Closing the SMB security gap
Tony Lock analyses the essential role the channel has to play in helping smaller firms to command their security and data risk landscape
We have reached a point where most SMBs take the internet for granted. The web is exploited as a general information resource and email is used to communicate both internally and externally.
An army of developers out there willing to knock up a website for very little money means most SMBs now have some kind of web presence. Indeed, many are actually trading on the web. From the perspective of an outside attacker, SMBs today have created quite a big attack surface to prod and probe for vulnerabilities.
Meanwhile, our wide-ranging research has illustrated that SMBs are frequently acquiring and relying on quite a bit of electronic data for their business operations, and that data is often confidential or commercially sensitive in nature.
Data associated with applications such as accounting, contact management, sales, service and logistics today resides on a range of devices. These may include file servers, NAS drives, PC hard disks, and persistent memory in smartphones and tablets - many of which are neither properly secured nor protected in terms of encryption, backup and recovery.
Mounting costs
Add to all this a general lack of risk awareness in the average user or, if it comes to that, quite senior business managers, and you find a lot of accidents out there waiting to happen - never mind the fact that IT windows are wide open with unlocked doors aplenty just waiting for theft and fraud to take place.
But so what? Does it really matter if SMBs or other smaller organisations suffer security breaches or data loss? The reality is that SMBs make up a huge chunk of the UK economy, and if you add up all the distraction, cost, and business loss that occurs every day as a result of fallout from security and data protection issues, it is clear that the problem is significant.
Factor in the effort required to troubleshoot and solve the issues that arise and the impact on the nation's bottom line is probably quite considerable, although almost impossible to quantify - whatever any particular analyst or security vendor might say.
Furthermore, the supply chains and sales channels of large enterprises frequently encompass large numbers of SMBs, thereby adding to the associated risk exposure highlighted above. Businesses are at risk, and so are their customers.
Security and data protection have long been the elephant in the room. Things need to change dramatically, especially as governments and other regulatory bodies seek to impose legislation that will minimise security breaches.
SMBs must figure out how to improve their IT security, data protection and disaster recovery capability. Yet few SMBs fully comprehend the nature of the threats to which they are now routinely exposed. Even fewer have a good grasp of either the offerings that might help them improve their risk management exposure, or the changes to their processes needed to support any security and data protection technology enhancements.
This is where the channel comes in. Most SMBs have neither the time nor the resources to go out and assess technology opportunities. And, essentially, they don't know what they don't know.
Time to shine
As shown by the chart below, which illustrates answers given to a Freeform Dynamics online poll of 294 IT staff, managers and employees do not understand how important IT systems are to their firm's routine operations and the risks users face every day. Even when such matters are considered, a lot of IT generalists do not realise many threats can be addressed without breaking the bank, with offerings that can be maintained and operated long term.
But when organisations do recognise a risk that must be addressed, perhaps because of legislation or after they have suffered a breach or data loss, channel companies are where they will look first for help. Technology providers should therefore try to bring up the subject of risk management with their customers when they are discussing other, routine IT matters.
Our conversations with channel partners that do this indicate great potential to improve the security posture of SMBs - while resellers themselves clearly stand to benefit through supplying additional, value-added offerings, with margins always being squeezed. This way, everyone wins.
See our report here
Tony Lock is programme director at Freeform Dynamics