Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

How SMBs are Blazing the Path for Enterprises

It is no secret that small-to-medium sized businesses (SMBs) have very different ways of using IT when compared with large enterprises. Virtualization, public cloud, and mobile are expanding the gap, but in surprising ways. Many folks in IT have the conceit that enterprises lead the way by investing in new, cutting-edge technology. That technology then trickles-down to SMBs.

It is no secret that small-to-medium sized businesses (SMBs) have very different ways of using IT when compared with large enterprises. Virtualization, public cloud, and mobile are expanding the gap, but in surprising ways. Many folks in IT have the conceit that enterprises lead the way by investing in new, cutting-edge technology. That technology then trickles-down to SMBs. This may be true when considering hardware; just as a million-dollar race car has features that make it into affordable sub-compacts, but only after a few years. However, these rules don’t apply to how technology is used, and there are some areas where SMBs are leading, not following.

It’s not size, it’s behavior.

Some define ‘SMBs’ as fewer than 5000, 1000, or maybe 500 users. Anything above is considered enterprise. Like most rules of thumb, they are handy guidelines, but faulty. To me, the difference between SMBs and enterprises is behavior. SMBs buy like consumers; they Google some reviews, ask trusted advisors (like Bob down at the pub – he’s a computer guy), make a decision, and on to the next thing. Enterprises tend to invest in hands-on decision-making, like evaluating in a test environment, running proof-of-concept, maybe a request for information/quotes/proposals, production pilot, and the list goes on. Very large organizations always behave like enterprises, but not all SMBs buy like consumers. Consider the difference between ACME Ditch Digging and ACME Software-as-a-Service. The former is better-off investing time and money in back-hoes purchases, while the latter is better off with high-touch IT purchasing.

SMB TechnologyIn the definition of SMBs that are behavior-centric is something important; they don’t want to spend time and effort on IT. They need generic IT (email, file sharing/storage, etc.), and they have no desire to host any of it. In a very real way, they need IT services, just without the IT. Enterprises, on the other hand, have large IT groups that are loath to consume services whole. They want to grab a bunch of parts, cobble them together, and provide the services internally.

SMBs follow a simple IT mantra; don’t own stuff. Enterprise IT teams are the opposite; own everything.

The three biggest drivers of change in IT today are virtualization, public cloud, and mobile. Closely related is software-as-a-service (SaaS). That is, IT services that are hosted by anyone who is not the organization consuming the service. The three big drivers are throwing plenty of fuel on what was already a hot SaaS market.

Let’s not get physical – or virtual – here.

SMBs don’t want to host anything, what they are eager to do is consume SaaS. Public cloud is a reality for them, either directly, or indirectly through a SaaS. That a hosted Exchange (for example) offering is running on Amazon EC2 or Microsoft Azure means nothing. That it’s an Exchange offering (or any email offering, for that matter) that does not require a physical, on-premise server is all that matters.

SMBs are better positioned to consume public cloud and SaaS. There is nobody to put their brakes on adoption. Meanwhile, they will discover better SLA’s than SMBs can attain internally. Enterprise-level-SLA’s, perhaps, but on-the-cheap…or just better?

Advertisement. Scroll to continue reading.

SMBs will readily consumer public cloud via SaaS. What they will not use is on-premise virtualization. Virtualization has been the magic ingredient behind public cloud and SaaS, but SMBs are not going to host it themselves. However, just as with any generalization, there will always be exceptions. Areas with poor or expensive Internet connectivity, companies that deal with highly sensitive information (perhaps regulated), and so on, may be forced to continue with on-premise.

Who’s in the Lead?

How does that get SMB ahead of enterprise? Service-based consumption takes SMB away from needing smaller, simpler, and cheaper versions of enterprise IT.

SMBs lack many of the resistance factors that enterprises are burdened with. Compliance, naysayers, security concerns, history in the form of deeply embedded legacy applications (not to mention job titles), and so on, will certainly slow adoption rates.

There are drivers in larger organizations. Acceptance that public cloud and SaaS are growing – how many sales teams use an internal CRM versus something like Salesforce.com? How many organizations are using public cloud (as always, check the expense reports before answering)?

The deepest impediment to enterprise embracing public cloud and SaaS is what I call the illusion of locality. We are all guilty, overtly or deep down inside, of feeling that having an email server behind the same brick walls as the employees is somehow better; we are in control.

Brick Walls and Adopting SMB Practices

Yes, I still prefer having physical media over streaming a movie. Yet, when I feel like watching Goodfellas for the umpteenth time, I stream it because I don’t know where the DVD is. That makes my investment in physical media risky; for all I know it was accidently tossed-out, scratched, or otherwise broken. For an email server, the reality is that many, or most, of the people using it do so remotely, such as the person attacking it (who isn’t the least perturbed by it being on-premise instead of hosted elsewhere).

Enterprises are going to eventually act on the same conclusions. Much of the IT spending that they do is exactly the same as every other company, making it generic. There are companies that are dedicated to providing those generic services, and guess what – they can do it either cheaper or better, or both. When that reality really takes hold, which may be when the next hardware purchase order crosses a C-level desk, impediments will be re-evaluated. As IT (especially security) folks, we must anticipate these changes and figure-out how to work with them, not against them, and certainly not wait until the dust has settled. We are all of us in IT in the business of providing services, after-all. If you’re with an enterprise and now wondering how, look to the folks providing services en masse to SMBs, because they’re already there.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.