Techaisle’s survey of over 1,100 US SMBs, covered in US SMB & Midmarket Cloud Security solutions adoption trends report, shows that 41% of SMBs recognize that cloud poses a risk to their data. It resonates most with small businesses (1-99 employees) and is one of the top three issues identified by midmarket (100-999) respondents. However, to a large degree, these firms also believe that they are prepared to address cloud security issues. 46% of midmarket firms report that they are in better shape than their peers.
Survey data also shows that 72% of 1-9 employee microbusinesses, and 62% of small businesses overall, have not layered any security products on top of their cloud environments. They are entirely dependent on the security features embedded in their cloud environments. Even within the more sophisticated midmarket (100-999 employees) segment, the survey finds that only 20% of firms are currently using discrete products/services to secure their cloud environments, a finding that is ameliorated somewhat by the 70% of midmarket firms that are currently implementing these solutions.
Given the prevalence of cloud (used by 80% of small and 94% of midmarket businesses), the data reflects a clearly inadequate approach to security. Techaisle believes that vendors should rush to find profitable ways of serving both small and midmarket customers with a combination of hybrid/cloud-focused products and -aaS security offerings. It is interesting to note as well the high proportion of small businesses (29%) who are unsure of what security technologies would be most effective in protecting data in the cloud. This points to tremendous opportunity for suppliers to position their own offerings/approaches in this market.
A drill-down of survey data on cloud security threats and mitigation options available to and used by SMBs illustrates the fact that cloud brings unique challenges with the stark reality that there is a pressing need for investment in security offerings to protect cloud environments, cloud-resident data and cloud-dependent users in small businesses. Figure below illustrates the top cloud security threats perceived by SMBs and the top mitigating solutions that are being used or planning to be used.
Techaisle feels that the responses do not reflect adequate awareness of the quantity, variety and severity of threat sources. In part, this is due to weak reporting of breaches when they occur, with only events too big to hide becoming the subjects of public discussion. Over time, Techaisle expects that tougher disclosure legislation will make SMBs more aware of the extent of IT security issues – which in turn will likely boost investment in security solutions and reduce the number of SMB respondents expressing comfort with their current state of readiness.