no time to let your guard down. There will inevitably be some post-deal chaos that creates an ideal environment for social engineering attacks and insider threats. Access control risks such as ghost or orphaned accounts and overprovisioned roles are rampant. Not to mention any third-party contractors or individuals who may use BYOD to access sensitive data.

It’s important to be vigilant, control information sharing, and implement a robust logging system in those crucial early days.

A marathon, not a sprint

The entire M&A process is a lengthy, complex, and high-stakes endeavor. Security involvement starts with the initial evaluation and can last months or even years of integration, depending on the size and scope of the acquisition. Security also can’t be bolted on; it needs to be an integral part of the process from moment one, assessing both technical and cultural risks, enforcing consistent controls and access.

1Password Extended Access Management can help organizations navigate the security challenges of M&A. Its three pillars – 1Password Enterprise Password Manager, 1Password SaaS Manager, and 1Password Device Trust – can help transform disparate systems into a unified, auditable, and role-based environment, even before integration is complete.

1Password Extended Access Management is designed to bridge the Access-Trust Gap: the risks posed by unmanaged devices, applications, and AI agents accessing company data without proper governance controls. It can secure secrets and credentials, discover and enforce access policies across SaaS apps, and provide cross-platform endpoint security, including for BYOD.

During the integration phase, 1Password Extended Access Management can provide a consolidated view of access across both organizations, automate provisioning/deprovisioning workflows, and provide audit-ready SaaS and device governance. This is huge when you’re inheriting a large number of new apps, employees, and contractors. Quickly identifying all parties with access to company data, ensuring they have the proper provisioning, and verifying that their devices meet company security policies can help limit risk and mitigate the chaos often inherent in the M&A process.

If you want to learn more and hear directly from experts with years of experience navigating the often nerve-wracking world of M&A, definitely check our recent webinar, Navigating M&A: What every security leader needs to know. In the webinar, Wendy Nather, 1Password’s Senior Research Initiatives Director, Dave Lewis, 1Password’s Global Advisory CISO, and Kane Narraway, Canva’s Head of Enterprise Security, talk through the ins and outs of securing your organization through the M&A process, tell stories from the trenches, and explain common pitfalls that doom many acquisitions.

Watch the webinar now.