Most security for smaller businesses is installed on local hardware (on your computer, on your smartphone, etc). However, many businesses are upgrading and see advantages to leverage hosted security solutions.
Steve Cullen, Senior Vice President of Worldwide Marketing, SMB and .Cloud at Symantec, gives some insight on this.
Why is it the right time for SMBs to consider cloud-based security?
When people talk about cloud security, they usually mean one of two things: (1) security for the cloud, which protects your cloud initiatives such as data stored in the cloud or (2) security from the cloud, also known as security-as-a-service (SecaaS), which uses the cloud to deliver some aspect of protection, like messaging, anti-virus or web security. SecaaS has already arrived – it’s proven and effective, but SMBs may overlook it because the cloud still feels like an unknown for many, and we naturally fear what we don’t understand.
Today, SMBs can’t afford to be dismissive when it comes to security. The harsh reality is SMBs have never been targeted with attacks like they are now. In the first half of 2012, 36 percent of all targeted attacks were aimed their way. Cloud-hosted security makes threat protection easier, faster and more manageable for SMBs. These services can detect new malware very quickly because someone, somewhere in the world came across it, then the service recognizes the malware, pushes out protection to other parts of the world and won’t let other machines get infected. SecaaS effectively reduces the gap between when malware is available and the security software has been updated with the latest definitions. It allows SMBs to defend against today’s threats in real-time by leveraging the latest threat intelligence in the cloud, which is critical to thwarting targeted attacks.
What advantages does Security-as-a-Service offer to SMBs?
Without the need for special hardware or servers, there are lower upfront costs with SecaaS. But, contrary to popular belief, it’s not just about lowering costs; SecaaS can actually improve the security process. It takes just minutes for a virus or targeted attack to destroy a business, but with cloud-hosted security you can quickly and effortlessly protect your business – these solutions are easy to install and easier to manage. Most security issues occur because systems haven’t been patched and aren’t properly configured. By using SecaaS for things like email, Web and endpoint security, everything happens seamlessly over the Web and updates take place automatically, so you know you’re protected against the latest viruses or malware. Threat protection in the cloud also means that the traffic is clean before even entering your network.
SMBs are also dealing with a more mobile workforce. Employees are no longer tied to our desks and they’re accessing information from laptops, tablets and smartphones. Cloud-based security makes it easier for SMBs to provide up-to-date protection for their employees anytime and anywhere, even when they’re on the road.
The cost savings of moving security to the cloud should not be overlooked. With cloud-based security, SMBs save money because less IT resources are needed to deploy software and clean infections, and less IT time is spent on updating. Protection can easily stay in step as your business grows. This also frees up IT time to focus on strategic initiatives and worry less about security, their time is used more efficiently.
What about BYOD, can security from the cloud solve this problem for SMBs?
Employees are bringing shiny new devices, cloud services, mobile apps and useful web sites into work. Despite the obvious security challenges, this uncontrolled adoption is the future and trying to control such activities would unlikely stop people from doing their own thing. But, as the boundaries between work IT and home IT continue to blur, the one absolute that remains will be the data and we need to get beyond the point of simply saying “don’t do it.” Many SMBs will turn to third-party providers to make their information available on the latest smartphones and tablets that employees bring into work. But, the real challenge isn’t about devices, services or applications (which are just tools), but around the actual data being stored and used on these personal devices. Not all cloud providers can offer the same level of protection for your data. With the right help, SMBs can move to a new level of comprehensive information protection even as cyber criminals continue to expand their tactics.
What should SMBs look for when considering a cloud-based security solution?
The biggest issue SMBs face when making information protection decisions is finding simple solutions that are built for SMBs, rather than feature-sparse version of enterprise products. Typically, cloud-based solutions are inherently simpler for SMBs to deploy, but you still need to do your homework. Consider the manageability of the security product. Is the management console simple, intuitive, and easy for your admins to use with little training? Can the solution be managed alongside other information protection products like backup? How is the service provider’s reputation and how long they have been offering cloud services? This should trump size. Look for a cloud provider with reputable technology built for SMBs that knows the industry inside out. With cloud-based solutions the best way to ensure good service is to negotiate a favorable SLA that will ensure you always have the most up-to-date protection. SMBs should look for vendors who publish their performance and who have clear financial penalties for underperformance. Another key advantage of SecaaS is that it’s easy to deploy a free trial and most vendors offer this to those considering their services. Lastly, for small businesses that don’t want cloud just yet, you should look for on-premise security solutions that also have a cloud-hosted version that you can easily switch to when you’re ready to move to the cloud.
You say that cloud-security can help SMBs grow their business, how so?
For many small businesses, growth is largely based on landing contracts with larger corporations. But changes in the threat landscape could make that harder to obtain for SMBs that do not have their security house in order. We’re seeing an alarming trend – not only have the targeted attacks aimed at small businesses doubled since 2011, but the small business increasingly is not the final target, it’s just a stepping stone. The bad guys are sneaking in the back door, through small business partners, to reach the bigger corporate target. This makes larger enterprises nervous about engaging with smaller companies. Consequently, we’re seeing large companies implement major policies surrounding the security of potential small business partners. Nothing will destroy a business faster than becoming the gateway to a major client’s data. But, cloud-based security is making it that much easier for SMBs to acquire and manage the protection they need to seize on the growth opportunities of a large corporate contract. SMBs who can illustrate they have proper security in place can leverage it in the selling process to get additional business.