Small and midsized businesses are challenged with defending their users, applications and data against external threats. Security issues cast a long shadow over SMB IT priorities, especially as firms embrace the benefits of hybrid IT, only to find that their environments become more complex, and more difficult to manage and protect. SMBs are responding by expanding security budgets – but they lack the staff and expertise to construct effective shields around their organizations. The channel has an essential role to play in defending their clients’ SMB businesses against security threats.
The origins of the saying “it’s about the journey, not the destination” may be unclear – it’s variably ascribed to Ralph Waldo Emerson, theologian Lynn H. Hough, Canadian rapper Drake, and others – but its applicability in an IT security context is clear: there is no end point at which security is ‘done’; security requires constant updating, to stay current with expanding threat vectors.
This requirement for continuously-improved IT security is both a challenge and an opportunity for channel members. There is a need to stay current with the tactics and technologies that protect SMBs from threats – and there is a steady and profitably business to be made in meeting this challenge.
What is the opportunity?
Techaisle has pegged US SMB security spending in 2018 at $9 billion: nearly $4 billion in spend by small (1-99 employees) businesses, and more than $5 billion in spending by midmarket (100-999) firms. And the market is expanding rapidly, especially at the high end of the small business segment and within the midmarket: a large-scale Techaisle survey found that in 2018, firms with 50-99, 100-499 and 500-999 employees increased IT security spending by 6%, 7% and 8%, respectively. Channel organizations that invest in building strong security practices are able to tap into strong and growing demand for IT security solutions, and the management expertise needed to effectively deploy security products in an SMB environment.
Constraints and confusion
High IT security spending levels and growth rates mask an underlying sense of confusion with respect to safeguarding emerging cloud and hybrid IT environments – and a lack of resources able to address this problem. This uncertainty extends across on-premise and mobile devices – and out into the cloud.
Data demonstrates that size has a major impact on how SMBs approach security. It isn’t the only factor, though. Techaisle research has identified four sophistication-defined segments within the SMB market: Pre IT, Basic IT, Advanced IT and Enterprise IT. Organizations belonging to these clusters behave in a consistent fashion, approaching technology and IT solutions in similar ways and timeframes. The groups and high-level characteristics are shown below.
IT sophistication and cloud security
The data illustrated above – and results of a follow-on question regarding use of products designed to provide cloud security – helps illustrate the value of clustering SMBs by IT sophistication level. Nearly 30% of Pre-IT firms are unsure about cloud security risks, and a similar proportion, and more than twice that number – 68% - are neither using nor planning to use any specific cloud security technologies. At the other end of the spectrum, more than half of Enterprise IT organizations are using cloud security solutions today, and an additional 43% plan to deploy these technologies within the next year.