Industry Survey Shows SMBs Lack Minimal SecurityBy John Hazard | Posted 2005-08-24 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Many SMBs fail to obtain even minimal network protections and cite a lack of time, resources and money, according to a recent survey. Simplifying the security solution and sale could mean business for VARs serving SMBs.Sean Stenovich often sees his small and midsize business clients pick and choose their security solutions based on what they think they need and can afford.
The result is a security plan that covers some areas but leaves many others exposed, said Stenovich, a principal at Dallas security solutions provider M&S Technologies.
"They're thinking [anti-virus] protection, anti-spam software; not intrusion protection, system backups," Stenovich said. "I feel their pain. I'm a small business owner too. They have to prioritize, and they end up with gaps in their protection."
Some highlights of the report include:
"[Security risks are] a nightmare SMBs have," said Bob Tarzey, services director at Quocirca, which specializes in the IT field. "They're not stupid, but the realities of business dictate they take a 'we should be all right' approach. They don't have the time, they can't afford the expense, can't take the hassle of finding a fix and integrating all of their components."
The answer to improving security at SMBs and building business for the VARs who serve the industry is making the solution quick, cheap and easy, said David Luft, senior vice president of SMB product development at Computer Associates International Inc., which sponsored the study to support the marketing for its new line of security software suites aimed at SMBs.
"SMBs are not looking to get into a drawn-out process to secure themselves," he said. "They're looking for an easy fix that lets them get back to business, whether it is banking or sales or health care."
Not surprisingly, the survey found that the smaller the company, the more vulnerable the network. Less than 10 percent of companies with 50 employees or fewer maintain automatic security patch management software, versus 60 percent of companies with more than 300 employees.
"They have less to work with, so they're more likely to prioritize their needs and their resources," Stenovich said. "But it can be a painful situation if they get nailed where they least expect it. Even the smallest company is vulnerable to lawsuits or financial losses from these security threats. As the reseller it's your job to remind them of that." Stenovich said the cost factor is not a figment of the client's imagination.
"For years, everything was about serving enterprise companies, and these solutions were priced out of the SMB market," he said. "In recent years, you've seen a shift in that vendors are making solutions that are cheaper and easier to manage for the smaller clients. For resellers it means our clients will be more likely to buy in."
Low maintenance is also a key, Luft said.
"More and more SMBs need software to take care of things for them, take specific actions without their knowledge," he said. "They don't want to have to worry about whether their software patches are up to date."
"The bottom line is they don't want to be in the IT business," he said. "Whatever lets them get back to business quicker will get them on board."