Simple security is better security

Simple security is better security

Chester Wisniewski, Senior Security Consultant, Sophos, takes us through how small and medium-sized businesses can benefit and improve business efficiency from cloud-based security.

Most vendors seem to assume that small and medium-sized businesses (SMBs or SMEs) have the expertise and full-time staff of a large enterprise to manage IT security. Too often for SMBs, this one-size-fits-all approach results in higher costs, lower productivity and more risk. In this paper we examine the inherent complexity of enterprise-class security products and the very different needs of SMBs. Then we look at a simpler alternative: cloud-based endpoint security.

Complexity in IT security

It’s no secret in the IT security community that SMBs are poorly served by the industry’s flagship vendors and products. The big companies that dominate the market design their offerings for enterprise customers with well-staffed IT organisations and dedicated security teams.

Unfortunately, a product that perfectly meets the needs of a trained security professional can potentially have the opposite effect and increase the vulnerability of a small business where security administration is handled by an IT generalist—or the business users themselves.

One source of complexity in IT security products is historical. The largest vendors built out their portfolios through decades of acquisition, folding one product into another. The result is a hodgepodge of technologies managed by a shared console, bringing all the coordination and configuration challenges to one busy interface.

A second root of complexity is vendor bias to the skilled user. A security specialist with a large environment to protect may prefer to have granular control of every feature, capability and configuration setting. However, for the SMB administrator, this can be a recipe for information overload and paralysis.

Making simple products that small businesses can use is costly, which is why most vendors merely repackage their enterprise offering for the SMB market.

Small businesses are a big target

Even if vendors seem to ignore the needs of small businesses, SMBs present a huge opportunity for cybercriminals. Out of the nearly six million employers in the US the vast majority of them have fewer than 100 employees.

According to the 2013 Verizon Data Breach Report, 40% of 621 data theft incidents confirmed in 2012 affected organisations with fewer than 1,000 employees. Recent studies point to less rigorous security at smaller firms.

In a Sophos-sponsored Ponemon Institute survey of IT managers at small to mid-sized companies, the average self-assessment score of security posture (ability to mitigate risks, vulnerabilities and attacks) was a 6 on a scale of ten. Respondents reported, on average, fewer than three full-time workers fully dedicated to IT security. And respondents reported a wide range of challenges including insufficient budgets, personnel and in-house expertise. You might think this would present large security vendors with a huge market opportunity. But most vendors find that selling to large customers is easier and more profitable.

To read the entire feature please visit http://www.joomag.com/magazine/inside-networks-me-december-2014/0355606001417992837?short

Browse our latest issue

Intelligent CIO Middle East

View Magazine Archive