SMB & Midmarket Analytics & Artificial Intelligence Adoption


    SMB & Midmarket Security Adoption Trends


    Channel Partner Trends


    2024 Top 10 SMB Business Issues, IT Priorities, IT Challenges


    2024 Top 10 Partner Business Challenges


    SMB & Midmarket Predictions


    Channel Partner Predictions


    SMB & Midmarket Cloud Adoption


    Networked, Engaged, Extended, Hybrid


    Influence map & care-abouts


    Connected Business


    SMB & Midmarket Managed Services Adoption


    SMB Path to Digitalization

Techaisle Blog

Insightful research, flexible data, and deep analysis by a global SMB IT Market Research and Industry Analyst organization dedicated to tracking the Future of SMBs and Channels.
Anurag Agrawal

IBM – motivating midmarket firms to think strategically about cloud security

A blog “Big Data in the Cloud - an ideal solution for SMB banks” that we wrote touched a nerve, in a good way. Post blog, in our several discussions with both large and community banks we find that cloud objection is largely based on the size of the bank. In addition, regulatory compliance concerns are huge as most midmarket businesses and banks in particular spend a lot of money being compliant. With the move to cloud they want to make sure that the investment extends to the cloud without being exposed to security breaches and from a regulatory point of view.

What is clear is that migration to cloud is forcing businesses to think differently about security, in very standardized ways because the delivery of cloud service is standardized. It is also pushing them to automate security because utilization of cloud is dynamic, elastic, automated and fluid thus making manual or even semi-automated security processes unmanageable. However, this approach creates multiple vulnerabilities. The bad guys themselves are taking advantage of all the cloud technologies and are becoming a lot faster and more automated than the businesses. Security therefore becomes a moving target and cloud security is a perfect opportunity for businesses to improve defenses and reduce risks.

While most midmarket businesses are reactive, hunting after point solutions when something goes wrong, others are taking a proactive approach to risk and threat so that they have more fluidity in the way they respond when a threat occurs.

IBM security is on a path to help businesses think differently about cloud security. It is moving the businesses along a maturity curve from reactive to proactive to optimized. Optimization refers to the difference between being able to weather an attack and continue with business and how much time could one can shave off and how much cost could be optimized for being able to respond to that event in reducing risk.

As Sharon Hagi, Global Strategist and Senior Offering Manager, IBM Security, said in an interview “the state that IBM is advocating goes beyond reactive or proactive. We call it the optimized state where organizations use automation coupled with predictive security analytics to drive towards a higher level of efficiency. By mixing the elements of proactive approach, automation and security intelligence businesses can actually get to the point where they are a lot more efficient and they actually reduce time and cost to respond to risk.”

IBM is differentiating and trying to distance itself from others in a number of different ways. IBM has a managed security services practice with ten plus security operation centers around the world servicing 133 different countries with 6,000 security professionals and its research lab X-Force provides actionable threat intelligence and insights for business and IT leaders. IBM monitors 10,000 security customers globally, 70 million end-points with 20 billion events per day, has made enormous investments in security intelligence analytics platform that allows it to distill information, identify threats and respond quickly.

But for banks and businesses that come under deep regulatory scrutiny, security goes beyond managed services and is a major psychological barrier to cloud adoption triggering a high level of fear-factor. Recently, we posed a fundamental question of “Why do you want security” to banks and midmarket businesses in general. The responses received could easily be bucketed into five categories:

Michael O

Increasing role of BDMs in SMB Cloud and Mobility Security Management

Techaisle’s recently completed study on SMB IT Decision Making Authority: ITDM vs. BDM, examining the balance in SMB IT decision making authority between IT decision makers (ITDMs) and business decision makers (BDMs)  shows that BDMs are becoming increasingly involved in SMB cloud and security management processes. In 76 percent of SMBs BDMs have active roles in cloud security and in a whopping 87 percent of SMBs they are active in mobility security management.

Techaisle’s SMB IT Decision Making Authority: ITDM vs. BDM report provides data to substantiate a common theme: business management is taking a more active role in IT acquisition, deployment and management. This is especially true in cloud and mobility as BDMs are able to directly procure systems that support their business needs (such as CRM systems used by sales management) – avoiding IT’s processes and timeframe for deployment, and in some cases, avoiding input from IT altogether.

When we speak to ITDMs or IT suppliers who work with IT managers we are often exposed to the counter-argument against this newfound BDM freedom: that without effective IT oversight, cloud systems can become disconnected from the corporate IT infrastructure, creating silos of data, and potentially, security, audit, compliance and privacy risks.

To obtain insight into this issue, Techaisle asked survey respondents to identify who (by area of responsibility) has primary responsibility in each of 10 cloud security areas and 12 mobility security areas. Looking across both groups, we see at a glance that in both the small and mid-sized businesses business management is viewed as a source of access policy but the management of the security process is largely the preserve of IT.

Comparing Cloud and Mobility Security Management

The study shows that there are three key players in managing cloud and mobility security within SMB organizations – Business Management, IT Management and Service Providers. Business management involvement is higher than IT management in mobility security, 87 percent vs. 68 percent. Drilling down into the data we find that SMB BDMs take an active role in five out of twelve mobility security areas and have primary responsibility in seven security areas.

On the other hand, SMB BDM involvement in cloud security management is 76 percent which is almost same as ITDM at 78 percent. But unlike mobility security management, BDMs are actively involved in three cloud security areas and have primary responsibility in only one security area.

Within the mid-market businesses, IT management has a higher percent of involvement than business management for both mobility and cloud security administration. ITDMs actively participate in five of twelve mobility security areas and five of ten cloud security areas.

The above data does not imply that BDMs and ITDMs are not involved in all security management areas; in fact, they are but the roles and responsibilities shuttle between the two principle SMB custodians.

Comparing Small and Mid-market Businesses for Cloud security management

Drilling down into the cloud security management process only, the data reveals that BDMs are responsible for setting access policy in over 60 percent of cases – but all other steps in the process are primarily the responsibility of IT but with involvement from BDMs, from user authentication to ensuring consistency with audit, regulatory and compliance requirements and to ensuring that backup is regular, effective and testing.

When we turn our attention to the mid-market businesses, the first finding that leaps out at us is the more prominent role played by business management. In nine of the ten cloud security activities covered in the survey, medium business respondents report more non-IT management involvement than their small business peers – and in one step in the cloud security process (ensuring consistency with audit, regulatory and compliance requirements) medium business BDMs have similar level of responsibility as ITDMs.

Role of Service Provider in Securing SMB Cloud and Mobility solution deployments

Survey data presents a very interesting dichotomy about the role of service providers in securing SMB cloud and mobility solution deployments. Service providers are involved in 47 percent of SMBs for cloud security which is 35 percent higher than their involvement in mobility security. But for mid-market businesses they are 50 percent more involved in mobility security than cloud security. Out of the twelve areas, key roles played by service providers for mobility security are “Authenticating user identities” and “Deploying and updating malware and other security technologies on corporate-owned endpoint devices”. Within the ten different cloud security areas, service providers are most involved in “Safeguarding against unauthorized access” and “Authenticating user identities”.

It is interesting to note that both small and mid-sized businesses rely on cloud suppliers through the security process – interesting primarily because (as the saying goes) “you can’t outsource responsibility”. SMBs are free to rely on cloud suppliers for assistance through the cloud security process, but if/where there are breaches or other issues, the responsibility still rests with the business, not with the supplier. Techaisle believes that the proportion of SMBs –both small and medium businesses – who report that their cloud suppliers have responsibility for one or more cloud security activities should take a closer look at whether and how they might separate responsibility (which is a management requirement) from delivery (which may well be best outsourced to a cloud vendor). Here again, SMBs require guidance from security specialists to align practices with requirements.

Details about the report can be found here

Related research:

2014 SMB & Mid-Market Cloud Computing Adoption Trends

2014 SMB & Mid-Market Mobility Solutions Adoption & Trends

Anurag Agrawal

Symantec Simplifying Security for SMBs With Cloud Solution

Symnatec just announced its Endpoint Protection Small Business Edition 2013 which effectively moves Symantec's flagship security solution for SMBs to the cloud. The solution has an on-premise solution as well giving SMBs the flexibility to start with an on-premise solution or use directly a cloud-based solution with no additional hardware requirements and no special IT staff or training needed.

Techaisle Take
In the SMB space, the trend is definitely moving to the cloud, with SMBs reporting growth in the average number of cloud applications rising from 2 in 2010, to 4.3 last year and expected to hit over 7 this year. Symantec has seen flat revenue in a growing market and needs to take advantage of this trend in cloud services. Security is among the most widely deployed cloud application (~60% of Cloud Users).  Symantec has a very broad portfolio of products and despite a management shakeup and unwanted attention from hactivists; they have been able to maintain stability over the past few years. Having said that, there is always some uncertainty when migrating from one architecture to the next; it will be very important to maintain a solid opportunity for channel partners and they will have to execute well as they make this move.

Symantec needs to ensure that their channel partners are well trained in the difference between between the 2013 cloud edition and the 12.1 on-premise version to avoid any SMB marketplace confusion. Symantec also needs to make sure that their marketing campaigns present the choice of offers as a benefit rather than a hard decision; there are benefits to both cloud and on-premises versions depending on the SMB customer need. We have found that there is a gap in demand from channel partners for cloud security services based on what they are hearing from their SMB customers – Vertical Applications, Security and Storage and Backup solutions top the list of requested applications.

All software companies are wrestling with or implementing cloud services strategies. After Cloud Security, which is a strategic imperative for Symantec, the largest opportunities within Cloud Infrastructure are in Remote Storage & Backup services, unless they step far outside their core business. SMBs recently reported that although their business priorities have remained fairly constant, 77% want vendors to reduce complexity in IT so they can focus on business and customers. It seems Symantec wants to enable that by offering both (all) their services through a common interface which is delivered through the channel and allows remote management of both On-Premises installed base and Cloud versions. If they can do this successfully, it should be a win for both small businesses and channel partners.  Even so, the devil is in the detail, and if they fail to bring both of these to the market successfully they risk losing credibility in their core security market.

Anurag Agrawal

Anurag Agrawal

Dell Deepens its Commitment to SMBs with Acquisition of SonicWALL


On March 13th, 2012, Dell announced the acquisition of SonicWALL, a leader in Unified Threat Management (UTM), further broadening its portfolio of security offerings, especially for SMBs and branch offices. By acquiring SonicWALL, Dell gains on multiple fronts.

    • Broaden its Portfolio of Products and Services for SMBs. While SonicWALL has added enterprise-level offerings in recent years, for a long time it was known primarily as SMB-focused company and one of the leaders in UTM for SMBs. Known primarily for its security appliances, it offers SMBs gateway security to protect their networks as well as web and email security, secure remote access and continuous data protection (secured at remote locations). Most of these offerings would supplement Dell’s existing products and enable SMBs to purchase more of their products from a single source.

    • Expand its Channel Partner Base. SonicWALL sold almost all of its products through a loyal base of channel partners, who benefitted not only by selling SonicWALL appliances but also earning ongoing service revenues from managing those appliances as well as off-site continuous data protection (CDP). In that respect, SonicWALL was a step ahead of the industry in offering remote services and would fit in well with Dell’s cloud ambitions. While there may be some overlap between the channel partners of the two companies, and Dell may not grandfather all of SonicWALL’s partners to resell Dell products, Dell would still significantly increase the number of its channel partners (including many MSPs) and broaden its footprint in the SMB market.

    • Enter a Fast Growing and More Profitable Area. SonicWALL accounts for less than one-half of one percent of Dell’s revenues but it is growing much faster. While Dell’s revenues, including revenues from various acquisitions, have essentially remained stagnant over the last five years, SonicWALL has grown by almost 30% during the same period. Its net profitability is 2-3 times higher than Dell. By selling SonicWALL’s products to its current customer base, both directly, through Dell Services and through Dell’s PartnerDirect members, this profitability will increase further as selling through Dell will help reduce SonicWALL’s sales and marketing expenses (which account for 35-40% of its total revenues)

Dell has acquired several companies in recent years that had developed products primarily for SMB customers. After acquiring them, Dell has not only increased their sales to SMBs but, in many cases, also sold those products to branches of its large customers. If Dell follows the same strategy for SonicWALL’s offerings, its latest acquisition will be a win-win situation for Dell, SonicWALL, their customers and Dell’s investors.
Anil Miglani


Research You Can Rely On | Analysis You Can Act Upon

Techaisle - TA