• SIMPLIFY. EXPAND. GROW.

    SIMPLIFY. EXPAND. GROW.

    SMB. CORE MIDMARKET. UPPER MIDMARKET. ECOSYSTEM
    LEARN MORE
  • ARTIFICIAL INTELLIGENCE

    ARTIFICIAL INTELLIGENCE

    SMB & Midmarket Analytics & Artificial Intelligence Adoption
    LEARN MORE
  • IT SECURITY TRENDS

    IT SECURITY TRENDS

    SMB & Midmarket Security Adoption Trends
    LATEST RESEARCH
  • CHANNEL PARTNER RESEARCH

    CHANNEL PARTNER RESEARCH

    Channel Partner Trends
    LATEST RESEARCH
  • FEATURED INFOGRAPHIC

    FEATURED INFOGRAPHIC

    2024 Top 10 SMB Business Issues, IT Priorities, IT Challenges
    LEARN MORE
  • CHANNEL INFOGRAPHIC

    CHANNEL INFOGRAPHIC

    2024 Top 10 Partner Business Challenges
    LATEST RESEARCH
  • 2024 TOP 10 PREDICTIONS

    2024 TOP 10 PREDICTIONS

    SMB & Midmarket Predictions
    READ
  • 2024 TOP 10 PREDICTIONS

    2024 TOP 10 PREDICTIONS

    Channel Partner Predictions
    READ
  • CLOUD ADOPTION TRENDS

    CLOUD ADOPTION TRENDS

    SMB & Midmarket Cloud Adoption
    LATEST RESEARCH
  • FUTURE OF PARTNER ECOSYSTEM

    FUTURE OF PARTNER ECOSYSTEM

    Networked, Engaged, Extended, Hybrid
    DOWNLOAD NOW
  • BUYERS JOURNEY

    BUYERS JOURNEY

    Influence map & care-abouts
    LEARN MORE
  • DIGITAL TRANSFORMATION

    DIGITAL TRANSFORMATION

    Connected Business
    LEARN MORE
  • MANAGED SERVICES RESEARCH

    MANAGED SERVICES RESEARCH

    SMB & Midmarket Managed Services Adoption
    LEARN MORE
  • WHITE PAPER

    WHITE PAPER

    SMB Path to Digitalization
    DOWNLOAD

Techaisle Blog

Insightful research, flexible data, and deep analysis by a global SMB IT Market Research and Industry Analyst organization dedicated to tracking the Future of SMBs and Channels.
Font size: +
4 minutes reading time (848 words)

IT security framework for SMBs

SMBs are not only increasingly dependent on IT – they are dependent on increasingly-interconnected systems, which are in turn open to an ever-expanding population of devices and access points. The volumes and value of data contained in these systems continues to grow, which both increases the potential damage associated with a breach, and attracts heightened attention from hackers. Techaisle’s SMB survey data finds a disconnect between security policy and security practice that creates the potential for poorly-coordinated approaches to security – an uncertainty that is magnified by shadow IT.

In Techaisle’s latest survey of SMBs, only 13% said that they were fully prepared and confident to handle security challenges, especially mobility security. The remaining 87% were partially prepared, unprepared or unsure. These are very sobering statistics.

Techaisle’s SMB Shadow IT survey data shows that over 70 percent of applications and nearly 60 percent of IT infrastructure related spend and decision authority lies outside of IT. These expenditures are made without the IT department’s approval, guidance, or in some cases, even without IT’s knowledge. 

Security is becoming a more critical component of business rather than IT strategy.

SMB IT security managers should petition for senior executive support which will help to build an approach that safeguards the organizations, users and data, in a framework that is flexible enough to respond to emerging opportunities and threats.

SMB Mobility increases threat perimeter

The problem with mobility (like cloud) is that it changes the concept of “perimeter.” Intruders don’t need to batter through closely-guarded walls to gain access to the interior of the network; they can ride through a permeable configuration on the backs of mobile devices that have been granted access to the precious applications and data that live in the interior of the organization. It is as if the castle walls and drawbridge were replaced by windows and breezeways offering access to visitors arriving from all directions.

With mobility, the SMB user community becomes a ubiquitous and shifting source of portals through the perimeter. As a result, IT doesn’t need to only defend against recognized foes: it needs to protect the corporation from breaches that can result from the actions of its own workers, and needs to protect the same data that it delivers as an essential component of support for the mobile workforce – the workforce that is viewed by senior management as making compelling contributions to the top and bottom-line success of the business.

SMBs should consider a four-layer security framework model for deployment:

  1. Secure the perimeter. This involves protecting the network and its devices against hacks, intrusions and malware. Firewalls that protect in-transit data are a key secure perimeter technology, and today’s next-generation firewalls include intrusion prevention, anti-malware, application control and SSL encrypted traffic inspection in addition to basic firewall capabilities.
  2. Secure at-rest data. The second critical component in the four-layer model is security for at-rest data. The most important element at this layer is encryption technology. Data loss prevention (DLP) technology that prevents leakage of data resident on mobile devices is an extension of at-rest data security. Another key “to do” in this category involves separating data into discrete domains, so that hackers accessing one part of a network do not automatically gain access to all network-resident information. This step may well require IT and business to work together to identify and classify different pools of information, which can be assigned varying levels of security and isolation depending on their importance.
  3. Take steps to protect against employee vulnerabilities. Most security technologies are designed to protect against external threats – but, employees can also be the source of substantial data breaches. Effective access policies (and enforcement of those policies), training and regular awareness campaigns can help protect against inadvertent data leakage. Malfeasance can be more difficult to protect against, though new analytics tools can help highlight patterns that might indicate malicious activities. As per Techaisle’ study slightly less than 50% of SMB executives say that use neglect/irresponsibility is one of the big mobility security threats. However, less than 10% are guarding themselves against such threats.
  4. Apply intelligence in the security process. Hackers actively distribute exploits and information on vulnerabilities, and as a result, the nature of threats continues to evolve. However, there is active information sharing amongst the white hats as well. Security-responsible managers can subscribe to services that provide up-to-the-minute intelligence on emerging threats. This kind of insight allows IT managers to align defenses with highest-priority issues – as long as the overall framework is flexible enough to allow extensions from the “minimally essential core” to areas of immediate and specific need.

There is one additional, critical consideration that IT managers must overlay on this four-layer framework: the need to integrate within and across the layers. A hardened perimeter is only as hard as its softest point; to be effective; the “shields” need to connect/overlap in ways that do not leave vulnerabilities that hackers can exploit. Similarly, data that is tagged as high-priority for encryption needs to be protected on one side from poorly-secured endpoint devices and on the other from employee mistakes or malfeasance.

 

×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

The SMB IT channel has reached an inflection point
VMware – threading the SMB needle
 

Research You Can Rely On | Analysis You Can Act Upon

Techaisle - TA