In today's global economy powered by the internet, small- and medium-sized businesses (SMBs) with the right mix of technology are finding they can compete effectively with anyone, anywhere, at any time.
Most notably, SMB-designed email, instant messaging (IM) and real-time calendar and contact list collaboration solutions enable these businesses to work more effectively and efficiently. In combination with the web, the advent of powerful packaged application solutions that are specifically designed for SMBs have eliminated the "regional" distinctions and limitations that once marked SMBs.
Global presence and communication on a 24x7 basis is no longer a Fortune 500 differentiator. However, with access to these powerful applications come many perceived — and just as many very real – risks. If there is a lingering difference between the establishment companies and the typical SMB, it's that the larger organizations have the time, people, and budget to manage the growing set of risks associated with worldwide Internet connectivity as well as the vulnerabilities often associated with fundamental collaborative applications like email, IM, and file transfer.
On the one hand, large corporations present a bigger and more lucrative target for those who would corrupt or compromise a company's data or take whole systems hostage. As such, SMBs are theoretically less at risk. Statistically this is true, but the statistics are meaningless if your SMB happens to fall victim to a hacker, or worse. That is because while most people agree SMBs are less frequently targeted, a data and systems breach at the typical SMB can have a more devastating and longer-lasting impact from which an SMB may never recover. So while SMB-designed applications present a tremendous opportunity for these organizations to gain an equal footing and competitive standing, they also create the need for caution when making application solution selections from an array of offerings with varying degrees of appropriate security features.
Since many SMBs feel less threatened, many live with the illusion – or hope – that they are safe or worse, that they are invulnerable. This is the worst possible security position. Global viruses, bots, trojans, worms and spam can be and often are unleashed indiscriminately. Some are born solely for the amusement of wrong-doers who for some reason take pleasure in corrupting whole swaths of the internet-driven world. Some enter the SMB infrastructure through unsuspecting or careless employees via a laptop they've used at home overnight. Some even arrive courtesy of a browser. Furthermore, spam actually is a very individual-oriented problem unlike some of the more sophisticated viruses that target large corporate entities. Every organization, of any size, anywhere in the world, is a target for spammers.
Evaluating desktop and network-centric applications solutions today is an especially critical process because of convergence, the ability to be connected anywhere at any time. It is also the trend which significantly broadens the diversity of ways in which systems can be compromised. At the same time, multiple studies have consistently shown that the typical user who is eager for the variety of connectivity options, is significantly less interested in managing the vulnerabilities that sort of access can provide. This means that while an SMB can, and should, offer routine policies for the appropriate use of the new technology, in the end it is the application you will rely upon most to minimize risks.
What, then, is the answer? Ignoring all forms of IT security won't work. Employing legions of dedicated IT staffers is both unrealistic and unnecessary for a SMB. Instead, there is a five step answer that is SMB-appropriate and will dramatically lessen an organization's exposure to security vulnerabilities.
Step One – Know what you need…and what you don't
You know what you need and what you can't or won't use. Overly complex enterprise-scale application solutions with more features than you need will cost you more up front and a whole lot more later on because their cost of ownership is very high. These are not the kind of applications the average person at an SMB can implement and manage, even with employees who may routinely pitch in on IT projects. Instead, you want a secure, affordable SMB-focused collaborative platform.
Step Two – Make sure it's secure
Look for product suites in the collaboration space that have been engineered and built from the start with contemporary knowledge of – and eye toward the future of – IT security at the SMB level. Lots of products are available that are basically scaled down versions of enterprise solutions. These are usually solutions that have been reconfigured and stripped down to achieve a price point that is palatable to the SMB. The providers of these products usually develop these implantations to achieve incremental new revenue in the SMB channel, especially when high end markets go soft. Beware of these substitutions for the real thing. They may be priced right and they may appear feature-rich – and they typically arrive from brand name companies, but their chief interest was not developed with a focus on the SMB segment or an understanding of the unique security requirements of that segment.
Step Three – Check the basics
Check the basics to make sure these email, IM, scheduling, calendar management and network management solutions include the security fundamentals: anti-virus protection, anti-spam protection, 256-bit encryption, private and public keys and SSH. For the IM component especially, demand the "mesa" factor – the ability to monitor, encrypt, store and authenticate. Sending IMs out over the public network without these protections is inviting anyone to eavesdrop and capture your most confidential business communications. Moreover, these features also take you a long way towards meeting evolving compliance mandates for the handling of corporate messages.
Step Four – Verify the solution's relevance
Verify that the solution has been proven in business establishments like yours, at your level, and with your kind of operating concerns. A reputable provider with a good and proven solution will be able to give you countless reference sites or case studies matching your organization's business profile. Taking this step will protect you from being lulled into buying the latest and greatest new thing before it has been proven to work as advertised. When it comes to technology, we all know how often the so-called ‘ultimate new solution' turns out to be a bust.
Step Five – Check the track record
Make sure the solution comes from a provider that aggressively updates the solution with a demonstrated track record of product upgrades and innovations that keep abreast of new and next wave security threats. This is especially important with rapidly evolving technology. If you select a solution from a provider without a demonstrated record of product updates and new releases, the solution will lock you out of next generation opportunities to compete even more effectively. Look to see if the provider's various solutions have been in sustained use over long periods of time by others. This is the most positive way of determining that the provider is skilled at keeping their solution contemporary.
In summary, the opportunities available to SMBs via equalizing technology are very real. The threats are very real too, even if you feel invincible. Today it is possible to obtain the best of both worlds – amazing technology solutions and a secure infrastructure. By utilizing the five steps outlined here, SMBs everywhere will get significantly closer to that perfect world.
Ennio Carboni is the Director of Product Management at Ipswitch, Inc.
