Techaisle Blog

A blog “Big Data in the Cloud - an ideal solution for SMB banks” that we wrote touched a nerve, in a good way. Post blog, in our several discussions with both large and community banks we find that cloud objection is largely based on the size of the bank. In addition, regulatory compliance concerns are huge as most midmarket businesses and banks in particular spend a lot of money being compliant. With the move to cloud they want to make sure that the investment extends to the cloud without being exposed to security breaches and from a regulatory point of view.

What is clear is that migration to cloud is forcing businesses to think differently about security, in very standardized ways because the delivery of cloud service is standardized. It is also pushing them to automate security because utilization of cloud is dynamic, elastic, automated and fluid thus making manual or even semi-automated security processes unmanageable. However, this approach creates multiple vulnerabilities. The bad guys themselves are taking advantage of all the cloud technologies and are becoming a lot faster and more automated than the businesses. Security therefore becomes a moving target and cloud security is a perfect opportunity for businesses to improve defenses and reduce risks.

While most midmarket businesses are reactive, hunting after point solutions when something goes wrong, others are taking a proactive approach to risk and threat so that they have more fluidity in the way they respond when a threat occurs.

IBM security is on a path to help businesses think differently about cloud security. It is moving the businesses along a maturity curve from reactive to proactive to optimized. Optimization refers to the difference between being able to weather an attack and continue with business and how much time could one can shave off and how much cost could be optimized for being able to respond to that event in reducing risk.

As Sharon Hagi, Global Strategist and Senior Offering Manager, IBM Security, said in an interview “the state that IBM is advocating goes beyond reactive or proactive. We call it the optimized state where organizations use automation coupled with predictive security analytics to drive towards a higher level of efficiency. By mixing the elements of proactive approach, automation and security intelligence businesses can actually get to the point where they are a lot more efficient and they actually reduce time and cost to respond to risk.”

IBM is differentiating and trying to distance itself from others in a number of different ways. IBM has a managed security services practice with ten plus security operation centers around the world servicing 133 different countries with 6,000 security professionals and its research lab X-Force provides actionable threat intelligence and insights for business and IT leaders. IBM monitors 10,000 security customers globally, 70 million end-points with 20 billion events per day, has made enormous investments in security intelligence analytics platform that allows it to distill information, identify threats and respond quickly.

But for banks and businesses that come under deep regulatory scrutiny, security goes beyond managed services and is a major psychological barrier to cloud adoption triggering a high level of fear-factor. Recently, we posed a fundamental question of “Why do you want security” to banks and midmarket businesses in general. The responses received could easily be bucketed into five categories:

Techaisle SMB and Midmarket Mobility Adoption Trends data shows that BYOD is not a factor in every SMB’s mobility strategy: more than half of small business (1-99 employees) respondents to the Techaisle SMB survey report that all or essentially all of the mobile devices in use are owned by the business, and nearly 25% of midmarket enterprises own 90%+ of their mobile device portfolios. However, BYOD is widespread within this group: 36% of the devices used by small businesses and 43% of those in use within midmarket firms are owned by employees.

The term BYOD has only been around since 2009, when it is said to have originated at Intel – but it has since become ubiquitous. A web search on the term will return nearly 10 million hits, and IT managers at organizations of all sizes and from nearly all industry sectors are very familiar with demands for connecting employee-owned mobile devices to corporate IT networks, applications and data resources.

Techaisle survey data shows that BYOD within SMBs comes in several ‘flavors.’ One of them is where employee both selects and pays for a new device, delighting the SMB finance, but causing problems for IT. Another flavor is CYOD, where employee pays for the device but selects it based on guidelines or an approved list. It appeals to both the SMB and IT but is not completely satisfactory for the employee. Third flavor is where it is a mix of two with some level of reimbursement for the purchase from the company and/or technical support for the devices. This has an upside because the employee selects technology that he/she is comfortable with but the downside is that the cost burden rests, at least to some extent, with the company rather than the employee.

Techaisle SMB and Midmarket mobility adoption survey data also shows that BYOD has implications on desktop and notebook purchases.

The ongoing migration to server virtualization – within small businesses that have not yet adopted virtualization and within midmarket enterprises that are consolidating workloads on new, virtualization-ready infrastructure – will drive substantial near-term demand for converged infrastructure. Techaisle survey data shows that adoption of converged infrastructure is expected to double within the one year planning horizon. This is unlikely to represent ‘net new’ server demand; instead, Techaisle expects converged infrastructure growth to occur at the expense of traditional server products.

While the migration from separate server, storage and networking products to converged infrastructure is still in its early stages, the Techaisle SMB & midmarket converged infrastructure adoption trends survey shows that it is beginning to gain traction, especially within more sophisticated accounts. In the US, converged infrastructure is currently used within 32% of midmarket businesses, with another 31% planning to acquire within a year. Techaisle’s segmentation by IT sophistication demonstrates converged infrastructure adoption rises steadily with increased buyer sophistication in both the small and midmarket segments. US SMBs spent US$3.8B on converged infrastructure solutions’ implementation in 2014.

Additional survey data illustrates that suppliers of converged infrastructure should be proactive in making potential customers aware of the benefits of their technologies. While roughly half of both small and midmarket businesses describe themselves as being in the information gathering stage, one-third are currently identifying potential solutions, and 15%-20% are evaluating suppliers. It seems unlikely that buyers will ‘mix and match’ converged infrastructure technology, so it is important for suppliers to win initial orders – and the data shows that many of these purchase decisions are already underway.

While there are technical advantages that make converged infrastructure products more effective virtualization hosts than traditional servers, Techaisle’s research shows that SMB buyers adopt converged infrastructure for one or more of five primary reasons:

1. to benefit from converged infrastructure’s integrated design and efficiency,
2. to tap into its ability to enable centralization/management of resources,
3. to capitalize on performance/time-to-benefit advantages,
4. to improve IT agility and its ability to meet business needs, and
5. in response to core requirements for cost savings and improved security.

In another section of the Techaisle SMB 2015 research, respondents were asked to identify projects that prompt consideration and purchase of converged infrastructure products. Comparison of small and midmarket business drivers finds both some commonality and some variations. Both small businesses and midmarket enterprises are most likely to acquire converged infrastructure to support data center consolidation, and virtualization applications as well as impetus for data migration. Key applications – Big Data and unified communications, SharePoint, and in small businesses, custom applications – are also project types that can drive adoption of converged infrastructure.

To enhance the scope of comparisons Techaisle also posed similar question to channel respondents in Techaisle’s SMB channel partner trends survey. The data provides yet another perspective reflecting the situations in which the channel is drawn into converged infrastructure decisions. Big Data – which requires a relatively wide range of competencies – is the project type that will most commonly require the channel to deploy converged infrastructure systems, and SharePoint projects which also demand a broad skill set, are the third most common project cited as a converged infrastructure adoption driver.

Question is “what sales channels are best positioned to intercept this demand?” Data shows that converged infrastructure routes to market will likely follow the pathways used to acquire software management layer that controls these physical resources. Both small and midmarket businesses are most likely to turn to hypervisor and networking vendors. Systems integrators have a substantial presence in the supply of these solutions whereas as VARs and managed service providers (MSPs) have more limited presence/appeal as virtualization solution sources.

In many ways, the key market issue surrounding converged infrastructure isn’t vendor-vs.-vendor competition, but rather, the ability of converged infrastructure as a system class to gain share quickly vs. traditional server products, while not being obviated by the cloud before attaining mass market penetration. However, suppliers are competing for share in this growth category, and understanding SMB what buyers are looking for – and what they struggle with when they adopt converged infrastructure – is important to positioning a brand as a credible solution.

Techaisle’s global SMB survey shows that mobility security is the 2nd top IT challenge for small businesses and 4th top IT challenge for midmarket businesses. To delve deeper, during the course of the Techaisle SMB 2015 Mobility Adoption & Trends survey, respondents were asked “When it comes to security risk in the mobile computing context, which of the following represents a source of exposure or uncertainty within your organization?” To a surprisingly high degree of candidness SMB concerns with mobility security revolved around users. As figure below demonstrates, SMB IT respondents ranked three user-attributable issues

1. User neglect/irresponsibility,
2. Lack of user knowledge/awareness, and
3. User mishap

amongst their top five concerns, trailing only “general malware infection” as a mobility security threat. Data is where the user is and to say that the enemy is inside the tent would be an understatement.

SMBs recognize the exposure and vulnerability but Techaisle survey shows that only 16% of SMBs worldwide are fully prepared to handle mobility security challenges. Data also shows that like manageability, security is an important constraint on mobility adoption within the SMB market. Most MSPs, channel partners and suppliers continue to focus on BDR and/or anti-malware security as they are easy to offer and deploy but they represent a very narrow approach to larger security issues within SMBs.