Techaisle Blog

It is the best of places; it is the worst of places. The famous opening line echoed from the Dickens masterpiece “A Tale of Two Cities” describes a period in which opposites – wisdom and foolishness, light and darkness, hope and despair – exist side by side. The events and depths of emotion described in the novel are much more extreme than the scenarios cloud and overall IT adoption presents to businesses. But the notion that there are opposing elements of opportunity and requirement associated with the cloud would ring true to SMB and midmarket executives, who need to balance the new business outcomes that they can achieve via cost-effective cloud/IT solutions with the need to safeguard users, data, and applications from malicious intruders. The upside is competitiveness in a fast-moving economy; the downside is destroying customer relationships and corporate reputations at the core of business success. Where is the safe middle ground – the approach that results in optimal business protection and access to the upside associated with cloud/IT solutions?

The market is buzzing with discussions on zero trust (ZT). A Techaisle survey of 2035 SMBs and Midmarket firms shows that 8% of small businesses, 46% of core-midmarket firms, and 69% of upper midmarket firms know of ZT and that 21% of SMBs and 64% of midmarket firms consider its adoption either very important or important. Critical reasons for adopting zero trust include reducing insider threats, breach prevention, compliance, mitigating endpoint threats, and managing hybrid IT and remote work security issues.

However, most firms need to be made aware that ZT is not a product but a framework that requires a focus on the journey and strategy. Regardless, 14% of “in the know” SMBs and 35% of upper midmarket firms have begun planning their investments in ZT technology, initially focusing on identifying their critical digital assets and security vulnerabilities.

Techaisle research shows that the SMB and Midmarket spend on IT security will likely be US$84.2 B in 2023, an increase of 9.6% from 2022. IT security is the 2nd top priority for SMBs and 1st priority for core midmarket and upper midmarket firms. Between 55% and 54% of firms consider preventing cyberattacks a priority. 52% of SMBs and 71% of midmarket firms experienced ransomware attacks last year. Similarly, 56% of SMBs and 88% of midmarket firms had cyberattacks. Yet only 32% of SMB and midmarket employees understand phishing. Only 15% of employees have had security awareness training. At the same time, 41% of SMBs and midmarket firms are sure that 100% of their employees have access privileges beyond what they require. The two most significant challenges are implementing security cost-effectively and meeting business requirements.

Small and midsized businesses find it challenging to defend their users, applications, and data against external threats. Data from Techaisle’s SMB and Midmarket security research reveals 63% of US SMBs report that they experienced one or more cyberattacks in the last year, contributing to an average of 3.6% of revenue loss attributable to security incidents. For 46% of SMBs, preventing cyber-attacks is one the most pressing and critical IT issues. Yet, 59% of SMBs are very confident that their firms could recover from a cybersecurity incident. Nevertheless, security issues cast a long shadow over SMB IT priorities, especially as firms embrace the benefits of hybrid work, hybrid IT, only to find that their environments become more complex and more challenging to manage and protect. SMBs respond by expanding security budgets – but they lack the staff and expertise to construct effective shields around their organizations. The channel, working with leading-edge products like those from Fortinet, Cisco, Dell Technologies, Palo Alto Networks, has an essential role to play in defending their clients’ SMB businesses against security threats.

The origins of the saying “it’s about the journey, not the destination” may be unclear. Ralph Waldo Emerson, theologian Lynn H. Hough, Canadian rapper Drake, or others may have said the phrase, but its applicability in an IT security context is clear. There is no endpoint at which security is ‘done’; security requires constant updating to stay current with expanding threat vectors.

This requirement for continuously improved IT security is both a challenge and an opportunity for security suppliers.

What is the opportunity?

Techaisle has pegged global SMB security spending in 2023 at $68 billion. However, high IT security spending levels and growth rates mask an underlying sense of confusion concerning safeguarding emerging cloud and hybrid IT environments – and a lack of resources to address this problem. Compounding – or perhaps, causing – the lack of clarity into cloud security issues and the relatively tepid adoption rates for cloud security solutions is that SMB IT operations are under-resourced. Without specialized staff, SMBs cannot keep pace with the constantly changing threat vectors and security options.

The lack of insight by small businesses becomes clear: only 5% have IT security staff. 44% of midmarket firms have an average of three full-time internal security staff, but the demands of a business of this size would exceed a single individual’s bandwidth. The percentages more than double for upper-midmarket firms. Simply put, SMBs lack the bench depth needed to dedicate IT resources to security. Everywhere within the SMB segment, there is a mismatch between available resources and the depth of the skills required to keep pace with security needs.

The lack of understanding of a threat associated with a widely-used platform on the one hand, and the lack of IT staff resources available to address security concerns on the other, produces a clear conclusion: SMBs need suppliers to step up to the delivery of secure IT environments.

In many cases, these suppliers will be the mainstream channel partners who supply the SMB’s technology and act as the IT management presence within the SMB’s business. In other cases, including in many midmarket environments, the source of security products and services will be specialized managed security providers who focus tightly on operating SOCs and protecting client environments. In some scenarios, firms will ‘land’ by entering a client account from one of these positions and then ‘expand’ to serve a broader range of IT supply needs – crowding out competitors who can’t address the risk and compliance issues that are central to the CEO’s mandate.

What is the security supplier call to action?

As security suppliers move towards managing SMB security needs, they need to address the pace at which their clients absorb new offerings. Small businesses will not embrace eight new technologies, nor are midmarket firms going to integrate fourteen new solutions into their environments. Even if this were possible from a budget perspective, it would cause chaos in the business.

Instead, suppliers of security services need to co-create a security roadmap with their SMB, which starts with assessing the customers’ executive teams’ tolerance for risk. What absolutely must be secured, and in what order? The security supplier can then identify the solutions that best fit the customer’s immediate and longer-term needs and then deploy, integrate and manage the solutions over time. After all, data shows that 45% of SMBs feel it will be beneficial for them if an external services firm can help define and implementing security policies.

One key point of exposure in this process is the ability to ensure that different solutions work together. In the cloud world, and increasingly in the on-premise world as well, channel partners and MSPs focus on integrations: the breadth of a single vendor’s product line, plus – and importantly – the extent to which third parties develop and support links to a firm’s products.

There will be no slowdown in the digital transformation of SMBs; their business infrastructure will increasingly rely on technology. Likewise, there will be no slowdown in the threats to that infrastructure; as reliance on technology increases, so does the potential bounty for attackers. And as a result, there will be a continuous and growing need for IT security services – which will sustain firms adept at delivering and managing security solutions that combine expertise and industry-leading technology.

New work patterns and the acceleration of distributed workplaces are resulting in a range of productivity benefits for SMBs today. As such, businesses see increased workforce efficiencies and talent recruitment while minimizing cost by reducing intermediaries and integrating contract professionals – and even improved environmental performance through reduced commuting and building footprints.

In the quest to deploy a perfect hybrid workplace technology infrastructure, SMBs often overlook networking – wireless, routers, firewalls, and beyond. Similarly, as small business retailers and other small commercial offices struggle with re-opening uncertainties, they also grapple with the daunting task of enabling secure and safe environments for their employees and customers. Digitization with minimum IT disruption and low manageability is on their minds.

Cash flow constraints, limited access to finances, competitive landscapes, the need for innovation, erratic revenue, uncertainties, the pace of technology change, and many more are drivers for achieving cost efficiencies within SMBs. Digital transformation is no longer the domain of only upper midmarket firms and enterprises. Techaisle's SMB and Midmarket Digital transformation survey research shows that 46% of SMBs are adopting digital transformation to reduce costs, and 38% are planning for innovation in customer engagement and services.

Helping SMBs thrive with robust IT solutions

Unbeknownst to many, the Cisco Meraki platform and the solutions it powers is a critical foundational technology to fast-forward digital transformation for SMBs. Much of this comes from its ease of use, simplicity, and flexibility for lean IT to innovate by doing more with less.

Cisco acquired Meraki in 2012, around the same time (2013), when it divested Linksys to Belkin. Over the years, Cisco has continued to innovate on its highly successful Meraki platform. It is no secret that Cisco Meraki invented cloud-managed networking technology in 2006. It has continued to innovate and expand the networking portfolio to IoT solutions and cover any business need or use case. The Meraki platform consists of switching, security & SD-WAN, wireless access points, mobile device management, and extending to IoT, including smart cameras and AI-equipped sensors to drive business intelligence.

Regarding deep intelligence and analytics, Meraki Health and Meraki Insight allow SMBs to monitor all aspects of their network and applications from the Meraki dashboard or API and easily detect and fix potential issues in minutes. Techaisle's survey shows that only 4% of small businesses have internal full-time IT staff. They spend 79% of their time on support, maintenance, and troubleshooting— creating an IT efficiency deficit and negatively impacting organizational productivity. Meraki Health's objective is to simplify troubleshooting for the lean, almost non-existent, or over-burdened small business owner/manager. Small businesses need to propel growth and enable new business initiatives freeing up time and resources. To ease the digital transformation, Meraki provides many capabilities that protect SMBs of any size, including:

• Preventing cyber-attacks: Meraki MX Security & SD-WAN appliances protect SMB businesses, users, and devices. Meraki security has the backing of Cisco Talos, one of the largest commercial threat intelligence teams globally.

• Deploying remote workers: Meraki Z3 teleworker gateways provide connectivity and secure and seamless in-office experiences. Meraki Insight delivers deep visibility into critical business applications and proactive troubleshooting for remote workers.

• Ensuring safe occupancy: Meraki MV smart cameras let SMBs maintain social distancing guidelines by remotely monitoring and tracking safe occupancy levels in physical environments through intelligent analytics, such as object detection and tracking.

• Cost savings from simplicity: All Meraki products are deployed and controlled from a single pane of glass. Meraki Health is available for all devices, saving many troubleshooting times by pinpointing specific problematic devices and clients via root cause analysis.

SMBs agree that Meraki solutions can be quickly deployed with zero-touch provisioning and configuration and remotely managed through a cloud-based GUI dashboard (single pane of glass), with all-inclusive licensing. Meraki provides 24/7 technical support (email or phone) and a lifetime warranty on devices (except cameras & outdoor APs) with advanced replacement.

Challenges in small business security

Techaisle's SMB security survey research data shows that security is a top IT priority and challenge for 76% of SMBs, and 65% are planning to increase IT security investments. Within the SMB segment, small businesses often lack the skills required to work with software-based security solutions and are 25%-33% less likely than midmarket firms to work with managed service providers.

Most small businesses are not proactive in addressing security issues, but that may not be the whole problem or perhaps even the greatest obstacle to small businesses’ adoption of security technology. Relative to midmarket firms, small businesses have limited to no internal IT security staff, are not generally working with a managed service provider capable of handling security needs, and are about 50% less likely to embrace external vendors' software-based security solutions.

While small businesses could theoretically pursue some strategies used by larger competitors, they lack the experience and skills to identify, deploy, and manage the products and relationships used to develop shields protecting valuable corporate data, applications, and human assets.

Meraki addresses these issues by providing a secure in-office experience to remote workers—giving access to applications while maintaining visibility and control from anywhere with a cloud-managed dashboard. It also encrypts data with Auto VPN, allowing employees to quickly, securely, and remotely connect to corporate locations.

Meraki smart cameras also address physical security, remote monitoring, and intelligence by including on-device storage and flexibility to access data through the cloud. The cameras allow for many playback features with machine learning and AI to compress the data and provide business intelligence instantly gleaned from long recordings. It is an ideal product for SMBs implementing social distancing guidelines, remotely monitoring physical spaces, reducing in-person exposure on-site, and ensuring comprehensive security.

How SMBs can adapt and digitize

As I said earlier, there is increasing importance for innovation and digitization (not referring strictly to the substitution of digital records for physical documents, but more broadly to the use of digital technologies to meet business goals) in SMB strategy. Dependence on technology as a critical element of business success, burgeoning complexity, and cost constraint has created a perfect storm for small businesses to adapt to changing environments using specifically designed technology.

Over the last few months, we studied use cases and Meraki's usefulness within the SMB segment. Meraki addresses real and compelling issues, and I believe it will continue to expand within the SMB community. Verticals such as healthcare, manufacturing, retail, and financial services have been quick adopters of Meraki, specifically for launching new business models, deploying remote workers, transitioning to hybrid workplaces, cybersecurity, location analysis, contact tracing, social distancing, personal safety, curbside pickup, and more.

SMB owners and executives are concerned with issues that extend beyond technology. Yet, today's business environments are increasingly dependent on IT support, products, and services that improve productivity and efficiency or expand market reach and potential.

Final Techaisle Take

IT initiatives that can be linked meaningfully to broader business objectives can attract SMB executive support – meaning that products and services that address key business priorities have the most significant growth potential. Meraki is well on its way.

Today's economy demands that technology support SMB activities. The future will be defined by them capitalizing on technology-enabled business options. If SMBs are thinking about the path forward, from today's foundation to tomorrow's opportunity, they should include Meraki in their evaluations. Writing this analysis reminds me that I work from home and should probably replace my mesh routers with Meraki devices.