The general way that things worked for years was that enterprises - big companies - would do all the heavy lifting, since they had the manpower and intelligence to throw at a problem. Small and medium-sized businesses (SMBs) would sit back and wait for the fruits of their hard work to filter down.
That is a less and less viable procedure today. The world is moving too quickly for SMBs to wait for their bigger companies to report back on which procedures work and which don't. In addition, the world is changing in such a way that what works for enterprises may not be optimal for SMBs - even discounting the time lag.
The bottom line is that SMBs need to pay attention directly and not wait for help from big brother. Security, of course, is among the most important of topics. A recent survey from Mobilisafe suggests that SMB IT departments are not finding the going easy.
Here is the key paragraph in the eWeek story on the study:
The analysis showed that SMB IT managers cannot keep up with the rate of discovery of severe vulnerabilities these devices bring to their corporate networks. In addition, SMB IT departments lack a standardized approach to mitigating the risks from different types of mobile devices, as they do with laptops, desktops and servers. Although they feel exposed to mobile device security risk, SMBs do not feel they have the adequate tools to assess and mitigate these risks at a granular level, the survey found.
Increased security vulnerability is also due to SMB user habits. Last month, the Ponemon Institute released research on SMB security habits. The ZDNet report on the research points to real differences between how SMB and enterprise personnel take care of business. For instance, 58 percent of SMB personnel have clicked on spam links versus 39 percent of enterprise workers, 15 percent more have left their computers unattended (77 percent versus 62 percent) and 12 percent more have gone to "off limits" sites (55 percent versus 43 percent). These aren't mobile issues themselves, but there is no reason to think that folks would act differently when using tablets or smartphones.
Managed services, which provide many of the advantages of IT departments without the drawbacks, often are seen as the panacea for small businesses. This is nowhere more true than in regards to SMB security. A new report entitled "Global Managed Security Services Market to Reach US$11.2 Billion by 2017" from the Global Industry Analysts pointed to the size of the market in general and the attractiveness of managed security services for SMBs in particular. The press release on the study was posted at Virtual Strategy Magazine:
Lower upfront investments and cost reduction benefits will continue to drive the adoption of MSS in this sector, thus expanding the market's revenue generating potential. In the upcoming years, MSS is forecast to expand from managing and maintaining firewalls and anti-viruses to include a comprehensive crisis management program. Enterprises are demanding security services that can ensure quick recovery and provide continued services in the aftermath of a large-scale disruption either due to natural calamities or terrorist activities or business failure.
SMBs already had their hands full before mobility and trends such as bring your own device (BYOD) came on the scene. The reality is that companies of this size must take control of mobile security, either directly or through managed services. Waiting to see what enterprises do no longer is an option.