Techaisle Blog

Techaisle's SMB and Midmarket security adoption trend survey research underscores the critical role of governance in today's complex IT landscape. The findings reveal that 36% of organizations identify a lack of governance as a significant impediment to successful AI project implementation. Additionally, 42% cite governance as a barrier to adopting cloud communications solutions. These challenges highlight the need for robust governance frameworks. Encouragingly, the survey also indicates a strong emphasis on security, with 58% prioritizing governance, risk, and compliance as essential components of their overall security strategy.

In the SMB context, "governance" is a concept akin to "taste" in interior design or "sustainability" in supply chains: universally acknowledged as essential but notoriously challenging to define. What is clear is governance's crucial role in safeguarding SMB interests, encompassing risk mitigation, regulatory adherence, and brand protection. It represents the collective vision of an organization, shaping its interactions with customers, partners, and the public. The term "governance" is often appropriated by IT departments, leading to discussions around IT, cloud, or data governance, obscuring its broader organizational implications.

Managing governance, risk and compliance is an IT challenge for over 1/4th of midmarket firms and slightly more than 1/10th of small businesses in each geo – US, Europe, Asia/Pacific, Latin America. See chart below. In an SMB context, “governance” is at least somewhat analogous to “taste” in home décor, or “sustainability” in supply chain practices: easy to acknowledge as important, but difficult to define. What is easy to delineate is the notion that governance has important linkages to issues that are of vital importance to SMB management:

• risk mitigation,
• regulatory compliance, and
• protection of the corporate reputation.

Governance is a way of describing the objectives of senior executives, or of the company as a whole; it is the approach that determines how the SMB interacts with its customers, its suppliers, and its community. Oftentimes, the term ‘governance’ is coopted by IT professionals, who talk about issues like “IT governance,” “cloud governance,” or “data governance.” These are important concepts, but they really refer to policies and controls.

Policy is the ‘glue’ that connects governance and security: SMBs benefit from thinking about management issues first, and then developing positions that guide security decisions. This works as a starting point for an SMB security strategy. However, there are challenges that arise from specific IT usage patterns or events that impact an SMB’s risk profile.

Consider the issues cited in the chart below - examples of usage patterns that affect an organization’s security stance: use of cloud, and ‘shadow IT,’ or user-managed applications and/or storage that may not align with corporate security policies. It’s possible to simply state that any use of cloud or user-managed IT services needs to adhere to these policies, but the reality is that they may not: for example, a cloud supplier’s SLAs may not include corporately-approved escalation processes, and users may lack understanding of (or concern for) corporate IT guidance. This doesn’t mean that use of cloud and shadow IT should be banned – cloud is an important IT service delivery option, and to some extent, shadow IT reflects innovation within the business.