By: Nick Alevetsovitis
Most small and mid-size businesses (SMBs) have growth on their minds, and often it is investments in technology that advance that goal. Yet, when growth happens more rapidly than anticipated, flawed technology decisions can snowball into challenges down the road.
This problem is especially evident around security purchases. For businesses on the cusp of growth, standalone solutions that meet their immediate needs can be tempting, especially if they assume they can acquire additional endpoints to meet changing needs. While the approach might work for the short-term, many smaller companies making security purchases do not see the impact their decisions may have down the road. And by the time they do understand, they have saddled themselves with an overly complex system that saps time and budget and leaves them vulnerable to cyberattacks.
How can growing companies avoid these pitfalls? It is best to listen to those who have been through it already. A recent Fortinet survey examined SMB companies with 150 to 1,500 employees to gain insight on the impact complexity has on organizations over time and how it can be avoided. Findings showed that larger businesses (1,000-1,500 employees) suggest that a leaner approach to security vendors is a better long-term choice. In fact, over 60 per cent (61%) admit that when it comes to security, they wish they had gone with a single vendor.
Avoid the complexity trap
Experience shows that a multi-vendor approach can reduce security effectiveness by introducing unnecessary complexity. Risks to the organization increase when systems do not work together, making businesses more susceptible to threats such as stolen or compromised data or even ransomware.
Complex IT environments can also be more expensive and inefficient. They require an influx of capital to secure and maintain, needing larger teams, security and network operations centers (SOCs/NOCs), and third-party security information and event management (SIEM) systems to provide visibility across their disparate systems.
Complexity can divert IT teams from innovation and business growth, keeping them occupied with troubleshooting different systems and tools, and maintaining custom workarounds. According to the survey, over 30 per cent of a workday is lost managing fixes or workarounds in complex IT environments, a number that increases exponentially with the number of vendors and solution sprawl.
In the survey, over half of the companies with more than four security vendors reported that troubleshooting interoperability issues is a significant challenge. Not only that, but isolated security systems make it harder to detect malicious activity – sometimes taking months to find and coordinate a response. As a result, cybercriminals can attack with impunity – breaching networks, establishing a foothold, escalating privilege, launching malware, compromising, or extracting data.
Pick solutions that can grow with your business
To avoid these challenges, SMBs must stop being short-sighted when considering security solutions. Most mid-market businesses plans for technology purchases to support them for 2-4 years, but 86 per cent of the businesses surveyed ended up introducing new tools and workarounds every year or two.
The problem is that when SMBs find they have outgrown their security technology, instead of moving to integrated tools that can scale with them, nearly half (49%) of SMBs with 150-250 employees add more tools. Over a third (37%) invest in custom workarounds. Both are sure-fire ways to introduce complexity and vendor bloat, just when a company is beginning to hit its stride.
A more strategic approach for SMBs would be to invest in a single vendor that can grow with the business. A single-vendor approach that includes an effective security platform can help limit costly mistakes and complexity by establishing a foundation where growth can be strategic, integrated, and timely. And considering growth can happen much faster than SMBs might expect, mapping out a security strategy that aligns with the business plan will alleviate many of the issues uncovered in the survey.
When looking at security solutions, SMBs should ensure their platform offers the flexibility to grow. It should be deployable anywhere – from traditional networks to the cloud, and provide a consistent level of protection, across environments and geographical regions. A platform approach can integrate security solutions because they either run on a common operating system, leverage open APIs, or are built using common standards. If done well, integration can go beyond security elements to include network integration, known as security-driven networking. This approach allows security to seamlessly respond to network changes within a shared management system that extends visibility and control across the network. Further, the platform should support automation powered by AI and machine learning to quickly find, investigate, and respond to threats while minimizing IT staff workloads.
SMBs have a unique opportunity to build better from the beginning and avoid unnecessary complexity. A single vendor capable of providing complete protection across an entire ecosystem, including deep integration, centralized control, and automation, can provide the best fit for growth. With a fully integrated system in place, technology purchases become planned, not reactive, and IT teams can spend more time on innovation and less time managing and maintaining the network.
By thinking ahead and planning for growth before it happens, SMBs can leverage technology innovations that enable growth, secure their systems, and avoid the downside of technology sprawl.
Nick Alevetsovitis is VP of Canada Enterprise and Commercial Business at Fortinet