Published/updated: September 2011
Over the years, research findings have consistently demonstrated widespread exposure to risk when it comes to data protection and security among smaller businesses, writes Dale Vile, managing director of Freeform Dynamics.
With increasing use of the internet and an increasing reliance on electronic data, there are a lot of accidents just waiting to happen.
This was the foundation for a roundtable attended by two of us from Freeform Dynamics on 1 September. Hosted by Symantec, and held at the Department for Business, Innovation & Skills in London, the main speakers and panel members were: James Caan, entrepreneur; MichŤle Barker, Department for Business, Innovation & Skills; and Ross Walker, director for small business at Symantec Corporation.
Barker highlighted firstly how dependent the UK economy is on small and medium enterprises (SMEs), and secondly how dependent SMEs have become on IT and the internet. Good IT security for SMEs is therefore essential.
Walker said IT security solutions are becoming more accessible to SMEs. But suppliers, big IT suppliers in particular, are often guilty of using language that may be meaningful to large enterprises, but goes totally over the heads of many SMEs.
James Caan, in typical Dragon style, cut to the chase with his high-level analysis of the situation. He pointed out that we have SMEs with widespread need for security on one side of the equation, and an ability by suppliers to meet that need at relatively little cost to the customer on the other. The key question is therefore simple - how do you bring the two sides together?
In the discussion that ensued, it was clear that while the question might be simple, the answer is not.
SME networking and support groups
Government or government-sponsored education is useful, but not sufficient to deal with the problem. Tapping into SME networking and support groups is one possible solution.
A strong advocate of this was a journalist who spoke about the work of some of his colleagues in running an online community-based forum for small businesses. Many of the participants in the forum were actually quite savvy when it came to IT and security - they just need better support from suppliers.
Valuable though this anecdote is, we caution that Freeformís research, which uses a mix of online, phone and face-to-face techniques, often reveals that you need to be careful about how representative online activity is of the SME community as a whole.
The reality is that whether itís online or through more traditional groups, such as local chambers of commerce, for every small business that participates in such things, there are many more that donít - and these are the ones that we should be really worried about.
SMEs need mentors
The biggest problem that exists when it comes to security and data protection is that business managers and IT generalists operating in that space often donít know what they donít know. Many havenít considered the implications of the way they are using IT and the internet, and even those that have are frequently unaware that most of the challenges can be dealt with cost-effectively with the right solutions.
One possible answer to this put forward at the roundtable was mentoring. Mike Southon, himself a mentor, as well as a renowned entrepreneur, speaker and FT columnist, said that experienced peers providing advice and guidance is invaluable.
A mentor can not only articulate needs and solutions in a way that is meaningful, they also have no vested interest in a commercial outcome - e.g. a product or service sale. Genuine mentors do not even charge for their own time.
The challenge that remains, however, is reach. While online communities are open to all in theory, they only touch a subset of the SME sector in practice. Organisations such as Yoodoo Media broaden access to the mentoring approach, particularly for start-ups, but the question of reach remains.
Which brings us to an extremely important part of tackling the SME security challenge. Think about the entities that pretty much all smaller businesses have to touch as part of setting up and operating. They include their bank, their accountant, their telco provider and the people from whom they buy PCs, printers, software and other essential IT solutions - i.e. the technology retailers and resellers that make up the IT channel. This last group is key because it provides a combination of both reach and potential capability to deliver.
With this in mind, it was interesting listening to Wayne Cockerill at the roundtable. He runs an IT solutions company in the North of England that services the local SME community, reselling products from Symantec, Microsoft and others. He alluded to the constant challenge of having to translate tech-related gobbledegook put out by big suppliers into something meaningful to his customers, but also the need to help customers appreciate the risks and define the problem in business terms.
A coordinated approach to security and data protection
For a full service organisation such as Cockerillís, this is challenging but achievable. And if other players in the channel are to play their part, there is a need to help them understand how to engage with their customers around security and data protection.
They need to bridge the gap between that conversation and exchanges taking place continually around the provision of hardware and software. The basic idea is to piggy-back the risk discussion on the back of conversations and transactions that are already taking place.
But none of this can happen without investment and commitment from the big IT suppliers, so it was encouraging to hear that Symantec is providing tools to partners to help them better engage with SMEs, matching solutions to needs. Investment in SME-friendly delivery mechanisms such as cloud is an important part of this.
Martha Bennett from Freeform Dynamics probably summed it all up the best when she spoke about the need for a coordinated approach in which suppliers, channel partners, advisors and special interest groups work together to tackle the problem.
CLICK HERE TO VIEW ORIGINAL PUBLISHED ON
By Richard Edwards
By Dale Vile
By Bryan Betts and Dale Vile
Yesterdays software delivery processes are not up to dealing with todayís demands, but modernising you approach is not just about implementing Agile, even creating a DevOps culture. You need to focus on some specific, hard-core principles. ...more
By Dale Vile & Jack Vile
Cloud services are increasingly becoming part of the IT delivery mix, but a recent study of 378 senior IT professionals suggests a parallel commitment to ongoing investment in the datacentre. This in turn shines a light on the key role of modern application platforms. ...more
By Tony Lock & Dale Vile
Despite the advent to cloud computing the datacentre remains central to corporate IT. But with demands continuing to escalate, how do you ensure your infrastructure is powered robustly and efficiently? ...more
By Bryan Betts
Many are exploiting cloud computing to drive business advantage, while others are enjoying the flexibility and efficiency of DevOps. But what happens if you use both together in a coordinated manner? The answer is a significant amplification of the benefits of each. ...more