Q&A | February 27, 2014

How To Provide Network Security To SMBs

Bernadette Wilson

By Bernadette Wilson

Providing Network Security For SMBs

Business Solutions interviewed Dave Martin, VP of marketing for Edgewater Networks, about selling security services to your SMB clients.

BSM: Do you think most SMBs realize they are viable targets for cyberattacks?

Martin: Cyberattacks have traditionally focused on larger enterprises; however, with large IT budgets, these businesses have developed sophisticated defenses. This has pushed cyberattackers to increasingly focus on more vulnerable small- and medium-sized businesses. The most vulnerable SMBs are in the finance, insurance, retail, and other verticals that are custodians of sensitive customer information such as credit card and social security numbers. At the same time, SMBs are now exposed to greater risks by interacting with a growing number of parties outside of their network perimeter, utilizing cloud services and migrating from traditional to IP-based telephony. According to the Verizon “2012 Data Breach Investigations Report,” of 855 security incidents, 612 (72 percent) of the breaches occurred in organization of 100 or less people and 55 percent of breaches remain undiscovered for months or more.

Some other interesting statistics are:

  • The FCC reports the average cost of a cyberattack on SMBs is $188,242.
  • Roughly 60 percent of small businesses close within six months after a cyberattack, according to a study cited by the U.S. House Small Business Subcommittee on Health and Technology.

BSM: How does using cloud services impact an SMB’s network security needs?

Martin: As attacks on SMBs increase, the complexity of today’s security technologies have outpaced the ability of SMBs to protect themselves. The breakdown of the traditional network perimeter due the increasing adoption of cloud services — as well as BYOD (bring you own device), remote office, and internal Wi-Fi hotspots — have combined to put adequate security beyond the reach of most SMBs. Many SMBs operate in a hybrid-cloud environment where they have data stored in both public and private servers. Care should be taken to ensure that a consistent access and use policy be applied to both environments in equal measure. Also, you should clearly explain your policies related to access, encryption, storage, and monitoring of data to your SMB clients using Software-as-a-Service (SaaS) cloud applications. Adopting cloud IP-telephony services such as SIP trunking and Hosted PBX can open the SMB up to additional vulnerabilities without deploying specialized VoIP security solutions like enterprise session border controllers (ESBCs).  In the same way most SMBs would not put a critical business application on the Internet without a firewall they should consider not placing critical voice communications on the Internet without adequate security in place. 

BSM: How does the traditional way of delivering security services limit a VAR’s opportunity to sell these services to SMBs?

Martin: VARs have traditionally been very successful selling security services to larger enterprises. These customers have the necessary budget to enable the VAR to purchase expensive and specialized security equipment such as application firewalls, IDS/IPS (intrusion detection systems/intrusion protection systems), Web security, and more. Many VARs create a standard rack of equipment with base security policies and configurations that they replicate and modify slightly when adding additional enterprise customers. VARs, however, are challenged to use this model when selling services to SMBs because of the costs associated with purchasing, configuring, and maintaining each rack of equipment. Additionally, many VARs have high-salaried employees that are often focused on lower-level configuration and troubleshooting activities for SMBs which pulls them away from higher margin activities like developing new security policies or delivering valuable professional services. Simplifying the initial installation and ongoing monitoring of security devices will free up senior security engineers so that they can focus on higher-value activities.

BSM: What is a better approach for VARs to take with SMBs?

Martin: Innovations in software-defined networking (SDN) and network functions virtualization (NFV) are now enabling the creation of new service delivery platforms that can enable VARs to deliver a variety of services — including security — at a scale and cost that were not previously possible. These highly efficient systems use a multi-tenant model that provides discrete security domains for each SMB customer over shared storage, network, and compute resources. The virtualization of many network and security functions in these platforms provides flexibility to enable the VAR to add third-party applications and quickly introduce new services. Over time this provisioning will be done automatically using APIs and the SMBs themselves will be able to purchase new applications and services without having to involve the VAR directly.

BSM: VARs, get it while you can.