I first used a ThinkPad in 1994 when I was with IDC in Hong Kong and had immediately taken a liking to the distinct red TrackPoint, color and feel of the laptop. I even had a docking station. It served me extremely well during my numerous overseas trips. In 1995, I switched to ThinkPad 701 with the butterfly keyboard. And when I accidentally placed my luggage on the laptop the shattered screen devasted me. I continued to use a ThinkPad till the time I joined Gartner which gave me a non-ThinkPad laptop. In my subsequent jobs I usually requested and received a ThinkPad from my workplaces.

Slightly more than a decade ago when I founded Techaisle I bought a Sony Vaio. It was a big mistake. Within a few months I switched to a ThinkPad Carbon. Why this obsession with ThinkPad? Quality, reliability, elegance.

Since early October I have been using Lenovo’s latest 7th Gen ThinkPad X1 Carbon. The minute I unboxed and picked-up the ThinkPad I realized I was holding a classic yet modern design. Everything from the sharply defined etched grey-red X1 logo on the chassis cover to the rubbery plastic carbon fiber weave with a textured pattern defies description. It is incredibly light, at 2.4 pounds and combined with a thin design at 0.58 inches (14.95mm) with no visible taper gives my shoulder-back combo a much-needed respite. I have found myself frequently using the leather ThinkPad X1 Ultra Sleeve (which delivers a premium feel to the X1 Carbon experience) without the need to carry a backpack when I am within a conference venue. The keyboard travel, although reduced to 1.5mm (from 1.7mm in previous models), to accommodate redefined thinness still provides familiar comfort and feedback for which ThinkPads are known for. The switched placement of Ctrl and Fn keys, as compared to most other keyboards and laptops, does throw me off.

The model that I am using is fully-configured with 16 GB RAM, 512 GB SSD, Intel core i7-8665U CPU 1.90GHz and UHD Graphics 620 with 3840 X 2160 display HDR400 with 500 nits brightness. Lenovo promises 18 hours of battery life for a lower resolution screen but the 4K screen that I am using obviously drains battery fast. Fortunately, Lenovo’s RapidCharge technology charges the X1 Carbon up to 80% within an hour. Lenovo’s “eye care” mode reduces blue light on the screen. Lenovo also has a PrivacyGuard but is not available for 4K screens. The screen does hinge 180 degrees to sit flat on a desk but I have never really found the need to use the capability.

A key evaluation criterion for me is a laptop’s ability to contribute and enhance productivity. The screen resolution enhances the experience for sifting through huge spreadsheets of analytical information, scrolling through rows of survey data, creating data-rich PowerPoint slides, reviewing infographics and working on Power BI dashboards. When I connect the ThinkPad to an external display (Dell UltraSharp 27 Monitor - U2719D) through Lenovo Thunderbolt™ 3 Dock, the productivity and experience are amplified.

ThinkVision M14 (sold separately) is a mobile display for on-the-go productivity. I usually bring it along with me. It easily connects through USB-C, provides a tremendous utility when working on my data spreadsheets and PowerPoints on the road. The ThinkVision M14 is only 0.4mm think and weighs next to nothing and easily slides into already crammed backpack space. And yes, I have also used ThinkVision M14 with a Dell XPS 13 and Dell Latitude 7390 2in1. Even my son has used it for his work and games and brought it with him during his travels.

I may be one of the few who still use the TrackPoint. Right above the touchpad are three mouse buttons to be used in conjunction with the TrackPoint which allow me to fully rest my fingers on the laptop itself without having to repeatedly lift my palms. Although I must say I miss the touchscreen in my ThinkPad X1 Carbon configuration (4K does not have touchscreen).

Lenovo Vantage, an app that keeps the device up and running and allows for custom settings, has grown in stature and capabilities substantially in the last one year. I have enabled WiFi security, Intelligent cooling with Quiet mode, battery charge threshold to prolong battery life and always-on USB to charge even when the computer is in sleep mode or off. To turn on WiFi security I had to enable location tracking, there seems to be no way around it. So far, it has worked well despite some occasional false notifications. The ThinkPad Carbon X1 is quiet and I rarely hear the fans spinning. I am the type of person when my iPhone battery drops to 70 percent, I look for an outlet to charge. Hence, enabling always-on USB has helped me keep my devices (iPhone, AirPods Pro, Bose headphones, Ultraportable Bluetooth speaker, backup power adapters and others) connected and charged. There are more than enough ports - 2 x USB-C, 2 x USB-A and 1 x HDMI - for my obsessive-compulsive need to keep all devices charged and connected.

Needless to say, collaboration is a key aspect of any work, especially in my job profile where most collaboration is video-enabled. Microsoft Teams, WebEx, Zoom, Hangouts and Go-to-meeting are most used. When I am not using headphones or portable Bluetooth speakers for conference calls, the 4 x 360-degree far-field microphones are useful. Nobody has complained to me so far about audio quality. The webcam has had no issues and the included camera shutter is a much-needed bonus as long as I remember to slide open or close.

I must confess that I have not setup Windows Hello - neither fingerprint nor facial recognition.

It is a mistake to compare ThinkPad X1 Carbon Gen 7 with a MacBook. Instead, it should be compared and contrasted with Dell Latitude 7400. But comparison is not the objective of my review. Both are well-positioned and have their defined target market segments. It is however important to note that PC is where work gets done. It is still the centerpiece of business productivity and buying a new laptop is likely to have a more significant impact on productivity than any other technology. Modern PCs deliver more than an incremental improvement in performance and features. ThinkPad X1 Carbon is a modern business laptop that embraces tradition and after so many years still defies description.

Techaisle’s SMB and Midmarket security solutions adoption research shows that although security is a top IT priority for 85% of SMBs, cybersecurity is still not the most pressing security issue for 80% of SMBs. These SMB firms maybe maneuvering around the edges of cybersecurity flame as 19% of small businesses and 28% of midmarket firms believe that they have established best practices to control cyber-attacks. 31% of SMBs report that they are very confident of recovering from a cybersecurity incident and another 20% say the recovery is dependent upon the type of incidence. Is it really the case that the security-confident SMBs have taken all necessary steps to safeguard data, user and environment? Answer lies in the next set of data points. Only 8% of small businesses and 24% of midmarket firms have tested their responses to breaches or security incidents to ensure that their protocols will be effective in a crisis situation. Less than 10% of SMBs are covered by cyber-insurance and only 5% are considering cyber-insurance.

SMBs that build effective, responsive security frameworks will be positioned to capitalize on new technologies and on the new efficiencies that they enable. There is no denying that the threats that IT security frameworks address are becoming both more pernicious and a greater threat to the success of IT-dependent businesses – which is to say, nearly all businesses.

In the Techaisle survey, respondents were asked “– what would be the impact on your organization if there was a security/data breach of corporate information?” Responses indicate that the damage would be widespread and substantial. As the chart below demonstrates, the most severe consequence of a breach would be damage to customer privacy and trust, but there would also be damage to corporate reputations and profitability, difficulty in meeting regulatory requirements, and personal reputation damage for both business and IT professionals within the firm.

The NIST framework does a good job of describing a business’s approach to cyber security, but it doesn’t actually address the approaches used by ‘bad actors’ to attack data and users. To understand how attackers work (and might be stopped), IT security professionals often turn to the cyber (or intrusion) kill chain. This seven-stage view of an attacker’s process, developed by Lockheed Martin in 2011, helps technical leads to align security technology and processes against an attacker’s progressive objectives.

There are many variants on the diagram. Some include responses to the intrusion kill chain, urging businesses to “detect, deny, disrupt, degrade, deceive and destroy” attackers and their malware. Others highlight the key technologies and technology processes used to support these responses: for example, security professionals combating intruders at the reconnaissance stage might use web analytics to detect an intruder’s activities, and then firewall technology to deny access to corporate systems. The specific details vary from scenario to scenario, and evolve over time. What is constant, though, is the need for technically-adept security professionals to invest in capable technologies, to integrate these systems with each other, to develop processes that connect effectively with threats and technology-based ‘shields’, and to align these systems and processes with management’s corporate objectives.

It isn’t an exaggeration to state that in today’s business world, IT infrastructure is business critical infrastructure. SMBs are heavily invested in IT, with IT-dependent processes throughout their operations. This ubiquitous dependence on technology means that systems failure will reverberate throughout all of a company’s daily operations. There is no way to disaster-proof against IT failure with insurance; appropriate investment in IT security processes, technologies and management strategies is the only way to capitalize on the productivity benefits of IT without creating exposure to organizational paralysis in the event of a malware invasion, a hacker attack or an employee’s negligence or malfeasance.

The lack of understanding of a threat associated with a widely-used cloud platform on one hand (and likely, additional confusion with respect to security issues associated with other technologies), and the lack of IT staff resources available to address security concerns on the other, produces a clear conclusion: SMBs need suppliers to step up to delivery of secure IT environments and prevent cyber-attacks.

In many cases, these suppliers will be the mainstream channel partners who supply the SMB’s technology, who act as the IT management presence within the SMB’s business. In other cases, including in many midmarket environments, the source of security products and services will be specialized managed security providers who focus tightly on operating SOCs and protecting client environments. In some scenarios, firms will ‘land’ by entering a client account from one of these positions, and then ‘expand’ to serve a wider range of IT supply needs – crowding out competitors who can’t address the risk and compliance issues that are central to the CEO’s mandate.

Related research

US SMB and Midmarket Security adoption trends

Europe SMB and Midmarket Security adoption trends

Asia/Pacific SMB and Midmarket Security adoption trends

Latin America SMB and Midmarket Security adoption trends

Techaisle research into SMB approaches to digitalization shows a great belief in organizational commitment to digitalization strategies. 17% of small businesses and 31% of midmarket firms, down from more than 40% two years ago, believe that they are “holistic” with respect to digital transformation – that within their firms, the Internet and digital technologies impact every aspect of the business and are at the core of organizational strategy. Another large proportion of the SMB population – 32% of small businesses, 45% of midmarket firms – report that their organizations are best categorized as “inclusive,” seeing digital as important to the business, but as a relatively minor factor in strategic planning, and not having organization-wide impact. Lesser proportions of both populations see themselves as ‘siloed’ with respect to digital initiatives, but within 19% of small businesses, up from 5% in 2017, digital is not seen as core to their operations.

Pace of digital business adoption within SMBs

To add context to the previous data set, figure below shows how rapid the take-up of digital business within the SMB community has been and is expected to be over the next two years. Overall, SMBs expect 32% of business activities to be digitized by 2021, which will be up from 17% in 2017, nearly double. On average, roughly a quarter of small business and midmarket companies’ operational processes are digitized today: this represents a 51% increase (from 16%) within small business and a 47% (from 18%) increase within midmarket firms over the past two years, with a further 24%-28% increase (to nearly one-third of all processes) expected by the end of 2021. Suppliers selling into the SMB market with a digitalization position/messaging strategy should find a large number of firms looking to accelerate digital business initiatives.

Constraints to SMB digital strategies

A follow-on question about inhibitors found that 30% of SMBs “lack the skills” to embrace digital business practices; nearly as many (28%, rising to 36% in small business) cite staff or management reluctance to change current practices as a barrier to digital business adoption, and substantial proportions of the SMB community also point to “lack of investment capital/budget” (26%, and again, higher within small business) a risk averse corporate culture (24%) and inadequate installed technology (23%). In all, seven different constraints were cited by at least 20% of SMB respondents – highlighting the fact that SMBs face numerous challenges to development and adoption of effective digital business strategies.

Related SMB survey research reports:

US SMB & Midmarket Digitalization Trends

US Midmarket Digital Transformation Trends

US SMB & Midmarket SaaS Adoption Trends

Europe SMB & Midmarket SaaS Adoption Trends 

Asia/Pacific SMB & Midmarket SaaS Adoption Trends

Latin America SMB & Midmarket SaaS Adoption Trends

White papers

Prologue and Epilogue of Digitalization in SMB Market

Digital Transformation for the Modern Midmarket: Red Paper

Future of Work - Interwork: the next step in connected businesses

Digital Transformation & the Future of Reseller Channel

Techaisle’s Europe SMB and Midmarket security adoption trends survey shows that both small businesses and midmarket firms recognize that cloud poses a risk to their data: “cloud usage/services put us at a higher risk of a data breach” is the security-related statement that resonates most with small businesses, and it is one of the top three issues identified by midmarket respondents. However, 24% believe that they are better prepared than most to address cloud security issues. “Our security budget is sufficient to meet our needs” is the most commonly-advanced statement on IT security by small businesses but 52% of midmarket firms believe that their "budget is not sufficient to meet their security needs". Only 8% of European small businesses have formal security protocols in place to respond to a security incident as compared to 32% of midmarket firms.

There is no denying the threats that IT security frameworks address are becoming both more pernicious and a greater threat to the success of IT-dependent businesses – which is to say, nearly all businesses. Survey data also shows that in Europe, 52% of small businesses and 62% of midmarket firms experienced one or more security incidents in the last one year.

At least within the European SMBs and midmarket firms there seems to be adequate awareness of the quantity, variety and severity of threat sources but the unpreparedness is in part due to weak reporting of breaches when they occur, with only events too big to hide becoming the subjects of public discussion. Tougher disclosure legislation will make SMBs more aware of the extent of IT security issues – which in turn will likely boost investment in security solutions and reduce the number of respondents expressing comfort with their current state of readiness.

Despite the dichotomy of potential of security threats and overconfidence, SMBs are concerned about their threat landscape, both at the PC-level as well as with cloud.

Data clearly shows that small businesses and midmarket firms have very different perceptions of cyber-security risks, security approach and attitude, cloud and end-point security concerns and most effective security solutions to protect cloud data.

A review of cloud security threats and mitigation options available to European SMBs illustrates the fact that while cloud brings unique challenges, the measures used to address the expanded threat profile are consistent with those that would represent good practice in any infrastructure context. 37% of SMB survey respondents are concerned with data exposure during transfers to remote locations, 35% are concerned with the potential for cloud-based accounts to be hijacked, and 28% are worried about unauthorized access to or breaches of data repositories in the cloud, insecure interfaces used to access cloud-based systems, the potential for insiders within a cloud service provider to exfiltrate information, and denial of service (DDoS) attacks – all of which represent cloud-specific threats.

SMBs have very strong perception and understanding of technologies and practices that are considered most effective at protecting data in the cloud and addressing their cloud security concerns. These include data and network encryption, intrusion detection and prevention (IDP), the setting and enforcement of security policies, the creation of data boundaries that separate different information sets, use of access control technologies, and unified threat management. Unlike the threats, though, that are specific to cloud/hybrid IT infrastructure, these approaches do not arise uniquely from use of cloud: they can and should be applied within environments that are not cloud based as well. Any business that relies on a network and supports mobile users (necessitating access control) would do well to implement all of these measures.

Techaisle believes that there are different take-aways for suppliers focused on small and midmarket customers. In small business, there is a need to educate buyers about the gaps that exist between current preparedness and risks, and between small business readiness and the approaches that are common within larger organizations: small businesses need to understand where and how to invest in a wider range of security solutions, especially with respect to covering threats associated with mobility and cloud. There is also a need to respond to price-performance pressures.

Clearly, security itself is a complex solution area, and the marketing challenges faced by suppliers – which need to articulate solutions in terms that are appropriate to small and midmarket businesses, to BDMs and ITDMs, and via sources and channels that are relevant to the evaluation and purchase process – are complex in their own right. Security permeates all aspects of IT service delivery – and as a result, success in navigating the solution and marketing needs offers great upside for successful suppliers.