Applied G2

You are here: Home » Service Offerings


Thought Leadership

E-mail Print PDF

Starting New Ventures for a Current Business.

Every successful company has a well defined growth strategy.  For large or private equity-backed organizations, acquisitions, international theater expansion and strategic partnerships may be blended to solidify market leadership. For mid-size organizations, expanding portfolio offerings beyond core offerings, geographic coverage and multi-tier channel development are common growth paths.   On the small end of the economic scale, aggressive client acquisition, getting quick ratios healthy and the development of new solutions and raising operating capital from bootstrap through multiple rounds of venture capital funding. It is critical that the security strategies, architecture and programs support an organization’s short and long term growth commitments

Private Equity or for large organizations acquiring a new or distressed property may need to quickly supplement the policies, procedures, staff, IT infrastructure and regulation required programs to remain in compliance as a newly independent entity.  The speed and efficiency of putting these elements in place can have a material impact on whether the new organization is mired in chaos or able to quickly transition into a nimble, focused organization with favorable returns.  Securing key intellectual property, reestablishing cost-effective core capabilities, and migrating customers is easy to put on a PowerPoint Gantt chart with an optimal time line, but hard to achieve in practice.  Many core services offered by the former owners, that were often taken for granted, can now jeopardize basic functions like taking credit card payments, meeting industry regulations, maintaining proper bond & insurance coverage, IT/Security/Fraud/Loss Prevention management and corporate governance activities can be much more difficult with a smaller highly matrixed support staff.

For organizations vying for the resources and support of Venture Capital firms the challenges are similar, but slightly different. As an organization matures beyond the Friends & Family round of funding a new organization needs to emerge to attract the next round of investors. The founders and leadership team must make the transition from a paper napkin to a financially viable business proposition attractive to a nervous pool of investors that have seen their available capital shrink in the recent recession.  The expectation for returns is much greater than simple computations of financial ratios, equity stakes and return on investment windows.  The maturity of the sales cycle, the ability of the organization & infrastructure to sustain predictable financial performance and expand market capture becomes even more important once the underlying fundamentals economics are proven to be sound.  

Prudent use of any secured venture capital is crucial to managing growth. Managing growth is an exciting and challenging time as the focus shifts from establishing viability to preparing for a profitable exit.  New elements of corporate governance require more focus and resources as compliance with industry, federal and international requirements becomes more complex.  Being able to securely take advantage of emerging technologies such as SaaS (Software as a Service), virtual environments and new mobile platform capabilities can be setup quickly with limited capital expenditures.

With acquisition being the most common exit strategy for Venture backed companies, these same flexible & secure technologies hold up well to the scrutiny of potential investors during the due diligence process leading up to a {fingers crossed} liquidity event.  Utilizing an operating cost based set of subscription services provides flexibility and portability during explosive growth.  Once the deal is struck, this environment quickly migrated into a more robust operating environment that is expected to happen quickly as part of post-acquisition integration milestone events.

For other firms that chose to remain private or within a limited market can leverage organic growth, strategic partnership and multi-tiered channel expansion opportunities.  Security challenges that have to be addressed at this tier can be daunting depending on the industry or operating theaters required to support the business.  Off-shore services and manufacturing facilities that require secure connectivity can result in significant cost savings, but can also raise the importance of maintaining privacy and high availability connectivity to keep operations moving smoothly.  Flexible staffing models are another fantastic opportunity for small firms to utilize top talent to fuel explosive growth.  Security programs and procedures have to be adapted to accommodate data access requests by users that are not employees, strategic partners, and client utilizing a dizzying array of platforms and methods you probably don’t own much less have any control of from a configuration perspective.  In regulated industries and through some partnerships, a small organization has to demonstrate the responsible stewardship of confidentiality, integrity, availability and fraud detection as a Global 1000 firm.   This is increasingly evident when you consider wide reaching regulations such as PCI for firms that rely on credit services to process payments or the very wide range of business that support the multi-billion dollar healthcare industry that will now fall under the purview of HIPAA HITECH requirements. Developing mature programs that include robust user provisioning that allow for segmentation of user groups, detailed understanding of key intellectual property & protected information assets,  integration of encryption solutions to secure data at rest & in-transit accompanied by capabilities to maintain configurations and access methods to ensure on-going policy enforcement will separate the business that flourish and those that falter.

Alignment of the organization’s growth strategy and security programs are inseparable. For the growth by acquisition crowd, verify your platforms, programs and procedures support the rapid integration of newly acquired properties that is crucial to maximizing the return on investment.  Connecting new facilities, on-boarding new employees, updating clients on the impact to the company’s future direction, capturing & incorporating newly acquired intellectual property or methods, and migrating financial & customer files to corporate standards are time critical elements that have to be accomplished before the organizations can efficiently move forward with the integration process.  VC backed and high growth clients should keep the previous list of task in mind when developing their own systems to facilitate integration if the organization’s exit strategy is acquisition.   These activities in addition to the  demonstrable execution against mature programs that support sound corporate governance and compliance can make the difference between being acquired at a premium or fading into the “me to” crowd of Lemmings.  The small firms must have a clear vision of the future clients, suppliers and partners that will help them achieve their growth goals.  Anticipating the industry and regulatory requirements when designing new capabilities will allow the organization to avoid the growth limiting process of retrofitting systems & procedures to demonstrating compliance that is constantly changing.  Incorporating the needs of an organizations growth strategy and future compliance requirements as just another design consideration in every major business activity is the most effective approach to ensure synchronicity between both.  

Security & Risk Assessments

E-mail Print PDF

AppliedG2 offers a wide range of security assessments using a wide range of data collection and analysis techniques.  As part of the scoping the project together our technical staff will explain the different types of security assessments that can be utilized to meet your specific needs. Some of the most common include:

Vulnerability Assessments – Analysis of operating environment and key security capabilities from within the network utilizing scanning tools and network traffic. This assessment is valuable in determining how an insider (employee, contractor, customer) might be able to exploit internal control weaknesses to access assets that are not required for normal business related functions.


External Penetration Assessment – Assesses the vulnerability of your network and the effectiveness of your perimeter protection mechanisms. It simulates how specific vulnerabilities could be exploited by unauthorized users to access your critical assets utilizing via your internet connection.


Industry Best Practice Assessment- Utilizing current guidance from industry, government and cooperative groups to develop a set of standards unique to your organization will serve as the baseline to evaluation organizational capabilities against.  Many customers rely on sources such as ISO 27000, Payment Card Industry (PCI-DSS), NIST, HIPAA – HiTech Act, FIPS, DISA STIGs & Checklist, DoD Configuration & IAVA Management, Continuity of Operations and Incident Response to develop their own target set of standards to meet current regulatory compliance and corporate governance goals.


Contractual & International Obligation Assessment - In addition to the complicated matrix of industry and government requirements, many additional considerations involve the obligations created via everyday contracts and local business practices.  Accurately capturing obligations, terms & conditions and rights to inspect your business operations can have a significant material impact on your business.  By reviewing standard contracts, exception handing and the local operating environments global policies and capabilities can be adapted to meet the protection needs of the enterprise while mitigating breach of contract and local legal actions for compliance violations.


Industry Vertical Specific Assessments – AppliedG2’s deep operational expertise has allowed us to create assessments designed to meet specific regulatory compliance mandates. For example, our assessments can be tailored to meet a specific industry vertical requirement such as the N.C.U.A (National Credit Union Administration) Part 748 Security Program… and Bank Secrecy Act Compliance program.


Physical Security Assessments – AppliedG2 understands the most effective asset protection may include significant amounts of physical security.  By analyzing the integration of staff, procedural and physical safeguards to protect property, personnel and data assets a more complete capability assessment can be evaluated to mitigate operational risk.  All the firewalls, intrusion detection systems and malware protection in the world can’t prevent a savvy thief from picking up a server or locally attached storage device and walking out the door undetected.


Page 4 of 4