The data kept by a small or midsize business is no less mission critical than that of an enterprise -- but too often that information is not secured nearly as well. That's largely because of ignorance about security and concerns about cost, explains the vice president at security vendor DigitalPersona. Here are some ways to get SMBs thinking about security like the big guns do. — Jennifer Bosavage, editor
Security is a fickle thing – especially when it comes to small- and midsize businesses. If you work with those organizations, then you know two basic things:
1) they all think they couldn’t possibly be the target of cyber threats, and
2.) they think they are secure after completing the install of their firewall, anti-virus and malware solutions.
Where have we as an industry gone wrong? To leave this lasting perception on SMBs means that far too many organizations are floating along unprotected, and that significant sales and account services opportunities remain untapped.
The mobile workforce is fueling that SMB insecurity fire. To successfully compete, SMBs are being pushed to equip their employees with laptops and smartphones, facilitating a 24/7 working environment where decisions can be made, and actions taken, quickly. In fact, laptops began outselling desktops in 2008, according to research firm iSuppli, and are expected to constitute half of the PCs in business environments in the next few years. While many large companies have shifted focus and begun experimenting with new mobile devices such as iPads, many SMBs still struggle with handling their Windows PCs. (Ed. note: See, "Is an Enterprise-Ready Tablet a Myth?) So the question is: in this laptop-driven SMB world, what security issues are going unaddressed and how can solution providers and resellers fill this void?
SMBs often fall into the “consumer” mindset. On your personal home computer, you most likely leverage the Microsoft Windows firewall to protect against unwanted intrusion, and likely have free versions of anti-virus, anti-spyware and malware protection solutions that you run every once in awhile. When this is what you do at home, it is easy to think that your small organization requires the same protection. This is far from the case. SMBs, no matter how small have critical data that needs to be actively defended. This data can be as simple as business and product plans, or something critical such as customers’ financial information and account details. Protecting this data requires more than just a firewall and anti-X software. Truly securing this data requires a combination of data protection, access control and authentication solutions.
Those overarching categories can break down into several sub-technologies:
• Data Protection: The name says it all. This category is about protecting the data a SMB generates. The first place to start is with the data that sits on each user’s notebook PC. As this data gets around, the risks to the customer’s company grows. The most common technology used to address this problem is encryption. There are two primary forms of encryption you can work into your product mix: full-disk encryption (FDE) or file/folder encryption. FDE solutions take the entire hard drive and encrypt it so only those with the encryption key can access the data on the drive. That method is the most popular in the business setting because it ensures nothing is overlooked. Additional data protection technologies include data back-up solutions, to ensure data isn’t lost, and the previously mentioned firewall, anti-virus, anti-spyware and malware protection solutions, which combine to protect from threats infiltrating the environment.
• Access Control: At any organization, having quick access to information is critical to getting the job done. However, making sure that the people accessing this information should have access to it is something that is often overlooked in the SMB. This often means access is granted to information some employees don’t need to do their job, creating security issues. Solutions that fit into this category include a Virtual Private Network (VPN), single sign-on or password managers for system or application login, and access recovery solutions.
• Authentication: Critical to any data protection or access control strategy is being able to validate who is requesting access in the first place. Authentication solutions provide organizations with a way to more reliably determine who does what and where. The most common form of authentication is the simple password. But, it’s also the least secure. More and more businesses are looking to more advanced authentication methods, such as one-time password tokens, smart cards and biometrics. In the case of biometrics, there are many forms such as fingerprint biometrics and facial recognition. Fingerprint biometrics is the most popular today because it has become very reliable and very inexpensive.
Once you understand the holes prevalent in the SMB and the solutions that can fill them, the next step is to identify how you can sell these into organizations. When it comes to SMBs, the primary barrier is price. SMBs typically have very limited resources and must devote a large percentage of available capital to actually running the business. SMBs often think that strong security is something only larger enterprises can afford. However, new types of security suites are now available that are specifically designed to fit into SMBs’ budgets.
Beyond price, it is also important to recognize that your offering has to be easy to deploy and manage. Many SMBs lack technical know-how or dedicated IT staff, making simplicity critical. In some cases, security solutions offer you the opportunity to go beyond a straight resell opportunity and provide additional services. Those may include building out a cloud-based SaaS solution, or offering management and support services that can generate ongoing revenue.
As with any offering that is not widely understood, education is vital to tapping into the SMB. The lack of IT understanding often extends beyond the technical teams to the executives or proprietors, making it important for you to speak at a level they can understand and take steps to educate them further. Webinars and white papers can help explain a topic in depth, and case studies on other successful SMB deployments are usually among the most effective selling tools.
The SMB market is still very much a new frontier, representing a significant opportunity for the solution providers that figure it out first. If you can show your customers that you can offer security they can trust in a way that is both simple and affordable, you will be well on your way to capturing the riches this market presents.