Techaisle Blog

OpenText's transformation from a Canadian document management company to one of the world's leading software providers is nothing short of remarkable. The driving force behind its growth has been a focus on cloud-based solutions, which led the company to go on an acquisition spree, bringing several specialized companies/brands under its umbrella. Cybersecurity is one arena where OpenText has taken a deliberate approach over the last decade with multi-billion dollars of capital investment to bring together critical purpose-built solutions to provide holistic coverage to its customers.

The company’s acquisition of data protection provider Carbonite (ninth cloud-specific acquisition overall) and endpoint/threat intelligence software provider Webroot marked a significant milestone in its quest to create a single, unified, and robust security portfolio.

With the Carbonite and Webroot acquisitions, OpenText became a go-to option for managed service providers (MSPs) and small and medium businesses (SMBs) seeking a one-stop shop for security and data protection, filling a void in the market with its broad portfolio. Experts have opined on OpenText’s offerings: “It's one vendor, one brand, one program, one partner strategy, one go-to-market, so small customers and partners don't need to work with multiple vendors. OpenText Cybersecurity can provide all of it."

However, this was just the beginning. OpenText's subsequent acquisitions of email encryption software provider Zix, security software provider AppRiver, Network Detection and Response provider Bricata, and enterprise software provider Micro Focus further strengthened its position in cybersecurity. The approach to consolidate all security and data protection services in a single platform – serving as the foundation to deploy the right capabilities and manage and administer their environment has made things easier for customers of all sizes. In addition, OpenText's comprehensive portfolio provides a robust and reliable option for businesses seeking to enhance their cyber resiliency. In the following sections, we will explore OpenText's trajectory to becoming one of the leaders in the cybersecurity domain.

It is the best of places; it is the worst of places. The famous opening line echoed from the Dickens masterpiece “A Tale of Two Cities” describes a period in which opposites – wisdom and foolishness, light and darkness, hope and despair – exist side by side. The events and depths of emotion described in the novel are much more extreme than the scenarios cloud and overall IT adoption presents to businesses. But the notion that there are opposing elements of opportunity and requirement associated with the cloud would ring true to SMB and midmarket executives, who need to balance the new business outcomes that they can achieve via cost-effective cloud/IT solutions with the need to safeguard users, data, and applications from malicious intruders. The upside is competitiveness in a fast-moving economy; the downside is destroying customer relationships and corporate reputations at the core of business success. Where is the safe middle ground – the approach that results in optimal business protection and access to the upside associated with cloud/IT solutions?

The market is buzzing with discussions on zero trust (ZT). A Techaisle survey of 2035 SMBs and Midmarket firms shows that 8% of small businesses, 46% of core-midmarket firms, and 69% of upper midmarket firms know of ZT and that 21% of SMBs and 64% of midmarket firms consider its adoption either very important or important. Critical reasons for adopting zero trust include reducing insider threats, breach prevention, compliance, mitigating endpoint threats, and managing hybrid IT and remote work security issues.

However, most firms need to be made aware that ZT is not a product but a framework that requires a focus on the journey and strategy. Regardless, 14% of “in the know” SMBs and 35% of upper midmarket firms have begun planning their investments in ZT technology, initially focusing on identifying their critical digital assets and security vulnerabilities.

Techaisle research shows that the SMB and Midmarket spend on IT security will likely be US$84.2 B in 2023, an increase of 9.6% from 2022. IT security is the 2nd top priority for SMBs and 1st priority for core midmarket and upper midmarket firms. Between 55% and 54% of firms consider preventing cyberattacks a priority. 52% of SMBs and 71% of midmarket firms experienced ransomware attacks last year. Similarly, 56% of SMBs and 88% of midmarket firms had cyberattacks. Yet only 32% of SMB and midmarket employees understand phishing. Only 15% of employees have had security awareness training. At the same time, 41% of SMBs and midmarket firms are sure that 100% of their employees have access privileges beyond what they require. The two most significant challenges are implementing security cost-effectively and meeting business requirements.

Small and midsized businesses find it challenging to defend their users, applications, and data against external threats. Data from Techaisle’s SMB and Midmarket security research reveals 63% of US SMBs report that they experienced one or more cyberattacks in the last year, contributing to an average of 3.6% of revenue loss attributable to security incidents. For 46% of SMBs, preventing cyber-attacks is one the most pressing and critical IT issues. Yet, 59% of SMBs are very confident that their firms could recover from a cybersecurity incident. Nevertheless, security issues cast a long shadow over SMB IT priorities, especially as firms embrace the benefits of hybrid work, hybrid IT, only to find that their environments become more complex and more challenging to manage and protect. SMBs respond by expanding security budgets – but they lack the staff and expertise to construct effective shields around their organizations. The channel, working with leading-edge products like those from Fortinet, Cisco, Dell Technologies, Palo Alto Networks, has an essential role to play in defending their clients’ SMB businesses against security threats.

The origins of the saying “it’s about the journey, not the destination” may be unclear. Ralph Waldo Emerson, theologian Lynn H. Hough, Canadian rapper Drake, or others may have said the phrase, but its applicability in an IT security context is clear. There is no endpoint at which security is ‘done’; security requires constant updating to stay current with expanding threat vectors.

This requirement for continuously improved IT security is both a challenge and an opportunity for security suppliers.

What is the opportunity?

Techaisle has pegged global SMB security spending in 2023 at $68 billion. However, high IT security spending levels and growth rates mask an underlying sense of confusion concerning safeguarding emerging cloud and hybrid IT environments – and a lack of resources to address this problem. Compounding – or perhaps, causing – the lack of clarity into cloud security issues and the relatively tepid adoption rates for cloud security solutions is that SMB IT operations are under-resourced. Without specialized staff, SMBs cannot keep pace with the constantly changing threat vectors and security options.

The lack of insight by small businesses becomes clear: only 5% have IT security staff. 44% of midmarket firms have an average of three full-time internal security staff, but the demands of a business of this size would exceed a single individual’s bandwidth. The percentages more than double for upper-midmarket firms. Simply put, SMBs lack the bench depth needed to dedicate IT resources to security. Everywhere within the SMB segment, there is a mismatch between available resources and the depth of the skills required to keep pace with security needs.

The lack of understanding of a threat associated with a widely-used platform on the one hand, and the lack of IT staff resources available to address security concerns on the other, produces a clear conclusion: SMBs need suppliers to step up to the delivery of secure IT environments.

In many cases, these suppliers will be the mainstream channel partners who supply the SMB’s technology and act as the IT management presence within the SMB’s business. In other cases, including in many midmarket environments, the source of security products and services will be specialized managed security providers who focus tightly on operating SOCs and protecting client environments. In some scenarios, firms will ‘land’ by entering a client account from one of these positions and then ‘expand’ to serve a broader range of IT supply needs – crowding out competitors who can’t address the risk and compliance issues that are central to the CEO’s mandate.

What is the security supplier call to action?

As security suppliers move towards managing SMB security needs, they need to address the pace at which their clients absorb new offerings. Small businesses will not embrace eight new technologies, nor are midmarket firms going to integrate fourteen new solutions into their environments. Even if this were possible from a budget perspective, it would cause chaos in the business.

Instead, suppliers of security services need to co-create a security roadmap with their SMB, which starts with assessing the customers’ executive teams’ tolerance for risk. What absolutely must be secured, and in what order? The security supplier can then identify the solutions that best fit the customer’s immediate and longer-term needs and then deploy, integrate and manage the solutions over time. After all, data shows that 45% of SMBs feel it will be beneficial for them if an external services firm can help define and implementing security policies.

One key point of exposure in this process is the ability to ensure that different solutions work together. In the cloud world, and increasingly in the on-premise world as well, channel partners and MSPs focus on integrations: the breadth of a single vendor’s product line, plus – and importantly – the extent to which third parties develop and support links to a firm’s products.

There will be no slowdown in the digital transformation of SMBs; their business infrastructure will increasingly rely on technology. Likewise, there will be no slowdown in the threats to that infrastructure; as reliance on technology increases, so does the potential bounty for attackers. And as a result, there will be a continuous and growing need for IT security services – which will sustain firms adept at delivering and managing security solutions that combine expertise and industry-leading technology.