• DIGITAL TRANSFORMATION

    DIGITAL TRANSFORMATION

    US Midmarket Digital Transformation Trends
    LEARN MORE
  • SAAS TRENDS

    SAAS TRENDS

    US SMB & Midmarket SaaS Adoption Trends
    LEARN MORE
  • IT MATURITY SEGMENTS

    IT MATURITY SEGMENTS

    US technology adoption trends by SMB IT sophistication
    LEARN MORE
  • BUYERS JOURNEY

    BUYERS JOURNEY

    Understanding SMB & Midmarket Buyers Journey
    LEARN MORE
  • CLOUD STUDY

    CLOUD STUDY

    SMB & Midmarket Cloud Adoption Trends
    LEARN MORE
  • SECURITY SURVEY

    SECURITY SURVEY

    SMB & Midmarket Security Adoption Trends
    LEARN MORE
  • MOBILITY SURVEY

    MOBILITY SURVEY

    SMB & Midmarket Mobility Adoption Trends
    LEARN MORE
  • IOT STUDY

    IOT STUDY

    SMB & Midmarket IoT Adoption Trends
    LEARN MORE
  • FEATURED INFOGRAPHIC

    FEATURED INFOGRAPHIC

    2017 Top 10 SMB Business Issues, IT Priorities, IT Challenges
    GET IT NOW
  • TECHAISLE

    TECHAISLE

    Global SMB and Channel Partner Market Research Organization
    SEE OUR SERVICES
  • TECHAISLE

    TECHAISLE

    SMB Data You Can Rely On | Analysis You Can Act Upon
    SEE OUR RESEARCH
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11

Techaisle Blog

Insightful research, flexible data, and deep analysis by a global SMB IT Market Research and Industry Analyst organization dedicated to tracking the Future of SMBs and Channels.

Techaisle survey shows SMB BDM involvement in IT security operations is minimal

A trend that is frequently discussed in industry journals revolves around the growing involvement of business decision makers (BDMs) in the IT acquisition process. There is a further issue that is not generally the subject of trade publication articles, though: the extent to which BDMs are going beyond system selection and acquisition, and involving themselves in IT operations.

To obtain some visibility into this issue, Techaisle asked SMB & Midmarket survey respondents (reported in three of Techaisle reports: 1/ SMB & Midmarket Buyers Journey 2/ SMB & Midmarket, ITDM vs BDM Decision Process) to identify the party (ITDM or BDM) most responsible for various aspects of cloud and mobility security. The results both provide insight into the IT operations activity levels of BDMs, and into potential issues that might arise as a result of ad hoc, unplanned and business driven IT purchases (or shadow IT).

The first thing we notice when we look at small and mid-sized business approaches to cloud security and mobility security is that there is a discrepancy between policy and practice. In cloud, that is the only discrepancy in the process. In 62% of small businesses and 71% of midmarket firms, business management has primary responsibility only for “Setting policy to define who has access – and the degree of their access – for cloud applications and corporate data used and/or created by cloud applications.”

When we look at mobility, we see that within 47% of midmarket firms, BDMs have responsibility for a second policy area: “creating and enforcing policies governing corporate rights around management and security of personally-owned devices used for business purposes.” Amongst small businesses, BDMs – perhaps owing in part to the fact that these organizations don’t have a lot of IT resource on staff – have primary responsibility for all forms of policy (the two examples noted above, plus policies governing personal and business use of devices, reimbursements for personal devices used at work, and security associated with personal devices connected to corporate resources).

As is noted above, this data sheds light on two interesting issues. The first is that (with the exception of small business mobility) BDMs are not really involved in IT operations, at least with respect to security. BDMs are an important force in acquiring technology; they determine the need for solutions, often hold the budget for the purchase, and have distinct ideas about what the solution should accomplish and what its key attributes should include. But they do not, as a rule, extend that activity into management; this (or at least, the security aspects of this) remains the purview of IT.

Where this has an especially interesting implication is in shadow IT. Shadow IT activities, ranging from “BYOD” (bring your own device) purchases of mobile devices to the sourcing of cloud-based applications and infrastructure, tend to occur without direct IT involvement. The BDM buyers, however, have little experience with actually doing the work required to ensure that these systems and devices are secure, backed up, auditable…all services that are generally provided by IT. It isn’t impossible for BDMs to expose shadow IT purchases to IT after the acquisition is made, and to ask for management help, and/or to contract with a third party to provide similar types of support. But if this kind of activity doesn’t occur regularly, and without substantial delays between purchase/use and support, BDM ‘managed’ shadow IT activities might (as IT departments fear) lead to security vulnerabilities and/or other management issues.

 

Cloud continuing to challenge SMB MSPs and frustra...

Search Blogs

Find Research

Blog Archive

SMB Data You Can Rely On | Analysis You Can Act Upon

Techaisle - TA