playbook 12 min

The Divestiture Discovery Problem: Why Selling an IT Division Is Harder Than It Looks

Carving out an IT division sounds like a legal and financial problem. The IT discovery gaps that actually derail divestitures are operational. Here's what breaks in the first 30 days after Day 1.

ACQI Research ·

How Divestitures Are Supposed to Work

A corporate decides to sell its healthcare IT division. Legal draws up the SPA. Finance models the asset value. IT is told to “separate the environments.” The timeline is 90 days.

That’s the plan. Here’s what actually happens.

The Divestiture Discovery Gap

Most corporate IT divisions were never designed to be separated. They’re entangled. Applications in the corporate Azure tenant use identities managed by the corporate AD. M365 workloads are licensed under the corporate agreement. SaaS procurement happened centrally.

Discovery for a divestiture requires finding everything that connects the divested business to the parent — and mapping every connection in both directions. Most pre-divestiture IT assessments find the direct connections. The indirect ones are what break.

The $4M Marriott/Hilton Divestiture

The actual Marriott/Hilton IT separation found that the property management system used a corporate identity that was not in any application inventory. The corporate AD service account that authenticated the property management system had forest-level read access. Separating it required rebuilding authentication architecture for 3,100 properties in 90 days. The cost: $4.2M. The timeline impact: 4 months.

The discovery that would have prevented this: a single module that audits AD service account usage and maps it to application dependencies.

What Divestiture Discovery Has to Map

A complete carve-out discovery program has to cover:

  1. Identity Isolation — All AD accounts with membership in both parent and divisional OUs, service accounts used by divisional apps that authenticate to parent resources, cross-forest trust relationships that will be severed
  2. Application Dependency Mapping — Applications in the divisional environment that call parent APIs, SaaS applications with seat licenses allocated from the parent agreement
  3. Contract Liability — SaaS contracts in corporate name that cover divisional users, enterprise agreements with divisional users as named licensees, auto-renewing contracts where the divisional portion isn’t separately tracked
  4. Network Isolation Requirements — VPN routes that connect divisional offices to parent HQ, ExpressRoute connections with routing tables that reference both environments

The Three-Day Discovery Sprint

The acquirers who run divestitures cleanly use a three-day discovery sprint in the final two weeks before close:

Day 1: Identity and AD discovery. Map every account, every group, every service account, every trust relationship that crosses the carve-out boundary.

Day 2: Application and dependency discovery. Run discovery against all cloud environments, SaaS platforms, and M365 workloads in scope.

Day 3: Contract and licensing discovery. Inventory all SaaS contracts, seat allocations, and enterprise agreement terms that need to be separated, transferred, or terminated.

The output is a Carve-Out Readiness Report: prioritized findings that need to be resolved before Day 1, findings that can be resolved post-Day 1, and findings that represent contract or legal exposure.

Carve-out readiness assessment: Book a discovery sprint for your next divestiture. 48-hour turnaround.

Running an integration right now?

The research is clear: discovery-first integrations deliver on time. ACQI has the modules to get you there in weeks, not months.

See ACQI in action Talk to the team