• SIMPLIFY. EXPAND. GROW.

    SIMPLIFY. EXPAND. GROW.

    SMB. CORE MIDMARKET. UPPER MIDMARKET. ECOSYSTEM
    LEARN MORE
  • ARTIFICIAL INTELLIGENCE

    ARTIFICIAL INTELLIGENCE

    SMB & Midmarket Analytics & Artificial Intelligence Adoption
    LEARN MORE
  • IT SECURITY TRENDS

    IT SECURITY TRENDS

    SMB & Midmarket Security Adoption Trends
    LATEST RESEARCH
  • CHANNEL PARTNER RESEARCH

    CHANNEL PARTNER RESEARCH

    Channel Partner Trends
    LATEST RESEARCH
  • FEATURED INFOGRAPHIC

    FEATURED INFOGRAPHIC

    2024 Top 10 SMB Business Issues, IT Priorities, IT Challenges
    LEARN MORE
  • CHANNEL INFOGRAPHIC

    CHANNEL INFOGRAPHIC

    2024 Top 10 Partner Business Challenges
    LATEST RESEARCH
  • 2024 TOP 10 PREDICTIONS

    2024 TOP 10 PREDICTIONS

    SMB & Midmarket Predictions
    READ
  • 2024 TOP 10 PREDICTIONS

    2024 TOP 10 PREDICTIONS

    Channel Partner Predictions
    READ
  • CLOUD ADOPTION TRENDS

    CLOUD ADOPTION TRENDS

    SMB & Midmarket Cloud Adoption
    LATEST RESEARCH
  • FUTURE OF PARTNER ECOSYSTEM

    FUTURE OF PARTNER ECOSYSTEM

    Networked, Engaged, Extended, Hybrid
    DOWNLOAD NOW
  • BUYERS JOURNEY

    BUYERS JOURNEY

    Influence map & care-abouts
    LEARN MORE
  • DIGITAL TRANSFORMATION

    DIGITAL TRANSFORMATION

    Connected Business
    LEARN MORE
  • MANAGED SERVICES RESEARCH

    MANAGED SERVICES RESEARCH

    SMB & Midmarket Managed Services Adoption
    LEARN MORE
  • WHITE PAPER

    WHITE PAPER

    SMB Path to Digitalization
    DOWNLOAD

Techaisle Blog

Insightful research, flexible data, and deep analysis by a global SMB IT Market Research and Industry Analyst organization dedicated to tracking the Future of SMBs and Channels.
Font size: +
3 minutes reading time (571 words)

SMB IT is challenged and its role in supporting governance-risk-compliance

Managing governance, risk and compliance is an IT challenge for over 1/4th of midmarket firms and slightly more than 1/10th of small businesses in each geo – US, Europe, Asia/Pacific, Latin America. See chart below. In an SMB context, “governance” is at least somewhat analogous to “taste” in home décor, or “sustainability” in supply chain practices: easy to acknowledge as important, but difficult to define. What is easy to delineate is the notion that governance has important linkages to issues that are of vital importance to SMB management:

  • risk mitigation,
  • regulatory compliance, and
  • protection of the corporate reputation.

Governance is a way of describing the objectives of senior executives, or of the company as a whole; it is the approach that determines how the SMB interacts with its customers, its suppliers, and its community. Oftentimes, the term ‘governance’ is coopted by IT professionals, who talk about issues like “IT governance,” “cloud governance,” or “data governance.” These are important concepts, but they really refer to policies and controls.

techaisle smb compliance challenge globally 2

Policy is the ‘glue’ that connects governance and security: SMBs benefit from thinking about management issues first, and then developing positions that guide security decisions. This works as a starting point for an SMB security strategy. However, there are challenges that arise from specific IT usage patterns or events that impact an SMB’s risk profile.

Consider the issues cited in the chart below - examples of usage patterns that affect an organization’s security stance: use of cloud, and ‘shadow IT,’ or user-managed applications and/or storage that may not align with corporate security policies. It’s possible to simply state that any use of cloud or user-managed IT services needs to adhere to these policies, but the reality is that they may not: for example, a cloud supplier’s SLAs may not include corporately-approved escalation processes, and users may lack understanding of (or concern for) corporate IT guidance. This doesn’t mean that use of cloud and shadow IT should be banned – cloud is an important IT service delivery option, and to some extent, shadow IT reflects innovation within the business.


techaisle smb compliance security challenges

What it does mean is that security technologies and processes have to be able to cover issues like cloud and shadow IT in ways that align with corporate governance policies. Similarly, attacks from hackers or exfiltration of corporate data caused by lost laptops or smartphones (or via malicious employees) often aren’t covered by specific governance policies within an SMB, but these kinds of events represent risk that most SMB executives would consider to be unacceptable. Here, too, the staff member (or supplier) responsible for IT security needs to be sure that the technologies and processes that have been put in place will provide the level of protection needed to adhere to corporate governance policies.

techaisle smb compliance role of it


SMB executives should work with their technical teams to arrive at an assessment that looks at a supplier through both technical and management lenses. The combined business/IT perspective can consider whether the supplier is likely to act as a partner to the business: whether it is trustworthy, whether communications will be regular and effective, whether the relationship will stay viable over time. In the end, these issues determine whether and how a supplier meets the overarching requirement: providing the security layer needed to support the SMB’s governance objectives.

To read more on how IT can help SMB create a process and workflow for managing governance, compliance and risk download the white paper.

×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

IoT delivering unexpected business outcomes to SMB...
HPE boldly pivoting headlong into post-transaction...
Comment for this post has been locked by admin.
 

Research You Can Rely On | Analysis You Can Act Upon

Techaisle - TA