Techaisle Blog

Techaisle’s Europe SMB and Midmarket security adoption trends survey shows that both small businesses and midmarket firms recognize that cloud poses a risk to their data: “cloud usage/services put us at a higher risk of a data breach” is the security-related statement that resonates most with small businesses, and it is one of the top three issues identified by midmarket respondents. However, 24% believe that they are better prepared than most to address cloud security issues. “Our security budget is sufficient to meet our needs” is the most commonly-advanced statement on IT security by small businesses but 52% of midmarket firms believe that their "budget is not sufficient to meet their security needs". Only 8% of European small businesses have formal security protocols in place to respond to a security incident as compared to 32% of midmarket firms.

There is no denying the threats that IT security frameworks address are becoming both more pernicious and a greater threat to the success of IT-dependent businesses – which is to say, nearly all businesses. Survey data also shows that in Europe, 52% of small businesses and 62% of midmarket firms experienced one or more security incidents in the last one year.

At least within the European SMBs and midmarket firms there seems to be adequate awareness of the quantity, variety and severity of threat sources but the unpreparedness is in part due to weak reporting of breaches when they occur, with only events too big to hide becoming the subjects of public discussion. Tougher disclosure legislation will make SMBs more aware of the extent of IT security issues – which in turn will likely boost investment in security solutions and reduce the number of respondents expressing comfort with their current state of readiness.

Despite the dichotomy of potential of security threats and overconfidence, SMBs are concerned about their threat landscape, both at the PC-level as well as with cloud.

Data clearly shows that small businesses and midmarket firms have very different perceptions of cyber-security risks, security approach and attitude, cloud and end-point security concerns and most effective security solutions to protect cloud data.

A review of cloud security threats and mitigation options available to European SMBs illustrates the fact that while cloud brings unique challenges, the measures used to address the expanded threat profile are consistent with those that would represent good practice in any infrastructure context. 37% of SMB survey respondents are concerned with data exposure during transfers to remote locations, 35% are concerned with the potential for cloud-based accounts to be hijacked, and 28% are worried about unauthorized access to or breaches of data repositories in the cloud, insecure interfaces used to access cloud-based systems, the potential for insiders within a cloud service provider to exfiltrate information, and denial of service (DDoS) attacks – all of which represent cloud-specific threats.

SMBs have very strong perception and understanding of technologies and practices that are considered most effective at protecting data in the cloud and addressing their cloud security concerns. These include data and network encryption, intrusion detection and prevention (IDP), the setting and enforcement of security policies, the creation of data boundaries that separate different information sets, use of access control technologies, and unified threat management. Unlike the threats, though, that are specific to cloud/hybrid IT infrastructure, these approaches do not arise uniquely from use of cloud: they can and should be applied within environments that are not cloud based as well. Any business that relies on a network and supports mobile users (necessitating access control) would do well to implement all of these measures.

Techaisle believes that there are different take-aways for suppliers focused on small and midmarket customers. In small business, there is a need to educate buyers about the gaps that exist between current preparedness and risks, and between small business readiness and the approaches that are common within larger organizations: small businesses need to understand where and how to invest in a wider range of security solutions, especially with respect to covering threats associated with mobility and cloud. There is also a need to respond to price-performance pressures.

Clearly, security itself is a complex solution area, and the marketing challenges faced by suppliers – which need to articulate solutions in terms that are appropriate to small and midmarket businesses, to BDMs and ITDMs, and via sources and channels that are relevant to the evaluation and purchase process – are complex in their own right. Security permeates all aspects of IT service delivery – and as a result, success in navigating the solution and marketing needs offers great upside for successful suppliers.

A trend that is frequently discussed in industry journals revolves around the growing involvement of business decision makers (BDMs) in the IT acquisition process. There is a further issue that is not generally the subject of trade publication articles, though: the extent to which BDMs are going beyond system selection and acquisition, and involving themselves in IT operations.

To obtain some visibility into this issue, Techaisle asked SMB & Midmarket survey respondents (reported in three of Techaisle reports: 1/ SMB & Midmarket Buyers Journey 2/ SMB & Midmarket, ITDM vs BDM Decision Process) to identify the party (ITDM or BDM) most responsible for various aspects of cloud and mobility security. The results both provide insight into the IT operations activity levels of BDMs, and into potential issues that might arise as a result of ad hoc, unplanned and business driven IT purchases (or shadow IT).

Techaisle’s survey of over 1,100 US SMBs, covered in US SMB & Midmarket Cloud Security solutions adoption trends report, shows that 41% of SMBs recognize that cloud poses a risk to their data. It resonates most with small businesses (1-99 employees) and is one of the top three issues identified by midmarket (100-999) respondents. However, to a large degree, these firms also believe that they are prepared to address cloud security issues. 46% of midmarket firms report that they are in better shape than their peers.

Survey data also shows that 72% of 1-9 employee microbusinesses, and 62% of small businesses overall, have not layered any security products on top of their cloud environments. They are entirely dependent on the security features embedded in their cloud environments. Even within the more sophisticated midmarket (100-999 employees) segment, the survey finds that only 20% of firms are currently using discrete products/services to secure their cloud environments, a finding that is ameliorated somewhat by the 70% of midmarket firms that are currently implementing these solutions.

In 360 on US SMB & Midmarket Security solutions adoption trends report, Techaisle analyzes survey responses from over 1,100 US SMBs to provide the insight needed to build and execute on IT security marketing strategies for the small and midmarket customer segments. Survey shows that overall, spending on security products by small businesses as flat but spending by midmarket firms is on a strong upward trajectory. Most SMBs rely on core security practices and technologies to address cloud-specific threats, but many are underinvested in cloud security solutions. Data encryption and security for virtual environments are particularly primed for growth. Mobile device security, gateway messaging/web security, and (as noted above) virtualization security as high-growth opportunities for security-as-a-service providers.

Techaisle’s research investigated 17 different types of IT security solutions. Techaisle positions these as belonging to one of four categories-

1. Protection of data entering the corporate environment
2. Protection of data that is being used within the corporate environment
3. Protection of the mobile environment
4. Traffic inspection and management

Highlights of findings from the survey include: