Techaisle Blog

Techaisle’s SMB and Midmarket security solutions adoption research shows that although security is a top IT priority for 85% of SMBs, cybersecurity is still not the most pressing security issue for 80% of SMBs. These SMB firms maybe maneuvering around the edges of cybersecurity flame as 19% of small businesses and 28% of midmarket firms believe that they have established best practices to control cyber-attacks. 31% of SMBs report that they are very confident of recovering from a cybersecurity incident and another 20% say the recovery is dependent upon the type of incidence. Is it really the case that the security-confident SMBs have taken all necessary steps to safeguard data, user and environment? Answer lies in the next set of data points. Only 8% of small businesses and 24% of midmarket firms have tested their responses to breaches or security incidents to ensure that their protocols will be effective in a crisis situation. Less than 10% of SMBs are covered by cyber-insurance and only 5% are considering cyber-insurance.

SMBs that build effective, responsive security frameworks will be positioned to capitalize on new technologies and on the new efficiencies that they enable. There is no denying that the threats that IT security frameworks address are becoming both more pernicious and a greater threat to the success of IT-dependent businesses – which is to say, nearly all businesses.

In the Techaisle survey, respondents were asked “– what would be the impact on your organization if there was a security/data breach of corporate information?” Responses indicate that the damage would be widespread and substantial. As the chart below demonstrates, the most severe consequence of a breach would be damage to customer privacy and trust, but there would also be damage to corporate reputations and profitability, difficulty in meeting regulatory requirements, and personal reputation damage for both business and IT professionals within the firm.

The NIST framework does a good job of describing a business’s approach to cyber security, but it doesn’t actually address the approaches used by ‘bad actors’ to attack data and users. To understand how attackers work (and might be stopped), IT security professionals often turn to the cyber (or intrusion) kill chain. This seven-stage view of an attacker’s process, developed by Lockheed Martin in 2011, helps technical leads to align security technology and processes against an attacker’s progressive objectives.

There are many variants on the diagram. Some include responses to the intrusion kill chain, urging businesses to “detect, deny, disrupt, degrade, deceive and destroy” attackers and their malware. Others highlight the key technologies and technology processes used to support these responses: for example, security professionals combating intruders at the reconnaissance stage might use web analytics to detect an intruder’s activities, and then firewall technology to deny access to corporate systems. The specific details vary from scenario to scenario, and evolve over time. What is constant, though, is the need for technically-adept security professionals to invest in capable technologies, to integrate these systems with each other, to develop processes that connect effectively with threats and technology-based ‘shields’, and to align these systems and processes with management’s corporate objectives.

It isn’t an exaggeration to state that in today’s business world, IT infrastructure is business critical infrastructure. SMBs are heavily invested in IT, with IT-dependent processes throughout their operations. This ubiquitous dependence on technology means that systems failure will reverberate throughout all of a company’s daily operations. There is no way to disaster-proof against IT failure with insurance; appropriate investment in IT security processes, technologies and management strategies is the only way to capitalize on the productivity benefits of IT without creating exposure to organizational paralysis in the event of a malware invasion, a hacker attack or an employee’s negligence or malfeasance.

The lack of understanding of a threat associated with a widely-used cloud platform on one hand (and likely, additional confusion with respect to security issues associated with other technologies), and the lack of IT staff resources available to address security concerns on the other, produces a clear conclusion: SMBs need suppliers to step up to delivery of secure IT environments and prevent cyber-attacks.

In many cases, these suppliers will be the mainstream channel partners who supply the SMB’s technology, who act as the IT management presence within the SMB’s business. In other cases, including in many midmarket environments, the source of security products and services will be specialized managed security providers who focus tightly on operating SOCs and protecting client environments. In some scenarios, firms will ‘land’ by entering a client account from one of these positions, and then ‘expand’ to serve a wider range of IT supply needs – crowding out competitors who can’t address the risk and compliance issues that are central to the CEO’s mandate.

Related research

US SMB and Midmarket Security adoption trends

Europe SMB and Midmarket Security adoption trends

Asia/Pacific SMB and Midmarket Security adoption trends

Latin America SMB and Midmarket Security adoption trends

Techaisle’s Europe SMB and Midmarket security adoption trends survey shows that both small businesses and midmarket firms recognize that cloud poses a risk to their data: “cloud usage/services put us at a higher risk of a data breach” is the security-related statement that resonates most with small businesses, and it is one of the top three issues identified by midmarket respondents. However, 24% believe that they are better prepared than most to address cloud security issues. “Our security budget is sufficient to meet our needs” is the most commonly-advanced statement on IT security by small businesses but 52% of midmarket firms believe that their "budget is not sufficient to meet their security needs". Only 8% of European small businesses have formal security protocols in place to respond to a security incident as compared to 32% of midmarket firms.

There is no denying the threats that IT security frameworks address are becoming both more pernicious and a greater threat to the success of IT-dependent businesses – which is to say, nearly all businesses. Survey data also shows that in Europe, 52% of small businesses and 62% of midmarket firms experienced one or more security incidents in the last one year.

At least within the European SMBs and midmarket firms there seems to be adequate awareness of the quantity, variety and severity of threat sources but the unpreparedness is in part due to weak reporting of breaches when they occur, with only events too big to hide becoming the subjects of public discussion. Tougher disclosure legislation will make SMBs more aware of the extent of IT security issues – which in turn will likely boost investment in security solutions and reduce the number of respondents expressing comfort with their current state of readiness.

Despite the dichotomy of potential of security threats and overconfidence, SMBs are concerned about their threat landscape, both at the PC-level as well as with cloud.

Data clearly shows that small businesses and midmarket firms have very different perceptions of cyber-security risks, security approach and attitude, cloud and end-point security concerns and most effective security solutions to protect cloud data.

A review of cloud security threats and mitigation options available to European SMBs illustrates the fact that while cloud brings unique challenges, the measures used to address the expanded threat profile are consistent with those that would represent good practice in any infrastructure context. 37% of SMB survey respondents are concerned with data exposure during transfers to remote locations, 35% are concerned with the potential for cloud-based accounts to be hijacked, and 28% are worried about unauthorized access to or breaches of data repositories in the cloud, insecure interfaces used to access cloud-based systems, the potential for insiders within a cloud service provider to exfiltrate information, and denial of service (DDoS) attacks – all of which represent cloud-specific threats.

SMBs have very strong perception and understanding of technologies and practices that are considered most effective at protecting data in the cloud and addressing their cloud security concerns. These include data and network encryption, intrusion detection and prevention (IDP), the setting and enforcement of security policies, the creation of data boundaries that separate different information sets, use of access control technologies, and unified threat management. Unlike the threats, though, that are specific to cloud/hybrid IT infrastructure, these approaches do not arise uniquely from use of cloud: they can and should be applied within environments that are not cloud based as well. Any business that relies on a network and supports mobile users (necessitating access control) would do well to implement all of these measures.

Techaisle believes that there are different take-aways for suppliers focused on small and midmarket customers. In small business, there is a need to educate buyers about the gaps that exist between current preparedness and risks, and between small business readiness and the approaches that are common within larger organizations: small businesses need to understand where and how to invest in a wider range of security solutions, especially with respect to covering threats associated with mobility and cloud. There is also a need to respond to price-performance pressures.

Clearly, security itself is a complex solution area, and the marketing challenges faced by suppliers – which need to articulate solutions in terms that are appropriate to small and midmarket businesses, to BDMs and ITDMs, and via sources and channels that are relevant to the evaluation and purchase process – are complex in their own right. Security permeates all aspects of IT service delivery – and as a result, success in navigating the solution and marketing needs offers great upside for successful suppliers.

Techaisle’s 2019 US SMB and Midmarket security adoption trends research investigated 17 different types of IT security solutions. These can be positioned as belonging to one of four broad categories:

1. Protection of data entering the corporate environment
2. Protection of the mobile environment, including the following
3. Traffic inspection and management
4. Protection of data that is being used within the corporate environment

Analysis of data showing current and planned use of these technologies helps illustrate how security environments are changing, and differences in security approaches between small and midmarket businesses.

The wall and drawbridge: protection against threats entering the corporate environment

The technologies included in the “protection of data entering the corporate environment” category are those that correspond to the castle walls-and-drawbridge analogy used at the beginning of this document. They are broadly used by both small and midmarket firms, with 100% of users in both groups reporting that they have anti-spam/email security and anti-malware/virus/spyware products deployed today. Web/content filtering is also commonly employed within both small businesses and midmarket organizations, with current usage levels at 54% in small business (with another 18% planning to deploy these products) and 62% in the midmarket (with an additional 18% planning to begin use). Firewalls and VPNs are commonly used to secure midmarket traffic – 100% of midmarket respondents report use of firewalls, and 52% are using VPNs, with another 25% planning to begin use of VPNs in the near term – but are not as prevalent in the small business environment, where just 18% of respondents report current use of firewalls, and VPNs are not found in the data.

Extending to the edge: protection of mobile environments

Mobility poses an enormous challenge to the traditional security approach: it isn’t possible to rely on a heavily-guarded drawbridge if there are dozens (or hundreds or thousands, depending on business size) of moving gates that each poke through the wall of the keep. Technologies intended to protect physical devices (mobile security), the data resident on or accessed through those devices (DLP) and the ability of the devices to access corporate resources (MDM/MAM) have developed to help security professionals intercept threats before they reach the perimeter of the enterprise network. Survey data shows, use of these technologies by SMBs is still primarily in the planning stage, though there are examples of current deployments addressing mobile threats. Three-quarters of midmarket firms report current use of DLP, and over 50% have already deployed some form of mobile security. Plans for new deployments of these technologies in both small and midmarket businesses are substantial, with 21%-31% reporting near-term usage intentions. Midmarket businesses are also interested in exploring endpoint forensics – the use of device data to identify anomalous patterns indicating an infection or breach – but this is still years from becoming a mainstream SMB security approach.

Inspecting and managing traffic

Many organizations are coming around to the conclusion that security breaches are more a matter of ‘when’ than ‘if’, and are dedicating resources to identifying and addressing vulnerabilities or intrusions. Four of the technologies/tactics covered by the Techaisle research address this requirement. Breach detection systems – systems that focus on malicious activity within the network – are the most commonly deployed technologies in this area, used by just 6% of small businesses and 69% of midmarket firms. IPS/IDS – a category that combines technologies that attempt to prevent network intrusions and those that monitor and report on attempted incursions into the network – are currently used by half of midmarket firms, with 29% of small businesses and 30% of midmarket organizations planning future deployments. Security information and event management (SIEM) systems, which collect and analyze information from other security technologies deployed by the enterprise, are used by 47% of midmarket firms and in the near-term plans of an additional 28%. And 23% of small businesses and 27% of midmarket firms are planning to engage suppliers to perform penetration testing – ‘ethical hacks’ used to probe networks for vulnerabilities.

Protecting information in use within the corporate environment

The fourth category of security solutions is dedicated to protecting assets within the corporate environment – the data, applications and physical environments used to produce IT-enabled outcomes.
The date demonstrates that at this point, small businesses are not adopting the technologies used to secure information in use, but that midmarket firms are investing in this level of defense. Over half of midmarket businesses surveyed are currently using both security products that protect virtual environments and data encryption, which secures ‘data at rest’ against hackers who penetrate other defenses. Additionally, 26% of midmarket organizations are planning to deploy user behavior analytics, which highlight potential exposures due to employee negligence or malfeasance.

In today’s SMB market, it is critical for vendors to build detailed understanding of the small and midmarket segments, and to align resources and strategies with requirements as SMBs move from initial experimentation with sophisticated solutions towards mass-market adoption.

In this report, Techaisle analyzes 1,245 survey responses to provide the insight needed to build and execute on IT security strategies for the small and midmarket customer segments. Techaisle’s deep understanding of SMB IT and business requirements enables vendors to understand the ‘why’ and ‘when’ of solution adoption, current and planned approaches to solution use, the benefits that drive user investments, and key issues in aligning with buyers and building and intercepting demand.

IT provides the tools to support greater efficiency and market engagement. What are the best ways to help the workforce to capture these benefits, and be more productive? The workspace isn’t defined by windows and walls and common area couches. For millions of SMB and midmarket employees, the “workspace” isn’t a physical location – it’s a virtual space defined by access from multiple screens which are used from multiple locations. This is especially true of mobile workers, a category which is increasingly indistinguishable from “workers.” Techaisle data shows that 72% of SMB employees are mobile, 87% of SMB employees use mobile devices to access corporate information.

Workforce enablement

Techaisle global survey found that improving workforce productivity is the second most important midmarket business objective for 2019 and among the top five objectives of small businesses. Data shows that for 42% of SMBs’ improving employee productivity is a priority and 43% of SMBs are using digitalization initiatives for employee empowerment.

There are many factors involved in driving productivity, including management approaches, processes and practices, and collaboration/synergy across activities and functions. But technology is a key contributor to productivity – directly, and through its ability to positively affect processes and internal coordination.

Techaisle research shows that these benefits don’t accrue to all SMBs equally: SMBs that are advanced in their approach to IT (“Enterprise IT”) are about twice as likely to achieve the productivity-enabled benefits than lowest-performing firms, and 30% more likely to realize productivity benefits than the average SMB.

The statistics quoted above show that IT is seen as a source of productivity-enhancing capabilities – meaning, in some way, that IT has ‘permission’ from the business to help drive higher levels of workforce performance. However, improved performance requires a strategy, and in technology matters, this strategy should be driven by IT management. It is important that the IT function be responsive to business requirements, deploying requested technology and delivering user training. There is another role, though, that IT management can and should play: focusing on technologies that are proven to contribute to workforce enablement, deploying these technologies within the organization and working with business staff to ensure that the benefits inherent in the technologies are recognized and captured. This advances the IT function from simply responding to requests to providing leadership in enabling the SMB and midmarket workforce.

Techaisle’s research has identified a number of solutions that are seen as driving productivity within SMBs and midmarket firms – approaches that IT managers can and should explore as they seek ways to connect the potential of IT to demonstrable increases in productivity. Three of these solutions - unified workspace, collaboration, and mobility, are especially important in a technology-dependent economy, and each contributes meaningfully to enabling the workforce.

Unified workspace

‘Distributed,’ ‘remote,’ ‘mobile’ – these are the realities of today’s workforce. In many economies, roughly half of workers are remote for at least some part of the work week.

Increasingly, SMBs and midmarket firms are using technology to provide cohesion within the workforce. Unified workspace solutions, which (in Techaisle’s definition) “provides secure anytime, anywhere, any device access from any web browser with single sign-on and password management for all public and private applications, services and file sources used to run the business” help SMBs to organize workers into connected groups. Techaisle research has found that over 75% of firms deploy unified workspace to support the needs of multilocation and full-time remote or travelling workers. These systems also help IT to deliver on key goals of data protection and mobility enablement. Businesses that have adopted unified workspace technology believe strongly that it contributes to productivity by providing a single workspace from which employees can accomplish majority of their daily work, delivering better access to applications and resources.