Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

How SMBs are Blazing the Path for Enterprises

It is no secret that small-to-medium sized businesses (SMBs) have very different ways of using IT when compared with large enterprises. Virtualization, public cloud, and mobile are expanding the gap, but in surprising ways. Many folks in IT have the conceit that enterprises lead the way by investing in new, cutting-edge technology. That technology then trickles-down to SMBs.

It is no secret that small-to-medium sized businesses (SMBs) have very different ways of using IT when compared with large enterprises. Virtualization, public cloud, and mobile are expanding the gap, but in surprising ways. Many folks in IT have the conceit that enterprises lead the way by investing in new, cutting-edge technology. That technology then trickles-down to SMBs. This may be true when considering hardware; just as a million-dollar race car has features that make it into affordable sub-compacts, but only after a few years. However, these rules don’t apply to how technology is used, and there are some areas where SMBs are leading, not following.

It’s not size, it’s behavior.

Some define ‘SMBs’ as fewer than 5000, 1000, or maybe 500 users. Anything above is considered enterprise. Like most rules of thumb, they are handy guidelines, but faulty. To me, the difference between SMBs and enterprises is behavior. SMBs buy like consumers; they Google some reviews, ask trusted advisors (like Bob down at the pub – he’s a computer guy), make a decision, and on to the next thing. Enterprises tend to invest in hands-on decision-making, like evaluating in a test environment, running proof-of-concept, maybe a request for information/quotes/proposals, production pilot, and the list goes on. Very large organizations always behave like enterprises, but not all SMBs buy like consumers. Consider the difference between ACME Ditch Digging and ACME Software-as-a-Service. The former is better-off investing time and money in back-hoes purchases, while the latter is better off with high-touch IT purchasing.

SMB TechnologyIn the definition of SMBs that are behavior-centric is something important; they don’t want to spend time and effort on IT. They need generic IT (email, file sharing/storage, etc.), and they have no desire to host any of it. In a very real way, they need IT services, just without the IT. Enterprises, on the other hand, have large IT groups that are loath to consume services whole. They want to grab a bunch of parts, cobble them together, and provide the services internally.

SMBs follow a simple IT mantra; don’t own stuff. Enterprise IT teams are the opposite; own everything.

The three biggest drivers of change in IT today are virtualization, public cloud, and mobile. Closely related is software-as-a-service (SaaS). That is, IT services that are hosted by anyone who is not the organization consuming the service. The three big drivers are throwing plenty of fuel on what was already a hot SaaS market.

Let’s not get physical – or virtual – here.

SMBs don’t want to host anything, what they are eager to do is consume SaaS. Public cloud is a reality for them, either directly, or indirectly through a SaaS. That a hosted Exchange (for example) offering is running on Amazon EC2 or Microsoft Azure means nothing. That it’s an Exchange offering (or any email offering, for that matter) that does not require a physical, on-premise server is all that matters.

SMBs are better positioned to consume public cloud and SaaS. There is nobody to put their brakes on adoption. Meanwhile, they will discover better SLA’s than SMBs can attain internally. Enterprise-level-SLA’s, perhaps, but on-the-cheap…or just better?

SMBs will readily consumer public cloud via SaaS. What they will not use is on-premise virtualization. Virtualization has been the magic ingredient behind public cloud and SaaS, but SMBs are not going to host it themselves. However, just as with any generalization, there will always be exceptions. Areas with poor or expensive Internet connectivity, companies that deal with highly sensitive information (perhaps regulated), and so on, may be forced to continue with on-premise.

Who’s in the Lead?

How does that get SMB ahead of enterprise? Service-based consumption takes SMB away from needing smaller, simpler, and cheaper versions of enterprise IT.

SMBs lack many of the resistance factors that enterprises are burdened with. Compliance, naysayers, security concerns, history in the form of deeply embedded legacy applications (not to mention job titles), and so on, will certainly slow adoption rates.

There are drivers in larger organizations. Acceptance that public cloud and SaaS are growing – how many sales teams use an internal CRM versus something like Salesforce.com? How many organizations are using public cloud (as always, check the expense reports before answering)?

The deepest impediment to enterprise embracing public cloud and SaaS is what I call the illusion of locality. We are all guilty, overtly or deep down inside, of feeling that having an email server behind the same brick walls as the employees is somehow better; we are in control.

Brick Walls and Adopting SMB Practices

Yes, I still prefer having physical media over streaming a movie. Yet, when I feel like watching Goodfellas for the umpteenth time, I stream it because I don’t know where the DVD is. That makes my investment in physical media risky; for all I know it was accidently tossed-out, scratched, or otherwise broken. For an email server, the reality is that many, or most, of the people using it do so remotely, such as the person attacking it (who isn’t the least perturbed by it being on-premise instead of hosted elsewhere).

Enterprises are going to eventually act on the same conclusions. Much of the IT spending that they do is exactly the same as every other company, making it generic. There are companies that are dedicated to providing those generic services, and guess what – they can do it either cheaper or better, or both. When that reality really takes hold, which may be when the next hardware purchase order crosses a C-level desk, impediments will be re-evaluated. As IT (especially security) folks, we must anticipate these changes and figure-out how to work with them, not against them, and certainly not wait until the dust has settled. We are all of us in IT in the business of providing services, after-all. If you’re with an enterprise and now wondering how, look to the folks providing services en masse to SMBs, because they’re already there.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility