3 min read

Recession or not, SMBs are investing in IT security

The data shows SMB security spending has remained steady and is poised to increase further. Learn where the opportunities are

The small and medium-sized business (SMB) segment has long been the engine of the Canadian economy, and research data from Forrester suggests SMB security spending, which remained steady through the downturn, will help lead the recovery for the IT industry.

Global data from Forrester on IT Security Technology Adoption Trends for 2009 shows data security ranks as the most important issue for global SMBs today, cited by 64 per cent of respondents, who also cited business continuity, disaster recovery and application security as pressing concerns.

The Forrester data also showed that firms are shifting their focus of future adoption from antivirus and antispyware to areas such as data leak prevention and full desktop encryption.

As well, the Forrester research showed there is growing interest in pursuing regulatory compliance monitoring and assessment as a managed service.

“Even during challenging economic conditions, IT security remains an integral part of business operations as firms look to maintain their current environment as well as plans for the implementation of new initiatives,” said Forrester analyst Jonathan Penn. “Security is getting a bigger slice of the IT pie, with the focus less on reactive vulnerability defenses and more on looking at what’s necessary to protect the business.”

Darrell Rodenbaugh, senior vice-president, global mid-market segment for security vendor McAfee Corp. (NYSE: MFE) said he’s not sure the security space ever really saw this recession.

“It’s a phenomenon that’s driven largely by the SMB space,” said Rodenbaugh. “SMBs are being exposed to greater threats than ever before, more malware than we’ve ever seen, and the costs of protecting yourself after the fact are accelerating. What we’re seeing as a result is SMBs are looking at security as an area to invest.”

In the SMB segment, Rodenbaugh said McAfee is seeing three primary categories of focus for SMB investment.

The first is a desire by SMBs to consolidate their security operations. Working with fewer vendors can mean lower costs and management workload.

“When SMBs think about protecting themselves they think about protecting endpoints, protecting data, e-mail and Web threats and intrusion prevention,” said Rodenbaugh. “The opportunity for the partner is to go to the customer with a value proposition that says you should be able to manage all this with fewer vendors under a broader management structure.”

And here, the trusted advisor role of the channel partner can come into play, as most IT managers in the SMB are generalists, not security specialists.

“For them, security is a part-time job,” said Rodenbaugh. “They’re interested in how they can protect themselves the most with as little time actively managing it as possible.”

The second SMB focus McAfee identifies is incremental growth in appliance-based security solutions to provide perimeter-level protection. More enterprise-class appliance solutions such as e-mail and Web intrusion protection are now scaling-down to the SMB.

“SMBs are investing heavily into these gateway appliance technologies,” said Rodenbaugh. “We’re seeing growth for McAfee here in excess of 30 per cent as SMB customers recognize the value.”

McAfee’s third area of SMB focus is the adoption of software-as-a-service and security-as-a-service (SaaS) offerings. Rodenbaugh said for SMBs it’s a way to get the same level of protection as their large enterprise cousins, but at a fraction of the management costs.

Industry standards that focus on security are creating opportunities for security-focused partners such as Mississauga, Ont.-based NCI Secured Intelligence. Susan Obermeyer, director of product marketing for NCI, sees a strong opportunity with SMBs in the business-to-consumer (B2C) space around PCI DSS, a new set of data security standards for businesses that handle online payment processing.

“Many SMBs are faced with this PCI challenge, and they’re looking for help to understand the requirements and meet them. It’s one area that’s really been growing,” said Obermeyer.

This is another area where the channel partner’s trusted advisor role can come into play. By helping clients not just comply with this standard, but putting in place policies and procedures to help ease compliance with future security standards, the channel can really add value for its SMB clients.

“They can provide a roadmap for future change,” said Obermeyer.