Techaisle Blog

Techaisle research into SMB approaches to digitalization shows a great belief in organizational commitment to digitalization strategies. 17% of small businesses and 31% of midmarket firms, down from more than 40% two years ago, believe that they are “holistic” with respect to digital transformation – that within their firms, the Internet and digital technologies impact every aspect of the business and are at the core of organizational strategy. Another large proportion of the SMB population – 32% of small businesses, 45% of midmarket firms – report that their organizations are best categorized as “inclusive,” seeing digital as important to the business, but as a relatively minor factor in strategic planning, and not having organization-wide impact. Lesser proportions of both populations see themselves as ‘siloed’ with respect to digital initiatives, but within 19% of small businesses, up from 5% in 2017, digital is not seen as core to their operations.

Pace of digital business adoption within SMBs

To add context to the previous data set, figure below shows how rapid the take-up of digital business within the SMB community has been and is expected to be over the next two years. Overall, SMBs expect 32% of business activities to be digitized by 2021, which will be up from 17% in 2017, nearly double. On average, roughly a quarter of small business and midmarket companies’ operational processes are digitized today: this represents a 51% increase (from 16%) within small business and a 47% (from 18%) increase within midmarket firms over the past two years, with a further 24%-28% increase (to nearly one-third of all processes) expected by the end of 2021. Suppliers selling into the SMB market with a digitalization position/messaging strategy should find a large number of firms looking to accelerate digital business initiatives.

Constraints to SMB digital strategies

A follow-on question about inhibitors found that 30% of SMBs “lack the skills” to embrace digital business practices; nearly as many (28%, rising to 36% in small business) cite staff or management reluctance to change current practices as a barrier to digital business adoption, and substantial proportions of the SMB community also point to “lack of investment capital/budget” (26%, and again, higher within small business) a risk averse corporate culture (24%) and inadequate installed technology (23%). In all, seven different constraints were cited by at least 20% of SMB respondents – highlighting the fact that SMBs face numerous challenges to development and adoption of effective digital business strategies.

Related SMB survey research reports:

US SMB & Midmarket Digitalization Trends

US Midmarket Digital Transformation Trends

US SMB & Midmarket SaaS Adoption Trends

Europe SMB & Midmarket SaaS Adoption Trends 

Asia/Pacific SMB & Midmarket SaaS Adoption Trends

Latin America SMB & Midmarket SaaS Adoption Trends

White papers

Prologue and Epilogue of Digitalization in SMB Market

Digital Transformation for the Modern Midmarket: Red Paper

Future of Work - Interwork: the next step in connected businesses

Digital Transformation & the Future of Reseller Channel

Techaisle’s Europe SMB and Midmarket security adoption trends survey shows that both small businesses and midmarket firms recognize that cloud poses a risk to their data: “cloud usage/services put us at a higher risk of a data breach” is the security-related statement that resonates most with small businesses, and it is one of the top three issues identified by midmarket respondents. However, 24% believe that they are better prepared than most to address cloud security issues. “Our security budget is sufficient to meet our needs” is the most commonly-advanced statement on IT security by small businesses but 52% of midmarket firms believe that their "budget is not sufficient to meet their security needs". Only 8% of European small businesses have formal security protocols in place to respond to a security incident as compared to 32% of midmarket firms.

There is no denying the threats that IT security frameworks address are becoming both more pernicious and a greater threat to the success of IT-dependent businesses – which is to say, nearly all businesses. Survey data also shows that in Europe, 52% of small businesses and 62% of midmarket firms experienced one or more security incidents in the last one year.

At least within the European SMBs and midmarket firms there seems to be adequate awareness of the quantity, variety and severity of threat sources but the unpreparedness is in part due to weak reporting of breaches when they occur, with only events too big to hide becoming the subjects of public discussion. Tougher disclosure legislation will make SMBs more aware of the extent of IT security issues – which in turn will likely boost investment in security solutions and reduce the number of respondents expressing comfort with their current state of readiness.

Despite the dichotomy of potential of security threats and overconfidence, SMBs are concerned about their threat landscape, both at the PC-level as well as with cloud.

Data clearly shows that small businesses and midmarket firms have very different perceptions of cyber-security risks, security approach and attitude, cloud and end-point security concerns and most effective security solutions to protect cloud data.

A review of cloud security threats and mitigation options available to European SMBs illustrates the fact that while cloud brings unique challenges, the measures used to address the expanded threat profile are consistent with those that would represent good practice in any infrastructure context. 37% of SMB survey respondents are concerned with data exposure during transfers to remote locations, 35% are concerned with the potential for cloud-based accounts to be hijacked, and 28% are worried about unauthorized access to or breaches of data repositories in the cloud, insecure interfaces used to access cloud-based systems, the potential for insiders within a cloud service provider to exfiltrate information, and denial of service (DDoS) attacks – all of which represent cloud-specific threats.

SMBs have very strong perception and understanding of technologies and practices that are considered most effective at protecting data in the cloud and addressing their cloud security concerns. These include data and network encryption, intrusion detection and prevention (IDP), the setting and enforcement of security policies, the creation of data boundaries that separate different information sets, use of access control technologies, and unified threat management. Unlike the threats, though, that are specific to cloud/hybrid IT infrastructure, these approaches do not arise uniquely from use of cloud: they can and should be applied within environments that are not cloud based as well. Any business that relies on a network and supports mobile users (necessitating access control) would do well to implement all of these measures.

Techaisle believes that there are different take-aways for suppliers focused on small and midmarket customers. In small business, there is a need to educate buyers about the gaps that exist between current preparedness and risks, and between small business readiness and the approaches that are common within larger organizations: small businesses need to understand where and how to invest in a wider range of security solutions, especially with respect to covering threats associated with mobility and cloud. There is also a need to respond to price-performance pressures.

Clearly, security itself is a complex solution area, and the marketing challenges faced by suppliers – which need to articulate solutions in terms that are appropriate to small and midmarket businesses, to BDMs and ITDMs, and via sources and channels that are relevant to the evaluation and purchase process – are complex in their own right. Security permeates all aspects of IT service delivery – and as a result, success in navigating the solution and marketing needs offers great upside for successful suppliers.

The core changes in the demands on different areas of the channel business are critical and challenging, but they can be seen as more effect than cause. In all aspects of channel business, long-held business tenets are being replaced by an emerging reality that has been ushered in by the move to cloud and amplified by many other trends – changes in buyers and buyer behavior, as well as management and process changes, and evolutions in service/technology delivery – that are reshaping how technology is acquired and used, and how suppliers need to act to meet buyer requirements.

NEXT channel

Techaisle has identified twelve areas where channel partners must abandon ingrained behaviors and move to new approaches that will enable NEXT (Networked, Engaged, Extended, Transformed) channel businesses.

Partner-to-partner relationships are important to cloud business success

There are seven imperatives that impact all areas of channel business operations, there are two imperatives that relate to internal management/process items, two that impact service/technology delivery, two that affect go-to-market and customer relationship management, and one – the shift from ‘turnkey solutions’ to ‘ecosystem collaborative solutions’ – that touches on all three areas. Let us discuss this last imperative.

Solution packaging isn’t a ‘religious issue’, it’s a ‘customer choice issue’ – and customers are clearly choosing to move from turnkey systems to hybrid environments that can be aligned with their evolving needs; this will also require an accelerated frequency of partner-to-partner collaboration (not opportunistically but strategically).

The chart above illustrates an important feature of this migration: it increases both the scope of projects that the channel partner can engage in and the profitability of those engagements. As the chart demonstrates, 65% of channel firms that consider themselves to be “very successful” in selling cloud report that they frequently collaborate with other channel partners; firms that struggle with cloud success are much less likely to proactively work with peer channel firms.

Drilling into the data from 2014 to 2018, we find that the opportunistic collaboration has increased by 69%. There are many sporadic efforts but no single vendor is formalizing and enabling this P2P collaboration.

What is the new Turnkey solution:

Techaisle’s 2019 US SMB and Midmarket security adoption trends research investigated 17 different types of IT security solutions. These can be positioned as belonging to one of four broad categories:

1. Protection of data entering the corporate environment
2. Protection of the mobile environment, including the following
3. Traffic inspection and management
4. Protection of data that is being used within the corporate environment

Analysis of data showing current and planned use of these technologies helps illustrate how security environments are changing, and differences in security approaches between small and midmarket businesses.

The wall and drawbridge: protection against threats entering the corporate environment

The technologies included in the “protection of data entering the corporate environment” category are those that correspond to the castle walls-and-drawbridge analogy used at the beginning of this document. They are broadly used by both small and midmarket firms, with 100% of users in both groups reporting that they have anti-spam/email security and anti-malware/virus/spyware products deployed today. Web/content filtering is also commonly employed within both small businesses and midmarket organizations, with current usage levels at 54% in small business (with another 18% planning to deploy these products) and 62% in the midmarket (with an additional 18% planning to begin use). Firewalls and VPNs are commonly used to secure midmarket traffic – 100% of midmarket respondents report use of firewalls, and 52% are using VPNs, with another 25% planning to begin use of VPNs in the near term – but are not as prevalent in the small business environment, where just 18% of respondents report current use of firewalls, and VPNs are not found in the data.

Extending to the edge: protection of mobile environments

Mobility poses an enormous challenge to the traditional security approach: it isn’t possible to rely on a heavily-guarded drawbridge if there are dozens (or hundreds or thousands, depending on business size) of moving gates that each poke through the wall of the keep. Technologies intended to protect physical devices (mobile security), the data resident on or accessed through those devices (DLP) and the ability of the devices to access corporate resources (MDM/MAM) have developed to help security professionals intercept threats before they reach the perimeter of the enterprise network. Survey data shows, use of these technologies by SMBs is still primarily in the planning stage, though there are examples of current deployments addressing mobile threats. Three-quarters of midmarket firms report current use of DLP, and over 50% have already deployed some form of mobile security. Plans for new deployments of these technologies in both small and midmarket businesses are substantial, with 21%-31% reporting near-term usage intentions. Midmarket businesses are also interested in exploring endpoint forensics – the use of device data to identify anomalous patterns indicating an infection or breach – but this is still years from becoming a mainstream SMB security approach.

Inspecting and managing traffic

Many organizations are coming around to the conclusion that security breaches are more a matter of ‘when’ than ‘if’, and are dedicating resources to identifying and addressing vulnerabilities or intrusions. Four of the technologies/tactics covered by the Techaisle research address this requirement. Breach detection systems – systems that focus on malicious activity within the network – are the most commonly deployed technologies in this area, used by just 6% of small businesses and 69% of midmarket firms. IPS/IDS – a category that combines technologies that attempt to prevent network intrusions and those that monitor and report on attempted incursions into the network – are currently used by half of midmarket firms, with 29% of small businesses and 30% of midmarket organizations planning future deployments. Security information and event management (SIEM) systems, which collect and analyze information from other security technologies deployed by the enterprise, are used by 47% of midmarket firms and in the near-term plans of an additional 28%. And 23% of small businesses and 27% of midmarket firms are planning to engage suppliers to perform penetration testing – ‘ethical hacks’ used to probe networks for vulnerabilities.

Protecting information in use within the corporate environment

The fourth category of security solutions is dedicated to protecting assets within the corporate environment – the data, applications and physical environments used to produce IT-enabled outcomes.
The date demonstrates that at this point, small businesses are not adopting the technologies used to secure information in use, but that midmarket firms are investing in this level of defense. Over half of midmarket businesses surveyed are currently using both security products that protect virtual environments and data encryption, which secures ‘data at rest’ against hackers who penetrate other defenses. Additionally, 26% of midmarket organizations are planning to deploy user behavior analytics, which highlight potential exposures due to employee negligence or malfeasance.

In today’s SMB market, it is critical for vendors to build detailed understanding of the small and midmarket segments, and to align resources and strategies with requirements as SMBs move from initial experimentation with sophisticated solutions towards mass-market adoption.

In this report, Techaisle analyzes 1,245 survey responses to provide the insight needed to build and execute on IT security strategies for the small and midmarket customer segments. Techaisle’s deep understanding of SMB IT and business requirements enables vendors to understand the ‘why’ and ‘when’ of solution adoption, current and planned approaches to solution use, the benefits that drive user investments, and key issues in aligning with buyers and building and intercepting demand.