Techaisle Blog

It was once thought that the cloud would reduce the technology deficit SMBs face relative to larger firms – but it is difficult to say that this has proved to be the case. Indeed, the cloud has lowered the barriers to adopting new systems, giving SMBs access to applications and infrastructure resources that would have been well beyond their means five years ago. However, Techaisle’s SMB and Midmarket Cloud adoption trends research data show that cloud, and hybrid IT, has posed other challenges: difficulties in integrating systems with each other and with business processes, and in integrating data across applications (ensuring that data created by one application is input automatically into others); difficulty in securing systems that are based in multiple locations and managed by various organizations, each with their own set of operational rules; difficulty in applying appropriate levels of security and governance to an ever-expanding pool of data that moves at accelerating pace through an ever-more-complex constellation of systems, users and locations. Large organizations have IT teams dedicated to addressing specific issues within this shifting and complex set of requirements. SMBs rely on limited internal resources (often, small groups of generalists), supplemented by fractional headcount support from third-party channel members, to keep pace with the change that results from the constant advance of cloud and hybrid.

Despite these challenges, though, evidence suggests enormous scope for cloud growth in the global SMB segment. Data indicates an apparent leader/laggard dichotomy between midmarket and small businesses concerning IT-enabled innovation. Over 20% of midmarket firms have internal teams dedicated to “finding ‘what’s next?’ technology-driven innovations,” and 40% “have IT budgets specifically for technology-driven innovation;” 11% report that they have embedded IT professionals charged with finding innovations into business units. Small businesses are, on average, about half as likely to have taken these steps; instead, nearly half of firms with 1-99 employees state that their organizations do not expect IT to drive innovation actively.” Making the assumptions that a) midmarket firms will benefit from the express linkage of IT and innovation, and b) that the gap between large enterprises and midmarket firms is likely as significant as the delta between midmarket and small business. Additionally, large enterprises will, over time, capture IT-enabled business innovation benefits even more rapidly than midmarket competitors. Data illustrates the foundations of a cascade, where IT-enabled innovation drives business success and further cloud investments in larger firms, defining success patterns that small organizations then adopt.

The findings also expose the uncertainty that SMBs face as they structure their IT/business strategies. The most significant proportion of SMBs – 42% of small businesses and 32% of midmarket firms – state that they are unsure of what the next 10-15 years will look like for their industry. Other SMBs worry about their ability to cope with the pace of change: an average of about 25% of SMBs report that they “are struggling to keep up with the pace of change,” and nearly 20% state that they “do not know if they will be able to complete over the next decade.” Against this backdrop, a cadre of forward-looking organizations – 15% of small businesses, roughly a quarter of midmarket firms – “are battling barriers to become a digital business by 2030.” The successes that these firms realize over the next several years will increase their appetite for further cloud investments and encourage their peers to commit additional resources to cloud-based business initiatives. Techaisle expects that if and as these digital leaders realize tangible benefits from cloud and hybrid, the cloud will become an essential element of SMB business operations. As a result, SMBs will become a significant force in the cloud market. Moreover, suppliers to the SMB market and the SMBs themselves can align to bring about this positive change. Techaisle believes that mutual benefit will drive commitment and innovation on both the supply and demand side of the cloud equation.

Small and midsized businesses find it challenging to defend their users, applications, and data against external threats. Data from Techaisle’s SMB and Midmarket security research reveals 63% of US SMBs report that they experienced one or more cyberattacks in the last year, contributing to an average of 3.6% of revenue loss attributable to security incidents. For 46% of SMBs, preventing cyber-attacks is one the most pressing and critical IT issues. Yet, 59% of SMBs are very confident that their firms could recover from a cybersecurity incident. Nevertheless, security issues cast a long shadow over SMB IT priorities, especially as firms embrace the benefits of hybrid work, hybrid IT, only to find that their environments become more complex and more challenging to manage and protect. SMBs respond by expanding security budgets – but they lack the staff and expertise to construct effective shields around their organizations. The channel, working with leading-edge products like those from Fortinet, Cisco, Dell Technologies, Palo Alto Networks, has an essential role to play in defending their clients’ SMB businesses against security threats.

The origins of the saying “it’s about the journey, not the destination” may be unclear. Ralph Waldo Emerson, theologian Lynn H. Hough, Canadian rapper Drake, or others may have said the phrase, but its applicability in an IT security context is clear. There is no endpoint at which security is ‘done’; security requires constant updating to stay current with expanding threat vectors.

This requirement for continuously improved IT security is both a challenge and an opportunity for security suppliers.

What is the opportunity?

Techaisle has pegged global SMB security spending in 2023 at $68 billion. However, high IT security spending levels and growth rates mask an underlying sense of confusion concerning safeguarding emerging cloud and hybrid IT environments – and a lack of resources to address this problem. Compounding – or perhaps, causing – the lack of clarity into cloud security issues and the relatively tepid adoption rates for cloud security solutions is that SMB IT operations are under-resourced. Without specialized staff, SMBs cannot keep pace with the constantly changing threat vectors and security options.

The lack of insight by small businesses becomes clear: only 5% have IT security staff. 44% of midmarket firms have an average of three full-time internal security staff, but the demands of a business of this size would exceed a single individual’s bandwidth. The percentages more than double for upper-midmarket firms. Simply put, SMBs lack the bench depth needed to dedicate IT resources to security. Everywhere within the SMB segment, there is a mismatch between available resources and the depth of the skills required to keep pace with security needs.

The lack of understanding of a threat associated with a widely-used platform on the one hand, and the lack of IT staff resources available to address security concerns on the other, produces a clear conclusion: SMBs need suppliers to step up to the delivery of secure IT environments.

In many cases, these suppliers will be the mainstream channel partners who supply the SMB’s technology and act as the IT management presence within the SMB’s business. In other cases, including in many midmarket environments, the source of security products and services will be specialized managed security providers who focus tightly on operating SOCs and protecting client environments. In some scenarios, firms will ‘land’ by entering a client account from one of these positions and then ‘expand’ to serve a broader range of IT supply needs – crowding out competitors who can’t address the risk and compliance issues that are central to the CEO’s mandate.

What is the security supplier call to action?

As security suppliers move towards managing SMB security needs, they need to address the pace at which their clients absorb new offerings. Small businesses will not embrace eight new technologies, nor are midmarket firms going to integrate fourteen new solutions into their environments. Even if this were possible from a budget perspective, it would cause chaos in the business.

Instead, suppliers of security services need to co-create a security roadmap with their SMB, which starts with assessing the customers’ executive teams’ tolerance for risk. What absolutely must be secured, and in what order? The security supplier can then identify the solutions that best fit the customer’s immediate and longer-term needs and then deploy, integrate and manage the solutions over time. After all, data shows that 45% of SMBs feel it will be beneficial for them if an external services firm can help define and implementing security policies.

One key point of exposure in this process is the ability to ensure that different solutions work together. In the cloud world, and increasingly in the on-premise world as well, channel partners and MSPs focus on integrations: the breadth of a single vendor’s product line, plus – and importantly – the extent to which third parties develop and support links to a firm’s products.

There will be no slowdown in the digital transformation of SMBs; their business infrastructure will increasingly rely on technology. Likewise, there will be no slowdown in the threats to that infrastructure; as reliance on technology increases, so does the potential bounty for attackers. And as a result, there will be a continuous and growing need for IT security services – which will sustain firms adept at delivering and managing security solutions that combine expertise and industry-leading technology.

New work patterns and the acceleration of distributed workplaces are resulting in a range of productivity benefits for SMBs today. As such, businesses see increased workforce efficiencies and talent recruitment while minimizing cost by reducing intermediaries and integrating contract professionals – and even improved environmental performance through reduced commuting and building footprints.

In the quest to deploy a perfect hybrid workplace technology infrastructure, SMBs often overlook networking – wireless, routers, firewalls, and beyond. Similarly, as small business retailers and other small commercial offices struggle with re-opening uncertainties, they also grapple with the daunting task of enabling secure and safe environments for their employees and customers. Digitization with minimum IT disruption and low manageability is on their minds.

Cash flow constraints, limited access to finances, competitive landscapes, the need for innovation, erratic revenue, uncertainties, the pace of technology change, and many more are drivers for achieving cost efficiencies within SMBs. Digital transformation is no longer the domain of only upper midmarket firms and enterprises. Techaisle's SMB and Midmarket Digital transformation survey research shows that 46% of SMBs are adopting digital transformation to reduce costs, and 38% are planning for innovation in customer engagement and services.

Helping SMBs thrive with robust IT solutions

Unbeknownst to many, the Cisco Meraki platform and the solutions it powers is a critical foundational technology to fast-forward digital transformation for SMBs. Much of this comes from its ease of use, simplicity, and flexibility for lean IT to innovate by doing more with less.

Cisco acquired Meraki in 2012, around the same time (2013), when it divested Linksys to Belkin. Over the years, Cisco has continued to innovate on its highly successful Meraki platform. It is no secret that Cisco Meraki invented cloud-managed networking technology in 2006. It has continued to innovate and expand the networking portfolio to IoT solutions and cover any business need or use case. The Meraki platform consists of switching, security & SD-WAN, wireless access points, mobile device management, and extending to IoT, including smart cameras and AI-equipped sensors to drive business intelligence.

Regarding deep intelligence and analytics, Meraki Health and Meraki Insight allow SMBs to monitor all aspects of their network and applications from the Meraki dashboard or API and easily detect and fix potential issues in minutes. Techaisle's survey shows that only 4% of small businesses have internal full-time IT staff. They spend 79% of their time on support, maintenance, and troubleshooting— creating an IT efficiency deficit and negatively impacting organizational productivity. Meraki Health's objective is to simplify troubleshooting for the lean, almost non-existent, or over-burdened small business owner/manager. Small businesses need to propel growth and enable new business initiatives freeing up time and resources. To ease the digital transformation, Meraki provides many capabilities that protect SMBs of any size, including:

• Preventing cyber-attacks: Meraki MX Security & SD-WAN appliances protect SMB businesses, users, and devices. Meraki security has the backing of Cisco Talos, one of the largest commercial threat intelligence teams globally.

• Deploying remote workers: Meraki Z3 teleworker gateways provide connectivity and secure and seamless in-office experiences. Meraki Insight delivers deep visibility into critical business applications and proactive troubleshooting for remote workers.

• Ensuring safe occupancy: Meraki MV smart cameras let SMBs maintain social distancing guidelines by remotely monitoring and tracking safe occupancy levels in physical environments through intelligent analytics, such as object detection and tracking.

• Cost savings from simplicity: All Meraki products are deployed and controlled from a single pane of glass. Meraki Health is available for all devices, saving many troubleshooting times by pinpointing specific problematic devices and clients via root cause analysis.

SMBs agree that Meraki solutions can be quickly deployed with zero-touch provisioning and configuration and remotely managed through a cloud-based GUI dashboard (single pane of glass), with all-inclusive licensing. Meraki provides 24/7 technical support (email or phone) and a lifetime warranty on devices (except cameras & outdoor APs) with advanced replacement.

Challenges in small business security

Techaisle's SMB security survey research data shows that security is a top IT priority and challenge for 76% of SMBs, and 65% are planning to increase IT security investments. Within the SMB segment, small businesses often lack the skills required to work with software-based security solutions and are 25%-33% less likely than midmarket firms to work with managed service providers.

Most small businesses are not proactive in addressing security issues, but that may not be the whole problem or perhaps even the greatest obstacle to small businesses’ adoption of security technology. Relative to midmarket firms, small businesses have limited to no internal IT security staff, are not generally working with a managed service provider capable of handling security needs, and are about 50% less likely to embrace external vendors' software-based security solutions.

While small businesses could theoretically pursue some strategies used by larger competitors, they lack the experience and skills to identify, deploy, and manage the products and relationships used to develop shields protecting valuable corporate data, applications, and human assets.

Meraki addresses these issues by providing a secure in-office experience to remote workers—giving access to applications while maintaining visibility and control from anywhere with a cloud-managed dashboard. It also encrypts data with Auto VPN, allowing employees to quickly, securely, and remotely connect to corporate locations.

Meraki smart cameras also address physical security, remote monitoring, and intelligence by including on-device storage and flexibility to access data through the cloud. The cameras allow for many playback features with machine learning and AI to compress the data and provide business intelligence instantly gleaned from long recordings. It is an ideal product for SMBs implementing social distancing guidelines, remotely monitoring physical spaces, reducing in-person exposure on-site, and ensuring comprehensive security.

How SMBs can adapt and digitize

As I said earlier, there is increasing importance for innovation and digitization (not referring strictly to the substitution of digital records for physical documents, but more broadly to the use of digital technologies to meet business goals) in SMB strategy. Dependence on technology as a critical element of business success, burgeoning complexity, and cost constraint has created a perfect storm for small businesses to adapt to changing environments using specifically designed technology.

Over the last few months, we studied use cases and Meraki's usefulness within the SMB segment. Meraki addresses real and compelling issues, and I believe it will continue to expand within the SMB community. Verticals such as healthcare, manufacturing, retail, and financial services have been quick adopters of Meraki, specifically for launching new business models, deploying remote workers, transitioning to hybrid workplaces, cybersecurity, location analysis, contact tracing, social distancing, personal safety, curbside pickup, and more.

SMB owners and executives are concerned with issues that extend beyond technology. Yet, today's business environments are increasingly dependent on IT support, products, and services that improve productivity and efficiency or expand market reach and potential.

Final Techaisle Take

IT initiatives that can be linked meaningfully to broader business objectives can attract SMB executive support – meaning that products and services that address key business priorities have the most significant growth potential. Meraki is well on its way.

Today's economy demands that technology support SMB activities. The future will be defined by them capitalizing on technology-enabled business options. If SMBs are thinking about the path forward, from today's foundation to tomorrow's opportunity, they should include Meraki in their evaluations. Writing this analysis reminds me that I work from home and should probably replace my mesh routers with Meraki devices.

Risk mitigation is everyone's business, and SMB IT is uniquely positioning to manage reliability, privacy, and cyber-risk. In most SMBs, IT's role is to provide users with fast and reliable connections to needed systems and data. Increasingly IT is expected to prevent leakage of sensitive information that could harm the business or its customers. A global survey conducted by leading research firm Techaisle found that security solutions (cloud and mobility) are seen as a top IT priority by 75% of SMBs.

There is evidence of the enormous requirement for the defense of an ever-expanding perimeter – but if anything, it understates SMB's focus on cybersecurity. SMBs have deployed, and continue to deploy, increasingly-sophisticated shields to protect against the relentless advance of threat sources attacking businesses of all sizes through their cloud instances, mobile devices and connected users, and new technologies (such as IoT) and core networks and systems. SMBs (and the managed services suppliers they work with) are responding by developing better internal processes and deploying IT security solutions that are frequently enhanced by advanced features rooted in analytics and AI.
Defense against cyber-threats requires a comprehensive approach that spans people, process, and technology: appropriate systems need to be deployed, configured, integrated and continuously upgraded, processes – particularly related to the management of sensitive data – need to be established and embedded in work routines, and staff (all users, including IT) need regular and relevant training. A gap anywhere in this continuum will leave openings that intruders can exploit.
And as daunting as a defense against cyber-risk may be, the reality is that IT's role in ensuring information and infrastructure integrity is extending into other vital areas as well. With businesses now reliant on technology for most tasks' performance, IT must deliver continuous access to systems and safeguard data against loss. And in most environments, it is expected that IT will play a meaningful role in maintaining the privacy of sensitive data. In today's SMB, the IT leader is responding to multiple risk management demands.

SMBs typically start with basic endpoint/user security technologies – and many stop there as well. Even organizations that deploy additional 'shields' often shy away from taking the next step beyond trying to prevent a breach: assuming that a breach will occur and developing processes and deploying technologies needed to minimize the resulting damage and exposure. Some experts also point out that many firms – SMBs and enterprises – don't fully understand their devices (including back-end infrastructure, user devices and sensors), access points, applications, data, and system users. Building this inventory is an essential step in understanding the scope of potential exposure to breaches or losses.
Deployment of security technology will be an ongoing challenge as SMBs attempt to identify, budget for, deploy, integrate, and operate the security shields that are most important to their businesses' operations. In many cases, access to skilled professionals is the most tricky part of this equation. In this environment, SMBs struggle to attract and retain capable security staff members. Increasingly, this is leading to the use of managed security services: Techaisle's global survey shows that managed security, currently used by 29% of SMBs, is in the plans of an additional 44% of small and medium businesses – which will result in a 152% increase in the use of managed security services. 

Privacy is a component of many different SMB business responsibilities: it is critical to compliance, and as a result, to senior executives and shareholders; it is a crucial issue for legal advisors; included in statements made by marketing; and of course, concerning data, it is assumed to be something that is managed by IT. Privacy is a cross-functional responsibility. Sensitive data needs to be classified as such and prioritized for the highest-level security; the security may be an IT function, but the classification needs to be done by the business leaders closest to the inputs and implications of disclosure. Leaks are very often the work of insiders rather than anonymous external hackers. Here, too, while IT plays a role (through monitoring technologies and systems that look to prevent data exfiltration), HR and business unit managers also need to be proactive in preventing privacy breaches.

Security – both the technology and the skills needed to optimize security systems and keep them current, integrated, and complete – is one of IT's most complex areas. To address these complex (and related) issues, SMB IT is needing to develop a portfolio of security technologies and skills that is equal to the task of defending against cyber-threats; develop and continuously execute on business continuity plans; deploy network and access technologies that are aligned with user needs; implement training approaches and management processes that reduce the risk that human error (or malfeasance) will bypass the SMB's technology shields.

They cannot do it in isolation. There is no 'silver bullet' that SMB executives can use to deliver a failure-proof, future-proof approach to risk management. However, by connecting security, privacy, and reliability/continuity – by working with the right suppliers who understand business requirements – SMB IT leaders want to make a real difference to their organizations' regulatory compliance, customer trust, and bottom-line success.