An interesting article by Kevin Casey over at Information Week seeks to throw water on the idea that SMBs are lax on security. Casey points to a recent study by IDC that says SMB spending on security is actually accelerating at almost double the rate that general IT spending is forecast to grow. All told security spending by the SMB market is supposed to total 5.6 billion dollars by 2015.
Interestingly though, even IDC points to the fact that when you speak to SMBs about their priorities, security is not at the top of the list. So what explains all of that security spending on something that is not a high priority?
The spending on security is being driven as a result of security being a necessary part of many of the real priorities of these SMBs. Areas like cloud, mobile devices, BYOD and telecommuting are among the highest priorities for many SMBs. In each of these areas, security plays a major role. Security becomes an enabler for leveraging all of these next gen technologies. As a result security spending and awareness gets a lift by being part of the solution.
This actually represents a big shift from traditional thinking. Organizations especially SMBs used to implement new technologies and then realize that security was missing or an afterthought to them. The fact that they are planning for security to be built in contemporaneously with these technologies being rolled out is very encouraging.
So perhaps the era of the SMB market lagging in security is growing to a close as we enter a new age where security is not just bolted on after the fact, but actually built into the solution from the beginning.
Another factor is what kind of security we are talking about. These new technologies will probably result in different kinds of security technologies being deployed. The traditional moat and castle model of perimeter defense, may give way to more application related security, endpoint security and Identity and Access Control type of security solutions.
This would represent a major shift in security spending from what we have seen in the past. Firewall, UTM and anti-malware gateways have been the big winners in SMB security. Also, managed security services and security in the cloud or Security-as-a-Service type of solutions could see big adoption rates as SMBs seek to secure these new technologies they are bringing on line.
Having the in house expertise to manage and maintain these new security implementations is also a factor to be considered. Again, this is a reason for MSSP or managed security services to gain traction in the SMB market. In many cases the cost of maintaining the security solution outweigh the cost of buying the solution itself.
In any event whether it sneaks in the back door or with the crowd through the front door, more security is not a bad thing.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.
