Affordable Enterprise Security For Smaller Businesses

Grant Wince
STL Technology Partners

It seems that every week—if not every day—newer, more aggressive and potentially damaging security threats are emerging. Security threats are indiscriminate to company size. This makes the issue especially critical for the small to medium business segment where IT budgets and personnel are in short supply.

With the increasing availability and affordability of broadband access, more small and medium-size businesses (SMBs) are connecting their IT networks to the Internet and expanding their use of remote network connectivity. In addition, SMBs increasingly are conducting business over the Internet, making electronic payments and other financial transactions, so their risk has gone up significantly. Such risks aren’t limited to just their own business, but to all those with whom they conduct electronic transactions, including customers, suppliers, and other business partners.

Not surprisingly, many large businesses now require SMB partners to implement IT security or face a reduction or termination of the business relationship. Breaches can result in loss of important data, disruption in business, and even damage to the business’ reputation. It’s important, therefore, that SMBs take a comprehensive approach to IT security and adopt all reasonable measures to protect their information.

What If?
The first step in designing a security system for any business is asking some key questions. What would be the business impact of a major security breach? What if the data stored on PCs or servers is corrupted by a virus and rendered unusable? What if the hard drive fails, resulting in a total loss of data? What if the web site is attacked, preventing customers from placing orders—or if critical customer data is stolen?

The answers to such questions can be very revealing. SMBs may realize potential costs for IT security breaches include not just replacing a hard drive or stolen laptop, but loss of business, damage to their reputation, and even potential legal liabilities. In some cases, lost data may be irretrievable, rendering its cost inestimable.

Start with the Basics
Most people are familiar with antivirus, which is now the most common type of protection. SMBs can install antivirus software and use real-time scanning on their PCs, network gateways, and e-mail servers.

In the last couple of years, businesses have begun adopting antispam software to control unsolicited mail. In addition, firewalls can be very useful in preventing outsiders from accessing your system and preventing unauthorized software from connecting to the Internet.

One of the harder aspects of security for the SMB to cope with is the rate at which threats and defensive strategies evolve. Few small companies have dedicated IT staff, let alone anyone with specialization in security. It’s all too easy for a company to buy a product, install it, and forget about it. This can create a false sense of security, as the one-time fix can become obsolete overnight.

But staying on top of the rapidly changing security scene, including mutating viruses and the latest phase of security threat such as spyware, is vital. Computer and network configurations are becoming more complex for companies of all sizes; this, in turn, makes security more complicated.

On top of all this is the fact that the time between discovering vulnerability and someone exploiting it is shortening every year. This means companies have to be proactive about threats to their security. Reacting to the latest bad news may be too late.

The task can be intimidating, but it’s become necessary. In some industries, regulation such as Gramm-Leach-Bliley and Sarbanes-Oxley now mandate it. Making sense of tools and techniques like antispam, antivirus, firewalls, intrusion detection, intrusion prevention, and others can be confusing and impossible without someone to make it easy. After all, this isn’t why you went into business, is it? This is where a strong managed security services provider can help.

Benefits of a Managed Security Services Provider
Any of these factors are a tough call for the small, non-IT-literate company to handle by itself. Put all the risks together, and it makes for a persuasive argument to bring in an outside party to take care of defense.

Until recently, specialist providers focused on particular aspects of security, such as antivirus applications. However, there are other areas calling for attention, such as countering spyware and implementing intrusion prevention and content filtering. This translates into a growing need for all these areas of security to be bundled into one managed service.

Security is such a critical part of any offering that a good managed services provider will bundle it into its services, and this helps make it extremely affordable. The benefit to purchasing security appliances—or any security service—as part of a managed service is that it will be kept fully operational and monitored.

The trouble with monitoring is that it involves log analysis, which is boring and easily overlooked. If done correctly, log analysis calls for specialised tools, and if it’s purchased as part of a managed service, the provider will have the economy of scale to do it.

Security Costs Less When You’re Proactive
Using a managed security services provider can result in great benefits to the SMB today. Customers reap the benefit of continuously up-to-date security without having to manage the products in-house. In addition, a managed security services provider will provide reporting that will enable full compliance with governmental security regulations applying to your business.

Managed services can be provided at a low monthly cost. In essence, you gain all of the benefits of the security practices of a Fortune 100 company with no long-term investment in hardware that soon becomes obsolete—and without the cost of adding staff to monitor the security of your network. IBI