2009 U.S. Small/Medium-size Enterprises' Risk Assessment of Network Security
- ID: 1188232
- November 2009
- Region: United States
- 84 Pages
- Frost & Sullivan
This Frost & Sullivan research service titled 2009 U.S. Small/Medium-size Enterprises' Risk Assessment of Network Security assesses the network security risks facing small and medium-size businesses and measures their attitudes regarding security. For the first time, Frost & Sullivan is covering the network security market from a new angle, the small and medium-size enterprise IT decision-maker perspective. Covering this market gained some powerful insight for network security product and service vendors, which is overshadowed by the large-size enterprise market. Specifically, 218 U.S. small/medium-sized enterprises were targeted for the study.
Medium-sized Enterprises Way Ahead of their Smaller Counterparts in Providing Network Security
Observations reveal that IT decision makers in small and medium-size enterprises may not be as tech-savvy as those working in large-size enterprises, as small and medium-size enterprise IT decision makers may have multiple roles (that is, owner and others.) within their organization. Thus, small and medium-size enterprises may not be fully aware of the dangers lurking for unsuspecting, unprotected networks. Network security product and service vendors have a great opportunity to share with small and medium-size enterprises the best way to protect their businesses. However, education, not fear, should be the leading tactic. "Firewalls and anti-virus software are the most prevalent security measures most small and medium-size enterprises currently have in place, and for some smaller enterprises, these measures might suffice," notes the analyst of this research service. "More sophisticated and layered protection would be a better protection plan". Evidence points to a bifurcation in the market, as there is a "security divide" between small and medium-size enterprises. Overall, most small and medium-size enterprises are at least "moderately confident" in their current network security products/services and do not believe they are "at risk."
Significantly, more medium-size enterprises have back-up measures in place, compared to small-size enterprises. In particular, it appears that small-size enterprises may lack the security basics and need vendors to structure security plans that fulfill their smaller network needs. It appears that security policies in the small and medium-size enterprises are driven by situations rather than industry best practices. Many personal employee devices (such as, laptops, smartphones, and others) are allowed on company networks, whether or not a company policy for allowing or disallowing use is established. Furthermore, verbatim comments illustrate that small and medium-size enterprises allow unsafe network practices for employee convenience and not for security purposes. Network security product/service vendors will need to adopt several strategies for small and medium-size enterprises. Offerings may require granularity and flexibility to accommodate smaller budgets and less staff. Some small and medium-size enterprises are mature and do spend money on security; so, it is likely to be advisable not to create a one-size fits-all model even for small and/or medium-size enterprises.
Network security product/service vendors should partner with their clients to continue the "education process" of expanding security needs in order to continue budgeting for security improvements and other purposes. Currently, the largest proportion of small and medium-size enterprises plans to continue with same IT budgets used during previous years. As the IT decision makers within these markets become more aware of network security protection available, vendors may even be able to expand budgets. Enlightenment alone might provide revenue opportunities for network security product/service vendors. Many small and medium-size enterprises use outlets such as Amazon.com, Inc, Dell, and Best Buy instead of traditional value-added resources. Additionally, network security product/service vendors that operate out of these key outlets have the highest brand recognition. Thus, vendors should consider which distribution channel is used to market to small and medium-size enterprises. "Given the complexity of customizing marketing approaches, the small and medium-size enterprise market has not been the primary target of network security product/service vendors," says the analyst. "Yet, this market is overconfident in its current network security systems and needs additional protection." For those network security product/service vendors who are willing to take the time with IT decision makers within small and medium-size enterprises, this might be an expansion into a new market. SHOW LESS READ MORE >
1: Research Objectives/Method Details/Demographic Profiles
2: Executive Summary
3: User Owned Products/Services on Network
4: Confidence and Risk with Network Security Products Currently Used
5: Past and Future Product Usage
6: Purchasing Channels
7: Network Security Budgets
8: Top Ranked Providers of Information Systems Products/Services
9: Customer Research