Mid-market companies face evolving IT security demands as they advance digital experience, accelerate cloud connectivity and enable disparate remote operations
But what does this mean in the context of restricted budgets and reduced resource? This week our focus article from the 2023 Cloud for Business report, as distributed by Raconteur in The Sunday Times, looks at the topic of cybersecurity and how businesses are responding to heightened cyber risk.
Given limited time and constrained budgets, businesses are finding the most effective solution to today’s increasing IT security demands is to bring in managed best-of-breed setups, backed by risk transfer services.
As mid-market businesses advance their cloud computing, digital transformation, and hybrid work models, significant cybersecurity challenges are emerging. For IT departments, the most pressing demand will be to manage and operate an unprecedented array of disparate connected devices, enabling users to access applications and data from branches, stores and field locations and home-working environments. They must also ensure there is a consistent quality of experience, without compromising security.
The problem for these technology teams is they often lack the resources of IT departments in larger corporations. They also face a confusing, extensive array of options when trying to make purchase and deployment decisions. Some respond to this issue by investing in services from a single vendor. This strategy may seem appealing from a management standpoint, but it typically involves using one-size-fits-all systems with limited effectiveness. Others attempt to combine multiple advanced technologies, and become submerged in the expense and intricacy of operating them.
Moving towards insurable setups
“Traditionally, many businesses have been advised by experts to put in a single vendor solution, with the aim being to reduce the integration burden and simplify control,” explains Gareth Davies, Executive Vice-President, managed services at Fulcrum IT Partners. “But this can be very misguided, as the vendor providing them with a firewall is not necessarily proficient at endpoint protection, for example. Moving to a single vendor also involves a significant operational transition that is costly and resource heavy.”
Some businesses are instead adopting the best-of-breed approach, choosing the most effective security and business continuity services in each area to achieve the strongest possible protection. However, these systems must be both fully integrated and independently managed on an ongoing basis to keep up with new security threats.
“For many companies, this is far too complicated and costly a challenge, and they will always lag behind the threats that are out there,” Davies says. With cybercrime and data breaches becoming increasingly commonplace, companies also need to consider their options for risk transfer. It is essential they put in place cyber insurance to cover financial losses associated with a cyberattack, such as legal expenses, data restoration costs and reputational damage. However, buying cyber insurance can be a challenge in itself. As a relatively new type of cover, there are many uncertainties and complexities associated with it. Cyber risks are constantly evolving, which makes it difficult for insurers to accurately assess the potential risks and develop adequate policies. As a result, it can be difficult to find an insurer willing to take on the risks associated with a particular business, and many insurers have either backed out of the market entirely or substantially reduced their cover.
“Insurers often rely on simple questionnaires that fail to establish satisfactory insights, leading them to decide they cannot quantify the risks with enough clarity,” Davies explains. “For companies, demonstrating robust cybersecurity practices is so difficult that many insurers will simply refuse to provide policies. When insurers do consider approving a client for cyber coverage, it’s often not at the price point or offering the level of cover that the customer requires.”
The rise of managed services
These dynamics have prompted the rise of more effective forms of managed security, which are capable of addressing the concerns of both mid-market businesses and the insurers seeking to financially protect them. These managed security providers have several core focus areas: implementing best-of-breed security from across different vendors, integrating those services, administering them, providing insights and protecting customers both operationally and financially.
Businesses are increasingly working with managed service providers to ensure they have this level of defence and financial protection. “It’s incredibly challenging for businesses in the mid-market to ensure they have the right levels of protection in place, and to be sure they can recover systems quickly in the event of a breach. We work with our customers to assess their setup, advise on security choices, implement the relevant systems, and then manage the technology on an ongoing basis,” Davies says. “We invest heavily to ensure our staff are fully up-to-date with the latest innovations in cybersecurity and emerging threats, so we can better protect businesses.”
Secure SD-WAN in practice
One of the first steps is to implement a managed, secure SD-WAN layer. By adding this virtualised layer to their wide area networks, businesses become more agile and can unlock cost savings in their connectivity, all while increasing security and observability.
“We offer businesses a secure SD-WAN solution called Titanium, which converges high-performance SD-WAN and virtual, next-generation firewall-security capabilities into a single managed service. This removes the complexity of managing multiple network and security point products, while delivering a secure, optimised network experience across users, devices and applications. And for many companies, this can also unlock the opportunity for some cyber risk transfer and warranty, providing additional protection and peace of mind,” Davies explains.
Companies often operate highly distributed environments, spanning multiple industries and geographies. Migration to a managed, secure SD-WAN solution enables the introduction of effective multi-layered security, reduced costs and improved application effectiveness and control. For mid-market businesses, although there is no silver bullet to protect against the ever-growing array of cybersecurity threats, there are some highly innovative response services available. With new approaches to layering security with SD-WAN technology, backed by strong access to relevant cyber insurance, companies can protect their business operations and data from an evolving threat landscape. And they can do it in a way that is both simple and affordable.
There’s no doubt businesses across all sectors are feeling the pinch at the moment. It’s been a difficult few years for most, with the impact of Covid-19, Brexit, market uncertainty and the cost of living crisis converging to paint a pretty bleak picture for budgets. Then factor in an increased cyber threat and an unprecedented IT talent shortage, it’s no wonder so many mid-sized businesses are looking to managed service providers to help them get more security bang for their IT buck.
The impact of the talent shortage isn’t simply about resources, of course. Although businesses taking care of their own cybersecurity do need the manpower to deploy and maintain functions, they also need the time to invest in keeping abreast of the latest threats, attack vectors and preventative tools. This would arguably be more than a full-time job for even a decent-sized IT team. Businesses are increasingly aware of this, and are turning to managed solutions from trusted providers who have not only the time, talent and resources to commit to the task, but access to better rates on the best tech. And when businesses leverage multiple solutions from multiple vendors, each with a different specialist product, these benefits are multiplied to arm businesses with the most robust, most cost-effective cyber protection.
Gareth Davies is right in suggesting SD-WAN will form the strongest possible foundation for multi-vendor cybersecurity. Over the next few years many businesses are likely to be making the decision about whether or not SD-WAN is the right choice for them, and it’s likely to become a key security differentiator for those that opt for deployment. SD-WAN is a primary enabler of secure access service edge (SASE) solutions like ZTNA, secure web gateway and next-gen firewalls, among others, and these will be crucial for protecting businesses as attack surfaces grow and cybercriminals become increasingly sophisticated.
It’s worth also bearing in mind that, with insurers looking increasingly reticent about cybersecurity policies, the strictest security measures will increase the chances of getting cover. Many insurers have tightened up their underwriting guidelines and are asking more questions of the businesses applying for cyber liability insurance. Those businesses leveraging the best solutions from multiple trusted providers will be the ones that are able to mitigate even more of the financial risks associated with cyberattacks, putting themselves in the best possible position to safeguard their assets and reclaim any losses.
To download your complete copy of 2023 Cloud for Business report and read more articles like this, click here