July 2007   
 
 

SECURITY INSIGHTS ARTICLES

Smart Security for the Mid-Market
By Darrell Rodenbaugh,
Senior Vice President, Global Mid-Market Segment

There's a great deal of talk these days about the growth of the "mid-market" and the approaches technology vendors are taking to address this segment's needs. Most vendors assume today's mid-market company is tomorrow's hot enterprise, and common terms that come to mind when we think about a mid-market company often include "hyper-growth mode," "private equity" and "agile." When it comes to the IT departments tasked with supporting those firms, the phrase that should come to mind is "stretched too thin."

Yes, stretched too thin. Today's mid-market companies typically have a lone IT manager, often overseeing the entire IT infrastructure. He is one of (statistically) 2.7 IT employees within the organization—and might be a network expert in the morning, an email expert in the afternoon and a database expert at night. When he is focused on security, he becomes the hacker fighter, spam warrior, network defender, problem solver and after-hours beeper carrier. It's a long list that keeps these heroic IT experts awake at night, wondering if tomorrow is the day they get "hit".

And because mid-sized companies are normally focused on growth, their scarce IT resources are focused on implementing business-enhancing applications such as CRM, supply chain, and online ordering systems. So those lone IT experts (and their merry band of IT professionals), simply don't have much time to spend on fundamental IT components like security, even though they recognize the need to secure these applications.

Case in point: McAfee's research indicates that while mid-market IT managers acknowledge that security is absolutely critical to their organization, they typically spend less than five hours each month managing their security.

Is that enough? Thanks to online commerce, company websites and email, mid-market organizations today face many of the same security threats as do their larger enterprise counterparts. The amount of spam companies receive has gone up nearly 150 percent in the last year alone, now making up 90 percent of all inbound email. Phishing has also gone up 296 percent during the same period. And more and more, as the larger enterprises become hardened, mid-market companies are being targeted by hackers who believe that they may be easier targets.

Meanwhile, IT budgets have only gone up about three percent in the last year. That's right—three percent.

An underserved segment
Looking at those numbers, it's no surprise that the mid-market is a huge area of neglect for technology vendors (and security vendors in particular). Many of them choose instead to focus on winning lucrative contracts with enterprise customers.

Several security vendors have attempted to play in the mid-market security space, choosing to take their enterprise-designed systems and then “dumb them down” with fewer capabilities and less flexibility. This misses the point that the security threats these two groups face are fundamentally the same. To help them sleep at night, strapped mid-market IT professionals need enterprise-class security solutions that are also:

  • Simple to deploy and manage (plug and protect)
  • Affordable
  • Scalable as their company grows
  • Flexible (either appliance or hosted)
  • Self-monitoring
  • Integrated to provide multiple functionality
  • and Intelligent
Neglected no more
Our studies have shown that most mid-market customers aren't interested in "set it and forget it" security—they know the risks are too great. But they do want to make sure they are employing a vendor's expertise in establishing their security policies. They are sensitive to the amount of time and effort involved with managing, administering, and enforcing those policies, as well as the workload involved with responding to security threats. They also are looking for intelligent security solutions that will highlight and prioritize those threats that really need attention and then make remediation decisions accordingly.

In fact, in many ways the tools for the mid-market need to be more sophisticated than those for the enterprise because of the resource constraints facing their users. Mid-market solutions should offer enterprise-class protection but should be designed in an intelligent manner so that the mid-market IT professionals can draw from the vendor's deep expertise and get best practice policy settings and security actions. They should then make intelligent remediation recommendations that are easy to deploy and respond to the risk before a threat becomes a problem. These solutions should also provide the flexibility to configure and fine-tune them as needed—or when busy IT teams can allocate time to that task.

The bottom line is that with constrained IT budgets, the resource gap isn't going to be filled anytime soon, so to meet the needs of mid-market companies, security vendors must respond by making their solutions more intelligent and easy to administer and support. The answer is not to "dumb down" their enterprise product, but to create a smarter security solution that recognizes the reality of the challenges that really face today's mid-market IT professionals.

 


 

Useful Links
Past articles
Send to a friend
Add me to the newsletter list
Change my subscription to text
 


         
 

McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

Copyright 2007 McAfee, Inc. All rights reserved
Our Privacy Policy | Anti-Piracy Policy