SMBs are not only increasingly dependent on IT – they are dependent on increasingly-interconnected systems, which are in turn open to an ever-expanding population of devices and access points. The volumes and value of data contained in these systems continues to grow, which both increases the potential damage associated with a breach, and attracts heightened attention from hackers. Techaisle’s SMB survey data finds a disconnect between security policy and security practice that creates the potential for poorly-coordinated approaches to security – an uncertainty that is magnified by shadow IT.
In Techaisle’s latest survey of SMBs, only 13% said that they were fully prepared and confident to handle security challenges, especially mobility security. The remaining 87% were partially prepared, unprepared or unsure. These are very sobering statistics.
Techaisle’s SMB Shadow IT survey data shows that over 70 percent of applications and nearly 60 percent of IT infrastructure related spend and decision authority lies outside of IT. These expenditures are made without the IT department’s approval, guidance, or in some cases, even without IT’s knowledge.
Security is becoming a more critical component of business rather than IT strategy.
SMB IT security managers should petition for senior executive support which will help to build an approach that safeguards the organizations, users and data, in a framework that is flexible enough to respond to emerging opportunities and threats.
SMB Mobility increases threat perimeter
The problem with mobility (like cloud) is that it changes the concept of “perimeter.” Intruders don’t need to batter through closely-guarded walls to gain access to the interior of the network; they can ride through a permeable configuration on the backs of mobile devices that have been granted access to the precious applications and data that live in the interior of the organization. It is as if the castle walls and drawbridge were replaced by windows and breezeways offering access to visitors arriving from all directions.
With mobility, the SMB user community becomes a ubiquitous and shifting source of portals through the perimeter. As a result, IT doesn’t need to only defend against recognized foes: it needs to protect the corporation from breaches that can result from the actions of its own workers, and needs to protect the same data that it delivers as an essential component of support for the mobile workforce – the workforce that is viewed by senior management as making compelling contributions to the top and bottom-line success of the business.
SMBs should consider a four-layer security framework model for deployment:
There is one additional, critical consideration that IT managers must overlay on this four-layer framework: the need to integrate within and across the layers. A hardened perimeter is only as hard as its softest point; to be effective; the “shields” need to connect/overlap in ways that do not leave vulnerabilities that hackers can exploit. Similarly, data that is tagged as high-priority for encryption needs to be protected on one side from poorly-secured endpoint devices and on the other from employee mistakes or malfeasance.
Research You Can Rely On | Analysis You Can Act Upon