Techaisle’s 2019 US SMB and Midmarket security adoption trends research investigated 17 different types of IT security solutions. These can be positioned as belonging to one of four broad categories:
- Protection of data entering the corporate environment
- Protection of the mobile environment, including the following
- Traffic inspection and management
- Protection of data that is being used within the corporate environment
Analysis of data showing current and planned use of these technologies helps illustrate how security environments are changing, and differences in security approaches between small and midmarket businesses.
The wall and drawbridge: protection against threats entering the corporate environment
The technologies included in the “protection of data entering the corporate environment” category are those that correspond to the castle walls-and-drawbridge analogy used at the beginning of this document. They are broadly used by both small and midmarket firms, with 100% of users in both groups reporting that they have anti-spam/email security and anti-malware/virus/spyware products deployed today. Web/content filtering is also commonly employed within both small businesses and midmarket organizations, with current usage levels at 54% in small business (with another 18% planning to deploy these products) and 62% in the midmarket (with an additional 18% planning to begin use). Firewalls and VPNs are commonly used to secure midmarket traffic – 100% of midmarket respondents report use of firewalls, and 52% are using VPNs, with another 25% planning to begin use of VPNs in the near term – but are not as prevalent in the small business environment, where just 18% of respondents report current use of firewalls, and VPNs are not found in the data.
Extending to the edge: protection of mobile environments
Mobility poses an enormous challenge to the traditional security approach: it isn’t possible to rely on a heavily-guarded drawbridge if there are dozens (or hundreds or thousands, depending on business size) of moving gates that each poke through the wall of the keep. Technologies intended to protect physical devices (mobile security), the data resident on or accessed through those devices (DLP) and the ability of the devices to access corporate resources (MDM/MAM) have developed to help security professionals intercept threats before they reach the perimeter of the enterprise network. Survey data shows, use of these technologies by SMBs is still primarily in the planning stage, though there are examples of current deployments addressing mobile threats. Three-quarters of midmarket firms report current use of DLP, and over 50% have already deployed some form of mobile security. Plans for new deployments of these technologies in both small and midmarket businesses are substantial, with 21%-31% reporting near-term usage intentions. Midmarket businesses are also interested in exploring endpoint forensics – the use of device data to identify anomalous patterns indicating an infection or breach – but this is still years from becoming a mainstream SMB security approach.
Inspecting and managing traffic
Many organizations are coming around to the conclusion that security breaches are more a matter of ‘when’ than ‘if’, and are dedicating resources to identifying and addressing vulnerabilities or intrusions. Four of the technologies/tactics covered by the Techaisle research address this requirement. Breach detection systems – systems that focus on malicious activity within the network – are the most commonly deployed technologies in this area, used by just 6% of small businesses and 69% of midmarket firms. IPS/IDS – a category that combines technologies that attempt to prevent network intrusions and those that monitor and report on attempted incursions into the network – are currently used by half of midmarket firms, with 29% of small businesses and 30% of midmarket organizations planning future deployments. Security information and event management (SIEM) systems, which collect and analyze information from other security technologies deployed by the enterprise, are used by 47% of midmarket firms and in the near-term plans of an additional 28%. And 23% of small businesses and 27% of midmarket firms are planning to engage suppliers to perform penetration testing – ‘ethical hacks’ used to probe networks for vulnerabilities.
Protecting information in use within the corporate environment
The fourth category of security solutions is dedicated to protecting assets within the corporate environment – the data, applications and physical environments used to produce IT-enabled outcomes.
The date demonstrates that at this point, small businesses are not adopting the technologies used to secure information in use, but that midmarket firms are investing in this level of defense. Over half of midmarket businesses surveyed are currently using both security products that protect virtual environments and data encryption, which secures ‘data at rest’ against hackers who penetrate other defenses. Additionally, 26% of midmarket organizations are planning to deploy user behavior analytics, which highlight potential exposures due to employee negligence or malfeasance.
In today’s SMB market, it is critical for vendors to build detailed understanding of the small and midmarket segments, and to align resources and strategies with requirements as SMBs move from initial experimentation with sophisticated solutions towards mass-market adoption.
In this report, Techaisle analyzes 1,245 survey responses to provide the insight needed to build and execute on IT security strategies for the small and midmarket customer segments. Techaisle’s deep understanding of SMB IT and business requirements enables vendors to understand the ‘why’ and ‘when’ of solution adoption, current and planned approaches to solution use, the benefits that drive user investments, and key issues in aligning with buyers and building and intercepting demand.