Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

09:35 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now

Small Businesses Look to Cloud, SD-WAN for Security, Survey Finds

Increasingly, small and midsized businesses are turning toward the cloud and new technologies, such as SD-WAN, to provide an extra layer of security, according to a new industry report.

With ransomware and phishing attacks on the increase, small and midsized businesses are increasingly turning to the cloud, as well as new technologies like SD-WAN, to help build up their security defenses, according to a newly released industry survey.

One reason that small and midsized businesses (SMBs) are turning toward these technologies is pure economics. About half of these enterprises had $5,000 or less annually to spend on IT security, and of that number, only half had $1,000 earmarked for security.

In addition to budget constraints, SMBs have limited time to understand and research the latest threats and also lack the manpower to respond, according to the Aug. 2 study released by Untangle, a San Jose-based company focused on network security.

The survey found that fewer than 30% of SMBs have a dedicated security professional on staff, which makes issues around training staff and creating security and compliance policies difficult.

"One big gap is in user awareness and training," Dirk Morris, the chief product officer of Untangle, wrote in an email to Security Now. He added that small businesses face the same security attacks as their larger counterparts, but SMBs have fewer resources to deal with an increasing number of threats.

"A surprising number of attacks still rely on help from unsuspecting users," Morris added. "Phishing, spoof websites and malicious downloads necessitate constant vigilance and user education, even with solutions like endpoint antivirus and firewalls in place."

The survey is based on the results of interviews with 350 SMBs, and the company plans to release the full report at this year's Black Hat conference in Las Vegas, which takes place later this month.

While security remains a concern, SMBs are starting to address the issue by moving some of their data to the public cloud, where service providers can at least provide security for the infrastructure, although data remains the responsibility of the customer. However, adoption remains slow since only 25% of those surveyed are using cloud infrastructure services.

At the same time, more small businesses -- more than 30%, according to the survey, are investing in SD-WAN technologies.

SD-WAN -- shorthand for software-defined wide-area networking -- uses software-defined networking to establish connections between distant locations, such as enterprise facilities and cloud providers. It also provides a more flexible, less expensive alternative to traditional wide-area networking (WAN) connectivity, which depends on dedicated hardware.

While still a newer technology, SD-WAN is growing, with some estimates placing the market at $3.3 billion by 2021. (See Unknown Document 738371.)

Zero in on the most attractive 5G NR deployment strategies, and take a look ahead to later technology developments and service innovations. Join us for the Deployment Strategies for 5G NR breakfast workshop in LA at MWCA on September 12. Register now to learn from and network with industry experts – communications service providers get in free!

In his email, Morris noted the many SMBs have a headquarters and several branch offices, especially in markets such as retail. If security is centralized at HQ, then SD-WAN and the flexibility it brings starts making more sense. It also helps as businesses turn toward cloud-based services such as SaaS.

"For example, a company with a headquarters, retail outlet and branch office may not be resourced the same way across these locations," Morris wrote. "IT staff and security solutions may only be deployed at the headquarters. SD-WAN offers multi-site organizations the ability to centralize their security by sending traffic to a single location for processing, whether that is a physical location (like the headquarters) or a cloud deployment."

While the report noted that SMBs are evaluating and installing new technologies, traditional security services such as firewalls, network detection tools, anti-virus and anti-malware are still the most frequently purchased.

Related posts:

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Stephen Ward, VP, ThreatConnect,  7/1/2020
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard Labs,  7/2/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-07
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
PUBLISHED: 2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
PUBLISHED: 2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
PUBLISHED: 2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
PUBLISHED: 2020-07-07
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user su...