• SIMPLIFY. EXPAND. GROW.

    SIMPLIFY. EXPAND. GROW.

    SMB. CORE MIDMARKET. UPPER MIDMARKET. ECOSYSTEM
    LEARN MORE
  • ARTIFICIAL INTELLIGENCE

    ARTIFICIAL INTELLIGENCE

    SMB & Midmarket Analytics & Artificial Intelligence Adoption
    LEARN MORE
  • IT SECURITY TRENDS

    IT SECURITY TRENDS

    SMB & Midmarket Security Adoption Trends
    LATEST RESEARCH
  • CHANNEL PARTNER RESEARCH

    CHANNEL PARTNER RESEARCH

    Channel Partner Trends
    LATEST RESEARCH
  • FEATURED INFOGRAPHIC

    FEATURED INFOGRAPHIC

    2024 Top 10 SMB Business Issues, IT Priorities, IT Challenges
    LEARN MORE
  • CHANNEL INFOGRAPHIC

    CHANNEL INFOGRAPHIC

    2024 Top 10 Partner Business Challenges
    LATEST RESEARCH
  • 2024 TOP 10 PREDICTIONS

    2024 TOP 10 PREDICTIONS

    SMB & Midmarket Predictions
    READ
  • 2024 TOP 10 PREDICTIONS

    2024 TOP 10 PREDICTIONS

    Channel Partner Predictions
    READ
  • CLOUD ADOPTION TRENDS

    CLOUD ADOPTION TRENDS

    SMB & Midmarket Cloud Adoption
    LATEST RESEARCH
  • FUTURE OF PARTNER ECOSYSTEM

    FUTURE OF PARTNER ECOSYSTEM

    Networked, Engaged, Extended, Hybrid
    DOWNLOAD NOW
  • BUYERS JOURNEY

    BUYERS JOURNEY

    Influence map & care-abouts
    LEARN MORE
  • DIGITAL TRANSFORMATION

    DIGITAL TRANSFORMATION

    Connected Business
    LEARN MORE
  • MANAGED SERVICES RESEARCH

    MANAGED SERVICES RESEARCH

    SMB & Midmarket Managed Services Adoption
    LEARN MORE
  • WHITE PAPER

    WHITE PAPER

    SMB Path to Digitalization
    DOWNLOAD

Techaisle Blog

Insightful research, flexible data, and deep analysis by a global SMB IT Market Research and Industry Analyst organization dedicated to tracking the Future of SMBs and Channels.
Font size: +
3 minutes reading time (577 words)

Techaisle survey shows SMB BDM involvement in IT security operations is minimal

A trend that is frequently discussed in industry journals revolves around the growing involvement of business decision makers (BDMs) in the IT acquisition process. There is a further issue that is not generally the subject of trade publication articles, though: the extent to which BDMs are going beyond system selection and acquisition, and involving themselves in IT operations.

To obtain some visibility into this issue, Techaisle asked SMB & Midmarket survey respondents (reported in three of Techaisle reports: 1/ SMB & Midmarket Buyers Journey 2/ SMB & Midmarket, ITDM vs BDM Decision Process) to identify the party (ITDM or BDM) most responsible for various aspects of cloud and mobility security. The results both provide insight into the IT operations activity levels of BDMs, and into potential issues that might arise as a result of ad hoc, unplanned and business driven IT purchases (or shadow IT).

The first thing we notice when we look at small and mid-sized business approaches to cloud security and mobility security is that there is a discrepancy between policy and practice. In cloud, that is the only discrepancy in the process. In 62% of small businesses and 71% of midmarket firms, business management has primary responsibility only for “Setting policy to define who has access – and the degree of their access – for cloud applications and corporate data used and/or created by cloud applications.”

When we look at mobility, we see that within 47% of midmarket firms, BDMs have responsibility for a second policy area: “creating and enforcing policies governing corporate rights around management and security of personally-owned devices used for business purposes.” Amongst small businesses, BDMs – perhaps owing in part to the fact that these organizations don’t have a lot of IT resource on staff – have primary responsibility for all forms of policy (the two examples noted above, plus policies governing personal and business use of devices, reimbursements for personal devices used at work, and security associated with personal devices connected to corporate resources).

As is noted above, this data sheds light on two interesting issues. The first is that (with the exception of small business mobility) BDMs are not really involved in IT operations, at least with respect to security. BDMs are an important force in acquiring technology; they determine the need for solutions, often hold the budget for the purchase, and have distinct ideas about what the solution should accomplish and what its key attributes should include. But they do not, as a rule, extend that activity into management; this (or at least, the security aspects of this) remains the purview of IT.

Where this has an especially interesting implication is in shadow IT. Shadow IT activities, ranging from “BYOD” (bring your own device) purchases of mobile devices to the sourcing of cloud-based applications and infrastructure, tend to occur without direct IT involvement. The BDM buyers, however, have little experience with actually doing the work required to ensure that these systems and devices are secure, backed up, auditable…all services that are generally provided by IT. It isn’t impossible for BDMs to expose shadow IT purchases to IT after the acquisition is made, and to ask for management help, and/or to contract with a third party to provide similar types of support. But if this kind of activity doesn’t occur regularly, and without substantial delays between purchase/use and support, BDM ‘managed’ shadow IT activities might (as IT departments fear) lead to security vulnerabilities and/or other management issues.

 

×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

Techaisle midmarket study shows cloud maturity doe...
Cloud continuing to challenge SMB MSPs and frustra...
Comment for this post has been locked by admin.
 

Research You Can Rely On | Analysis You Can Act Upon

Techaisle - TA