Techaisle Blog

SMBs are not only increasingly dependent on IT – they are dependent on increasingly-interconnected systems, which are in turn open to an ever-expanding population of devices and access points. The volumes and value of data contained in these systems continues to grow, which both increases the potential damage associated with a breach, and attracts heightened attention from hackers. Techaisle’s SMB survey data finds a disconnect between security policy and security practice that creates the potential for poorly-coordinated approaches to security – an uncertainty that is magnified by shadow IT.

In Techaisle’s latest survey of SMBs, only 13% said that they were fully prepared and confident to handle security challenges, especially mobility security. The remaining 87% were partially prepared, unprepared or unsure. These are very sobering statistics.

Techaisle’s SMB Shadow IT survey data shows that over 70 percent of applications and nearly 60 percent of IT infrastructure related spend and decision authority lies outside of IT. These expenditures are made without the IT department’s approval, guidance, or in some cases, even without IT’s knowledge. 

Security is becoming a more critical component of business rather than IT strategy.

SMB IT security managers should petition for senior executive support which will help to build an approach that safeguards the organizations, users and data, in a framework that is flexible enough to respond to emerging opportunities and threats.

SMB Mobility increases threat perimeter

The problem with mobility (like cloud) is that it changes the concept of “perimeter.” Intruders don’t need to batter through closely-guarded walls to gain access to the interior of the network; they can ride through a permeable configuration on the backs of mobile devices that have been granted access to the precious applications and data that live in the interior of the organization. It is as if the castle walls and drawbridge were replaced by windows and breezeways offering access to visitors arriving from all directions.

With mobility, the SMB user community becomes a ubiquitous and shifting source of portals through the perimeter. As a result, IT doesn’t need to only defend against recognized foes: it needs to protect the corporation from breaches that can result from the actions of its own workers, and needs to protect the same data that it delivers as an essential component of support for the mobile workforce – the workforce that is viewed by senior management as making compelling contributions to the top and bottom-line success of the business.

SMBs should consider a four-layer security framework model for deployment:

VMware has been in the news recently – a valuable asset for Dell, caught between the Dell-EMC deal (see analysis of the deal here). Just a couple of months ago VMware had its VMworld, a forum for VMware to articulate its strategy to customers, partners, media and analysts. VMware’s 2015 theme “Ready for Any” was centered on the challenges that IT professionals are facing today - security, mobility, application delivery and hybrid cloud – and the company’s strategy of supporting “One Cloud, Any Application, Any Device” as a means of empowering IT management to respond to these challenges. VMware’s vision is to “enable an architecture that lets IT deploy or consume capacity from a cloud without having to worry about the physical location or who the vendor is. To do this VMware wants make sure that different form factors of the cloud (private, public, managed, etc.) connect or are transferable”.

Hybrid IT, including hybrid cloud, is no longer an appealing future proposition; it is a current reality as workloads increasingly run internally on a highly-optimized virtual environment connected to a public cloud, and public cloud resources are being widely used for developing and testing applications to be deployed on private or hybrid clouds. Many workloads process data in the public domain and simultaneously store sensitive data in the traditional data center to meet regulatory and compliance guidelines. Techaisle’s SMB & midmarket cloud adoption survey shows that within SMBs, use of hybrid cloud will continue to increase as both a conscious strategy and as a reaction to use of both public and private resources within a single infrastructure; hybrid use is expected to top 40% within the small business market, and will be used by two-thirds of companies with 100-999 employees.

Over the last two years, as virtualization penetration within enterprises has been slowing, VMware has been broadening its solution portfolio to deliver solutions for management and delivery of on/off-premise IT infrastructure. As a result, VMware’s product line has grown beyond compute: it rolled out vSAN for storage, NSX for network, and vRealize for management. Last year, VMware announced its vision of software-defined data center (SDDC) and introduced EVO:RAIL, which ties VMware software to partner hardware for a hyper-converged appliance. In the most recent VMworld this vision was extended to EVO:RACK: while EVO:RAIL was positioned as "SDDC in a box" suitable for midmarket businesses, EVO:RACK (now marketed as VMware EVO SDDC) is aimed at large enterprise customers. In Techaisle’s view, vSAN and EVO:RAIL are also relevant solutions for SMB customers looking to adopt hyper-converged infrastructure.

In 2014, VMware had announced integration between on-premise vSphere and VMware's own public cloud (vCloud Air) enabling businesses to migrate workloads to a VMware-based public cloud. In 2015, VMware extended the narrative to announce Unified Hybrid Cloud - built on SDDC and vSphere - to enable IT professionals run, build, deliver and secure any application, anytime and anywhere. Despite new offerings it is common knowledge that VMware still lags Amazon Web Services and Microsoft Azure in the public cloud market.

VMware is continuing its investment in network virtualization and in the future of NSX. It announced NSX 6.2 with added features such as inter vCenter NSX support, universal firewall rules and security groups, and Trace flow. Techaisle assumes a bigger game changer to be the integration between virtual and physical networks when VMware and partners such as HP complete the support of OVSDB in NSX to manage hardware virtual tunnel end-points (VTEPs).

Key market context

While enterprise market may be saturated, virtualization adoption within SMBs is far from over. Techaisle’s SMB & midmarket Server Virtualization adoption market trends study shows that US SMB server virtualization penetration has reached 54 percent (un-weighted), up from 41 percent two years ago. Within midmarket businesses the penetration has reached 88 percent and another 7 percent are planning adoption in the next year. Across the entire SMB community, there has been a 45% increase in off-premise virtualized servers in the past two years, an enormous shift that highlights the broader shift towards remote management of infrastructure resource. VMware has positioned itself to capitalize on the immense SMB opportunity, however, it needs to have a sales motion that is specifically targeting net new customers within SMBs rather than “mining” the installed base as in enterprises.

The real VMware SMB story is in EUC – enabling untethered mobility

The real story and opportunity for VMware, though, is in end-user computing.

In the course of Techaisle’s SMB & Midmarket IT Decision Making Authority: IT vs LoB, BDMs (business decision maker) and ITDMs (technology decision maker) were asked to identify the “greatest benefits” and “key attributes” of both cloud and mobility solutions.

There is an interesting pattern apparent in the survey research findings. When adopting mobility solutions small business BDMs are focused on addressing near-term pain points: attracting new customers, improving accuracy, addressing work/life balance. The ITDMs appear to be taking a longer view, focused on applying automation to bring structure to business processes – improving the quality of interaction through application of mobility solutions, improving the quantity of those interactions, increasing process efficiency.

Midmarket BDMs are looking to mobility to help increase business process efficiency and customer interaction quality. Midmarket ITDMs, on the other hand are focused on increasing the quantity of customer interactions, which would logically impact other core areas (such as business user productivity and process efficiency) as well.

When discussing the mobility solution attributes that BDMs and ITDMs consider important to delivering on mobility benefits BDM and ITDM buyers have similar and common perceptions across all business sizes. “The ability for the mobile solution to be integrated seamlessly with existing corporate systems” – ensuring consistency across devices – is ranked as the most important mobility solution attribute by small business BDMs, and the second-most important attribute by midmarket BDMs. The ability to create and sustain secure connections for remote workers and the ability to deliver seamlessly across the “three screens” of PCs, tablets and smartphones are also priorities for BDMs in both small and midmarket businesses. ITDMs also have some key common areas of focus: the ability to integrate multiple media types into outbound communications and the ability to read or write data from/to corporate systems are the two top-ranked attributes in both employee size categories.

It is clear that each IT and business professional’s perspective on the mobility journey is shaped by their context – by their business objectives, and by the requirements imposed by the size of their organization. In the figure below we have taken the results from the Techaisle survey and plotted them in three dimensions.

A look at the findings from parallel questions on cloud also reveals differences between ITDMs and BDMs, but similarities between small and midmarket firms. Looking at cloud benefits, BDMs, especially in small businesses, view cloud as a means of introducing capabilities that would have been cost or time prohibitive, and of reducing business process costs. ITDMs, on the other hand, view cloud primarily as a means of reducing IT costs. ITDMs in both small and midmarket businesses recognize that cloud can enable their organizations to be more agile, which connects well with a theme expressed by BDMs.

When analyzing the key attributes leading to realization of the above cloud benefits, data shows some differences in emphasis between small and midmarket firms. The most important difference between BDMs and ITDMs is the BDMs’ emphasis on collaboration: BDMs in both small and midmarket businesses are more likely than their ITDM counterparts to view support for collaboration as a key cloud solution attribute. BDMs are also more likely than ITDMs to look to the cloud for detailed reporting and for support of features – disaster recovery, on-demand data access, and mobility support – that may be lacking in their current environments. ITDMs, on the other hand, are focused on technical attributes (scalability, integration, IT management capabilities) that are difficult and/or expensive to develop without third party support.

Understanding the requirements, preferences, success metrics and areas of focus of BDMs and ITDMs within both small and mid-sized businesses is critical to structuring an effective SMB sales and marketing strategy. The findings open the door to an important issue: the requirements in structuring and communicating messages to ITDMs and BDMs within small and midmarket businesses. To effectively engage with and manage the increasingly-diverse decision making unit, IT suppliers will need to structure messages that address the "care-abouts" of BDMs and ITDMs, and deploy those messages through the channels that are most effective at reaching each community.

Techaisle SMB and Midmarket Mobility Adoption Trends data shows that BYOD is not a factor in every SMB’s mobility strategy: more than half of small business (1-99 employees) respondents to the Techaisle SMB survey report that all or essentially all of the mobile devices in use are owned by the business, and nearly 25% of midmarket enterprises own 90%+ of their mobile device portfolios. However, BYOD is widespread within this group: 36% of the devices used by small businesses and 43% of those in use within midmarket firms are owned by employees.

The term BYOD has only been around since 2009, when it is said to have originated at Intel – but it has since become ubiquitous. A web search on the term will return nearly 10 million hits, and IT managers at organizations of all sizes and from nearly all industry sectors are very familiar with demands for connecting employee-owned mobile devices to corporate IT networks, applications and data resources.

Techaisle survey data shows that BYOD within SMBs comes in several ‘flavors.’ One of them is where employee both selects and pays for a new device, delighting the SMB finance, but causing problems for IT. Another flavor is CYOD, where employee pays for the device but selects it based on guidelines or an approved list. It appeals to both the SMB and IT but is not completely satisfactory for the employee. Third flavor is where it is a mix of two with some level of reimbursement for the purchase from the company and/or technical support for the devices. This has an upside because the employee selects technology that he/she is comfortable with but the downside is that the cost burden rests, at least to some extent, with the company rather than the employee.

Techaisle SMB and Midmarket mobility adoption survey data also shows that BYOD has implications on desktop and notebook purchases.