Security Not Up to Snuff for Cloud: SMB and Midmarket Europe Survey

IT security frameworks in place at SMB and midmarket companies aren’t all they should be for securing cloud data, according to a recent Europe SMB and Midmarket Security Adoption Trends Survey by Techaisle.

Budgets play a big factor in why both SMB and midmarket companies report being challenged to put more security measures in place, and why cloud poses a data breach risk to their organizations. The Techaisle survey data shows that in Europe, 52% of small businesses and 62% of midmarket companies have had one or more security incidents in the last year.

While 24% of small businesses content that their security budget is sufficient to meet their needs, 52% of midmarket firms don’t believe theirs is. At the same time, only 8% of European small businesses have formal security protocols in place to respond to a security incident, compared to 32% of midmarket firms, according to the survey.

The survey respondents were senior IT and business decision makers within European-based SMB and midmarket firms from a Techaisle network of 1.8 million business-to-business IT professionals across more than 30 countries. SMBs are defined as having between one and 999 employees, small business one to 99, and midmarket firms 100-999 employees.

Techaisle report authors say the survey data show that small and midmarket firms have different perceptions of cybersecurity risks, security approach and attitude, cloud and endpoint security concerns, and the most effective security solutions to protect cloud data.

SMB security concerns, according to survey data, include: Thirty-seven percent of SMBs worry about data exposure during transfers to remote locations; 35% are concerned with the potential for cloud-based accounts to be hijacked, and 28% are worried about unauthorized access to or breaches of data repositories in the cloud, insecure interfaces used to access cloud-based systems, the potential for insiders within a cloud service provider to exfiltrate information, and DDoS attacks — all of which represent cloud-specific threats.

Other survey data indicate that SMBs are concerned about the broader threat landscape at the PC-level as well as the cloud.

When it comes to the understanding of technologies and practices that are effective at protecting data in the cloud and addressing their cloud security concerns – data and network encryption, intrusion detection and prevention (IDP), the setting and enforcement of security policies, the creation of data boundaries that separate different information sets, use of access control technologies and unified threat management. – SMB firms get it. The report authors suggest, however, that “any business that relies on a network and supports mobile users – necessitating access control – would do well to implement all of the measures.”

For suppliers that cater to small and midmarket customers, Techaisle suggests understanding the unique needs of small businesses. For example, small businesses require education about the gaps that exist between current preparedness and risks, and between their current state of readiness and the approaches commonly found at larger organizations. Other areas where suppliers need to take note: Small businesses need to understand about investing in a broader range of security solutions, particularly in the area of threats associated with mobility and cloud; and there’s also a need to respond to small business concerns about price performance.