Zero Trust Architecture on the Rise in Midmarket and SMBs

It is the best of places; it is the worst of places. The famous opening line echoed from the Dickens masterpiece “A Tale of Two Cities” describes a period in which opposites – wisdom and foolishness, light and darkness, hope and despair – exist side by side. The events and depths of emotion described in the novel are much more extreme than the scenarios cloud and overall IT adoption presents to businesses. But the notion that there are opposing elements of opportunity and requirement associated with the cloud would ring true to SMB and midmarket executives, who need to balance the new business outcomes that they can achieve via cost-effective cloud/IT solutions with the need to safeguard users, data, and applications from malicious intruders. The upside is competitiveness in a fast-moving economy; the downside is destroying customer relationships and corporate reputations at the core of business success. Where is the safe middle ground – the approach that results in optimal business protection and access to the upside associated with cloud/IT solutions?

The market is buzzing with discussions on zero trust (ZT). A Techaisle survey of 2035 SMBs and Midmarket firms shows that 8% of small businesses, 46% of core-midmarket firms, and 69% of upper midmarket firms know of ZT and that 21% of SMBs and 64% of midmarket firms consider its adoption either very important or important. Critical reasons for adopting zero trust include reducing insider threats, breach prevention, compliance, mitigating endpoint threats, and managing hybrid IT and remote work security issues.

However, most firms need to be made aware that ZT is not a product but a framework that requires a focus on the journey and strategy. Regardless, 14% of “in the know” SMBs and 35% of upper midmarket firms have begun planning their investments in ZT technology, initially focusing on identifying their critical digital assets and security vulnerabilities.

The early adopters (or planners) find that identifying and addressing foundational requirements are critical for a successful and executable roadmap. This often begins with identity management and authentication of users and devices, expanding over time to network visibility and micro-segmentation, which are essential in preventing the lateral movement of breaches and cyberattacks.

In the SMB and midmarket segments, critical security offerings are tied to mobile devices/remote users, including those connected to productivity solutions, file sharing, and unified workspace, as well as endpoint security offerings used to defend against persistent threats (malware, spam) to the business as a whole. Corporate/network security, represented by firewalls and intrusion detection and prevention systems, are usually positioned near the center of the stack, along with backup and DR/BC. It’s worth pointing out that many of these categories aren’t entirely discrete – for example, encryption can (and should) apply to both data stored at the core of corporate systems and data resident on mobile devices.

Understanding the SMB IT and security stacks is important for zero-trust suppliers. A clearly-defined stack matters to a definition of what the “art of the possible” looks like in the SMB IT world: what security technologies can and should SMBs assemble to ensure that they are delivering the services required in the IT-centric economy, and what capabilities do suppliers need to offer if they are positioning themselves as the primary/single ZT source to their clients? In addition, vendors must focus on building on deployed technologies and expanding ZT capabilities through product enhancements, relationships with technology ecosystem partners with solid API connections, and service providers that can integrate needed ZT functionality. Zero Trust is an ecosystem play. Techaisle survey shows that midmarket firms and SMBs are working with multiple IT suppliers to gain an understanding of and adopt Zero Trust.