In 360 on US SMB & Midmarket Security solutions adoption trends report, Techaisle analyzes survey responses from over 1,100 US SMBs to provide the insight needed to build and execute on IT security marketing strategies for the small and midmarket customer segments. Survey shows that overall, spending on security products by small businesses as flat but spending by midmarket firms is on a strong upward trajectory. Most SMBs rely on core security practices and technologies to address cloud-specific threats, but many are underinvested in cloud security solutions. Data encryption and security for virtual environments are particularly primed for growth. Mobile device security, gateway messaging/web security, and (as noted above) virtualization security as high-growth opportunities for security-as-a-service providers.

Techaisle’s research investigated 17 different types of IT security solutions. Techaisle positions these as belonging to one of four categories-

  1. Protection of data entering the corporate environment
  2. Protection of data that is being used within the corporate environment
  3. Protection of the mobile environment
  4. Traffic inspection and management

Highlights of findings from the survey include:

• A high proportion of SMBs (38% of small businesses and 79% of midmarket firms) report that they experienced mobility-related security breaches in the last one year. A majority of midmarket firms have deployed data loss prevention (DLP) and mobile security products; 20%-25% of small businesses plan to adopt DLP, mobile device management/mobile application management (MDM/MAM) or mobile security solutions.

• Discrete security solutions (i.e., products/services extending beyond embedded capabilities) are currently deployed within 55% of small (1-99 employees) businesses, and 95% of midmarket (100-999 employees) organizations. Most small businesses lack the skills required to work with software-based security solutions, and are 25%-33% less likely than midmarket firms to work with managed service or Security-as-a-Service providers. Security-as-a-Service suppliers have had most success thus far with data center/server, network and endpoint security offerings.

• Small and midmarket firms recognize that cloud increases the potential for security breaches, but are confident – overly so, in Techaisle’s view – in their ability to cope with this expanded risk profile. Most SMBs are underinvested in cloud security solutions.

• Roughly half of midmarket firms are using data encryption and products that secure virtual environments, and one-third are planning to use behavior analytics to protect against user malfeasance. Techaisle views this area as primed for growth – particularly security for virtual environments, which will themselves expand with increased adoption of software defined networking, software-defined storage and other virtualization-based technologies.

• Products in the “Traffic inspection & management” category figure prominently in SMB future plans. A majority of midmarket firms are using breach detection and/or intrusion prevention systems/intrusion detection systems (IPS/IDS), and nearly half report use of security information and event management (SIEM) systems.

• Techaisle’s research shows that BDMs play an active role in setting security policies – especially for mobile security – but that technical buyers are most likely to acquire security solutions. These technical buyers focus primarily on solution reliability; more junior security professionals are also very focused on support, while more senior IT management looks at price/performance. Both manager/director and C-level security staff consider brand and trust to be important security vendor attributes.

• Marketing messages aimed at security buyers should be incorporated within preferred sources containers (e.g., whitepapers, case studies, blog posts, etc.) and distributed through preferred channels (e.g., vendor websites, search) aligned with different stages of the security decision process. Data shows that some source types, including product trials/demo videos and case studies, are important in both identifying and selecting security vendors.

• A small group of vendors, including Symantec, Trend Micro and McAfee, are positioned as leaders in both the small and midmarket segments. Firms looking to penetrate these markets will need to ensure that their offerings are integrated with those of the market leaders.

In today’s SMB market, it is critical for vendors to build detailed understanding of the small and midmarket segments, and to align resources and strategies with requirements as SMBs move from initial experimentation with sophisticated solutions towards mass-market adoption. Techaisle’s deep understanding of SMB IT and business requirements enables vendors to understand the ‘why’ and ‘when’ of solution adoption, current and planned approaches to solution use, the benefits that drive user investments, and key issues in aligning with buyers and building and intercepting demand.

Techaisle's above report can be purchased either individually or as part of Techaisle's annual subscription services. Techaisle’s Annual Subscription Services are tailor-made to provide year-long uninhibited, continuous dialog with Techaisle and access to market research reports, newsletters, perspectives and white papers for use within the entire organization. Through Techaisle’s industry leading research, the subscription services fulfill need for clear insight into evolving solution areas needed by both established and emerging suppliers.