Techaisle Blog

Managing governance, risk and compliance is an IT challenge for over 1/4th of midmarket firms and slightly more than 1/10th of small businesses in each geo – US, Europe, Asia/Pacific, Latin America. See chart below. In an SMB context, “governance” is at least somewhat analogous to “taste” in home décor, or “sustainability” in supply chain practices: easy to acknowledge as important, but difficult to define. What is easy to delineate is the notion that governance has important linkages to issues that are of vital importance to SMB management:

• risk mitigation,
• regulatory compliance, and
• protection of the corporate reputation.

Governance is a way of describing the objectives of senior executives, or of the company as a whole; it is the approach that determines how the SMB interacts with its customers, its suppliers, and its community. Oftentimes, the term ‘governance’ is coopted by IT professionals, who talk about issues like “IT governance,” “cloud governance,” or “data governance.” These are important concepts, but they really refer to policies and controls.

Policy is the ‘glue’ that connects governance and security: SMBs benefit from thinking about management issues first, and then developing positions that guide security decisions. This works as a starting point for an SMB security strategy. However, there are challenges that arise from specific IT usage patterns or events that impact an SMB’s risk profile.

Consider the issues cited in the chart below - examples of usage patterns that affect an organization’s security stance: use of cloud, and ‘shadow IT,’ or user-managed applications and/or storage that may not align with corporate security policies. It’s possible to simply state that any use of cloud or user-managed IT services needs to adhere to these policies, but the reality is that they may not: for example, a cloud supplier’s SLAs may not include corporately-approved escalation processes, and users may lack understanding of (or concern for) corporate IT guidance. This doesn’t mean that use of cloud and shadow IT should be banned – cloud is an important IT service delivery option, and to some extent, shadow IT reflects innovation within the business.

Techaisle’s 2019 US SMB and Midmarket Security solutions adoption trends survey research indicates that 55 percent of US SMBs suffered a security incident in the last one year. 20 percent of SMBs reported but as high as 70 percent did not formally report yet experienced PC security & data theft breaches in the last one year. In many ways data suggests that SMBs are regressing in their adoption of security solutions to protect their corporate and mobile environments. For example, in the 2019 study, 32 percent of SMBs believe that their IT security budgets are sufficient to meet their needs, which is substantially down from 43 percent in 2017 and 22 percent assert that they are better prepared than others when it comes to IT security, considerably lower than 32 percent in 2017. Even the presence of formal security protocols in case of a breach and/or security incident has gone down from being present in 34 percent of SMBs in 2017 to 26 percent in 2019. However, the belief that cloud usage/services puts them at a higher risk of a data breach has remained virtually unchanged from 40 percent in 2017 to 38 percent in 2019. To make a fair trend comparison Techaisle surveyed same number of SMBs in 2017 and 2019 with exactly same quota sampling.

It is not that SMBs are not concerned about security risks. Cloud security is the top IT challenge in 34 percent of small businesses and 42 percent of midmarket firms. 41 percent of SMBs feel vulnerable in the cloud and 34 percent worry about cyber-attacks and 39 percent consider password compromise to be a security risk to their business.

A review of cloud security threats to SMBs illustrates the fact that while cloud brings unique challenges. Data highlights many different points of security exposure that arise when applications, data and access extend outside the corporate facility. 38 percent of SMB survey respondents are concerned with data exposure during transfers to remote locations, 37 percent are concerned with the potential for cloud-based accounts to be hijacked. Similarly, other concerns are unauthorized access to or breaches of data repositories in the cloud, insecure interfaces used to access cloud-based systems, the potential for insiders within a cloud service provider to exfiltrate information, and denial of service (DDoS) attacks – all of which represent cloud-specific threats.

Techaisle has released its annual research infographics on top 10 IT priorities, business issues and IT challenges of SMBs (1-999 employees), midmarket firms (100-999 employees) and small businesses (1-99 employees) for 2019. In its detailed SMB survey Techaisle investigated 21 different technology areas and several technology sub-categories, 23 different IT challenges and 21 different business issues. This is the 9th year of Techaisle’s annual survey research initiative that probes for top business issues, IT priorities and IT challenges. Tracking history provides a fascinating evolution in which new business goals drive new IT priorities and uncover challenges that must be addressed to enable progress on business objectives.

Primary research was conducted among senior IT and business decision makers from Techaisle network of 1.2M B2B IT professionals spread across 30+ countries.

There are some interesting differences in IT priorities as compared to 2018. IoT and VR/AR fell below top 10 (but still within top 15) and replaced by Voice/Digital assistants as well as Open source solutions. Across all regions (US, Europe, Asia/Pacific, Latin America) digital unified workspace and software-defined are becoming a priority for both SMBs and midmarket firms. Security many places within the top 10 IT challenges in different forms – cloud security, mobile device security, data protection/recovery/business continuity – with Cloud security as the top IT challenge.

Global SMB & Midmarket IT spend (excluding telecom services) in 2019 is projected to be US$665B and corresponding cloud spend is expected to be US$115B. Research also found that IT budget growths in 2019 will be the highest in Asia/Pacific (6.2%) and lowest in Latin America (1.8%). While IT budget constraint is not the top challenge within SMBs in the US and Asia/Pacific, it is the top concern in Latin America.

Managing data growth is continuing to pose challenge for SMBs and when probed further Techaisle research found that only 11% of SMBs and 29% of midmarket firms have evidence-driven culture with data-driven decision-making business processes in which data defines requirements or opportunities and management then determines the best option for moving forward. In the US, 17% of small business and 34% of midmarket firms consider themselves to be innovative.

2019 Top 10 SMB business issues, IT priorities, IT challenges

The question of whether an SMB IT buyer benefits most from a strategy of working with a single or primary supplier responsible for integration and management of all resources, or whether it is better to procure individual components, systems and services from a larger group of ‘best of breed’ suppliers, is nearly as old as IT itself. The question is especially important to SMBs, which generally have limited internal resources, and would benefit from third party integration and streamlined procurement processes. Techaisle has observed a trend towards a more holistic procurement strategy as small businesses encounter increasing requirements for cross-product integration supporting digital business practices and develop greater appreciation for the value of a trusted technology advisor.

Preference for a single supplier

Over time, Techaisle’s SMB research has consistently found that a large proportion of SMB buyers would be comfortable dealing with a single primary vendor if that firm was able to supply all of the technology required to deliver on the full scope of IT/business requirements. Taken as a whole, the commentary from those in favor of a single supplier strategy highlight three imperatives:

1. Breadth of product portfolio matters
2. Services matter
3. Economics matter

The SMB IT solution stack

Figure below illustrates the Techaisle SMB & Midmarket IT solution stack. It is comprised of four main sections. At its core, the stack defines an SMB’s core systems (compute infrastructure) requirements. The software stack is positioned at the top of the systems components. The left-hand side of the figure highlights major categories included in the services stack. The right-hand side of the figure contains many of the major categories that comprise the security stack. A clearly-defined IT stack matters to a definition of what the ‘art of the possible’ looks like in the SMB IT world.