A handful of security firms have announced simpler versions of their enterprise cloud security services, slimming down the signup process and removing complex configuration options to make the offerings more useful for smaller companies. In other cases, security vendors traditionally targeting larger firms have provided the infrastructure for managed security service providers to step in, set up and maintain digital defenses for smaller companies.
Cloud security firm Zscaler, for example, is beta-testing a slimmed-down version, dubbed SHIFT, of its enterprise security offering, limiting the dashboard to a single page and aiming to get companies "up and running in 5 minutes or less."
"If you are doing it right, security should be on or off," says Patrick Foxhoven, chief technology officer for emerging technologies at Zscaler. "They need the technology, but they don't need all the complexity."
SMBs are among the largest adopters of cloud services. In 2014, the average SMB will spend 14 percent of its information-technology budget on cloud, and another 11 percent on managed services, according to information-technology managers surveyed in the 2014 State of IT Budget Report (registration required) published by SMB information services firm Spiceworks. While many smaller businesses are hesitant to use cloud services, 94 percent of firms say that moving to the cloud had a positive impact on security, according to a June 2013 Microsoft survey.
Because many SMBs do not understand their security needs, they put themselves at risk, Stephen Cobb, a security evangelist for antivirus firm ESET told attendees at the RSA Conference in February. Cybercriminals are finding the combination of valuable assets and lack of security awareness in smaller businesses to be a sweet spot for attacks, he said.
[New study highlights uncertainty among small to midsize businesses on cyberattacks and threats. See SMBs Unsure And At Risk, Survey Finds.]
SMBs that want to harden their business against attacks should follow a process of ABCDEF, according to the company: Assess the business's assets, risks, and resources; build a policy; choose the security controls; deploy security measures; educate employees and vendors; and further assess the company's security.
Yet, many small and medium business want simple security measures that give them visibility into what risks may be affecting their networks, whether an attacker compromising computers or a rogue employee exfiltrating data. Getting rid of the complexity is important, says Wolfgang Kandek, chief technology officer at Qualys, a cloud security provider.
"From a philosophical point of view, I think the problem is that security is very complicated," he says. "So we have been trying to make it easier and make it very approachable."
When Qualys aimed for the small- and midsized business market, the company decided to strip out the more complex functionality from its service. Last year, the company announced its vulnerability management offering for smaller firms, QualysGuard Express Lite. At RSA in February, the company went even simpler, announcing--in conjunction with the SANS Institute and the Council on CyberSecurity--a service to scan for the Top-4 Critical Security Controls, which, historically, could have prevented 85 percent of breaches.
Many smaller companies do not have the expertise to assess whether their network is at risk or what policies might help them secure their data. For those companies, a managed security service provider can be the expert to offer advice and manage the security of the network, says Seth Geftic, associate director of RSA Security Analytics. A number of firms have targeted the SMB market, including Dell SecureWorks and Trustwave.
In February, security firm RSA announced it had partnered with Verizon Enterprise Solutions to make its enterprise-focused products available as a service to smaller companies as well. Those companies can benefit from an experienced security consultant, Geftic says.
"Partners can really help out by providing the skills," he says. "Not just be a service, but analyzing the data and telling the customer what they should be going after and what they should be doing."
Whether they choose a cloud service or a managed provider, SMBs looking to improve security will have a lot more options in 2014.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.