Techaisle Blog

Techaisle’s 2019 US SMB and Midmarket security adoption trends research investigated 17 different types of IT security solutions. These can be positioned as belonging to one of four broad categories:

1. Protection of data entering the corporate environment
2. Protection of the mobile environment, including the following
3. Traffic inspection and management
4. Protection of data that is being used within the corporate environment

Analysis of data showing current and planned use of these technologies helps illustrate how security environments are changing, and differences in security approaches between small and midmarket businesses.

The wall and drawbridge: protection against threats entering the corporate environment

The technologies included in the “protection of data entering the corporate environment” category are those that correspond to the castle walls-and-drawbridge analogy used at the beginning of this document. They are broadly used by both small and midmarket firms, with 100% of users in both groups reporting that they have anti-spam/email security and anti-malware/virus/spyware products deployed today. Web/content filtering is also commonly employed within both small businesses and midmarket organizations, with current usage levels at 54% in small business (with another 18% planning to deploy these products) and 62% in the midmarket (with an additional 18% planning to begin use). Firewalls and VPNs are commonly used to secure midmarket traffic – 100% of midmarket respondents report use of firewalls, and 52% are using VPNs, with another 25% planning to begin use of VPNs in the near term – but are not as prevalent in the small business environment, where just 18% of respondents report current use of firewalls, and VPNs are not found in the data.

Extending to the edge: protection of mobile environments

Mobility poses an enormous challenge to the traditional security approach: it isn’t possible to rely on a heavily-guarded drawbridge if there are dozens (or hundreds or thousands, depending on business size) of moving gates that each poke through the wall of the keep. Technologies intended to protect physical devices (mobile security), the data resident on or accessed through those devices (DLP) and the ability of the devices to access corporate resources (MDM/MAM) have developed to help security professionals intercept threats before they reach the perimeter of the enterprise network. Survey data shows, use of these technologies by SMBs is still primarily in the planning stage, though there are examples of current deployments addressing mobile threats. Three-quarters of midmarket firms report current use of DLP, and over 50% have already deployed some form of mobile security. Plans for new deployments of these technologies in both small and midmarket businesses are substantial, with 21%-31% reporting near-term usage intentions. Midmarket businesses are also interested in exploring endpoint forensics – the use of device data to identify anomalous patterns indicating an infection or breach – but this is still years from becoming a mainstream SMB security approach.

Inspecting and managing traffic

Many organizations are coming around to the conclusion that security breaches are more a matter of ‘when’ than ‘if’, and are dedicating resources to identifying and addressing vulnerabilities or intrusions. Four of the technologies/tactics covered by the Techaisle research address this requirement. Breach detection systems – systems that focus on malicious activity within the network – are the most commonly deployed technologies in this area, used by just 6% of small businesses and 69% of midmarket firms. IPS/IDS – a category that combines technologies that attempt to prevent network intrusions and those that monitor and report on attempted incursions into the network – are currently used by half of midmarket firms, with 29% of small businesses and 30% of midmarket organizations planning future deployments. Security information and event management (SIEM) systems, which collect and analyze information from other security technologies deployed by the enterprise, are used by 47% of midmarket firms and in the near-term plans of an additional 28%. And 23% of small businesses and 27% of midmarket firms are planning to engage suppliers to perform penetration testing – ‘ethical hacks’ used to probe networks for vulnerabilities.

Protecting information in use within the corporate environment

The fourth category of security solutions is dedicated to protecting assets within the corporate environment – the data, applications and physical environments used to produce IT-enabled outcomes.
The date demonstrates that at this point, small businesses are not adopting the technologies used to secure information in use, but that midmarket firms are investing in this level of defense. Over half of midmarket businesses surveyed are currently using both security products that protect virtual environments and data encryption, which secures ‘data at rest’ against hackers who penetrate other defenses. Additionally, 26% of midmarket organizations are planning to deploy user behavior analytics, which highlight potential exposures due to employee negligence or malfeasance.

In today’s SMB market, it is critical for vendors to build detailed understanding of the small and midmarket segments, and to align resources and strategies with requirements as SMBs move from initial experimentation with sophisticated solutions towards mass-market adoption.

In this report, Techaisle analyzes 1,245 survey responses to provide the insight needed to build and execute on IT security strategies for the small and midmarket customer segments. Techaisle’s deep understanding of SMB IT and business requirements enables vendors to understand the ‘why’ and ‘when’ of solution adoption, current and planned approaches to solution use, the benefits that drive user investments, and key issues in aligning with buyers and building and intercepting demand.

IT provides the tools to support greater efficiency and market engagement. What are the best ways to help the workforce to capture these benefits, and be more productive? The workspace isn’t defined by windows and walls and common area couches. For millions of SMB and midmarket employees, the “workspace” isn’t a physical location – it’s a virtual space defined by access from multiple screens which are used from multiple locations. This is especially true of mobile workers, a category which is increasingly indistinguishable from “workers.” Techaisle data shows that 72% of SMB employees are mobile, 87% of SMB employees use mobile devices to access corporate information.

Workforce enablement

Techaisle global survey found that improving workforce productivity is the second most important midmarket business objective for 2019 and among the top five objectives of small businesses. Data shows that for 42% of SMBs’ improving employee productivity is a priority and 43% of SMBs are using digitalization initiatives for employee empowerment.

There are many factors involved in driving productivity, including management approaches, processes and practices, and collaboration/synergy across activities and functions. But technology is a key contributor to productivity – directly, and through its ability to positively affect processes and internal coordination.

Techaisle research shows that these benefits don’t accrue to all SMBs equally: SMBs that are advanced in their approach to IT (“Enterprise IT”) are about twice as likely to achieve the productivity-enabled benefits than lowest-performing firms, and 30% more likely to realize productivity benefits than the average SMB.

The statistics quoted above show that IT is seen as a source of productivity-enhancing capabilities – meaning, in some way, that IT has ‘permission’ from the business to help drive higher levels of workforce performance. However, improved performance requires a strategy, and in technology matters, this strategy should be driven by IT management. It is important that the IT function be responsive to business requirements, deploying requested technology and delivering user training. There is another role, though, that IT management can and should play: focusing on technologies that are proven to contribute to workforce enablement, deploying these technologies within the organization and working with business staff to ensure that the benefits inherent in the technologies are recognized and captured. This advances the IT function from simply responding to requests to providing leadership in enabling the SMB and midmarket workforce.

Techaisle’s research has identified a number of solutions that are seen as driving productivity within SMBs and midmarket firms – approaches that IT managers can and should explore as they seek ways to connect the potential of IT to demonstrable increases in productivity. Three of these solutions - unified workspace, collaboration, and mobility, are especially important in a technology-dependent economy, and each contributes meaningfully to enabling the workforce.

Unified workspace

‘Distributed,’ ‘remote,’ ‘mobile’ – these are the realities of today’s workforce. In many economies, roughly half of workers are remote for at least some part of the work week.

Increasingly, SMBs and midmarket firms are using technology to provide cohesion within the workforce. Unified workspace solutions, which (in Techaisle’s definition) “provides secure anytime, anywhere, any device access from any web browser with single sign-on and password management for all public and private applications, services and file sources used to run the business” help SMBs to organize workers into connected groups. Techaisle research has found that over 75% of firms deploy unified workspace to support the needs of multilocation and full-time remote or travelling workers. These systems also help IT to deliver on key goals of data protection and mobility enablement. Businesses that have adopted unified workspace technology believe strongly that it contributes to productivity by providing a single workspace from which employees can accomplish majority of their daily work, delivering better access to applications and resources.

Every year or two (or three), a new trend sweeps the IT industry, and breathless coverage asserts that the new phenomenon has arrived fully-shaped to transform technology and/or IT’s role in business strategy. This is, of course, very rarely true. Most trends play out over a long time, and change in technology tends to be incremental rather than revolutionary. For example – it is certainly true that digitalization (and digital transformation) are important issues today, and that they will have a transformative effect on IT and business strategy. But Techaisle research demonstrates, they are a recent highlight in a series of business issues and technology themes that stretch back at least 15 years, from 2003 to 2019.

Key SMB and Midmarket digitalization themes, 2003-2020

As we enter the next decade, it seems that online capabilities and activities are entering a new era. There are still advances to be made in the ‘net’ realm: there is constant pressure to expand the speed of the Internet, enabling it to handle the voracious demands of unstructured content like video, and the rise of IoT and 5G portends a coming tsunami of data from billions of connected devices. However, the key focus of web-based business investment is now less about the ‘net’ and more about the ‘work’: the ways that an increasingly-connected world supports pursuit of previously-unattainable objectives. The most important IT-related development in 2020 will be this focus on connectedness – connected cloud, edge, applications, security, collaboration, workspaces and insights. Internet and the web are the navigation routes that we have been developing since the 1970s; the always-on, everywhere-connected Interwork© platform is the destination that we will be creating in 2020 and for years to come.

This eBook has been written to provide guidance to supply-side management responsible for digitalization strategies that affect sales and marketing of advanced IT solutions to SMBs and midmarket firms. The document is structured into six sections:

1. What’s past is prologue – The Path to Digitalization
2. Closing the gap between business priorities and IT challenges and the rise of digital
3. Business Issues over the years – paving the route to digital transformation
4. The rise of innovation – and digital – as a business focus
5. IT challenges over the years – paving the route to digital transformation
6. What’s future is epilogue: Connected Business

Download the free eBook here

Managing governance, risk and compliance is an IT challenge for over 1/4th of midmarket firms and slightly more than 1/10th of small businesses in each geo – US, Europe, Asia/Pacific, Latin America. See chart below. In an SMB context, “governance” is at least somewhat analogous to “taste” in home décor, or “sustainability” in supply chain practices: easy to acknowledge as important, but difficult to define. What is easy to delineate is the notion that governance has important linkages to issues that are of vital importance to SMB management:

• risk mitigation,
• regulatory compliance, and
• protection of the corporate reputation.

Governance is a way of describing the objectives of senior executives, or of the company as a whole; it is the approach that determines how the SMB interacts with its customers, its suppliers, and its community. Oftentimes, the term ‘governance’ is coopted by IT professionals, who talk about issues like “IT governance,” “cloud governance,” or “data governance.” These are important concepts, but they really refer to policies and controls.

Policy is the ‘glue’ that connects governance and security: SMBs benefit from thinking about management issues first, and then developing positions that guide security decisions. This works as a starting point for an SMB security strategy. However, there are challenges that arise from specific IT usage patterns or events that impact an SMB’s risk profile.

Consider the issues cited in the chart below - examples of usage patterns that affect an organization’s security stance: use of cloud, and ‘shadow IT,’ or user-managed applications and/or storage that may not align with corporate security policies. It’s possible to simply state that any use of cloud or user-managed IT services needs to adhere to these policies, but the reality is that they may not: for example, a cloud supplier’s SLAs may not include corporately-approved escalation processes, and users may lack understanding of (or concern for) corporate IT guidance. This doesn’t mean that use of cloud and shadow IT should be banned – cloud is an important IT service delivery option, and to some extent, shadow IT reflects innovation within the business.