I invite you to imagine how things were ten years ago when we were all younger and probably happier; IT models were clearly defined, and all was logical and gradual, just an exercise of scalability.
You started with a few PCs, you were connecting them into a network, eventually adding one file server, then a mail server, and starting to think about security. But also security was easier ten years ago. Viruses, worms, and occasionally some successful attack from curious persons that were called crackers and was pretty much all. We were adding something like 5 to 10 virus signatures per day, and that was enough.
Then everything started to get complicated with a lot of specialized software appearing, with the challenges of making them fit in small networks; then outsourcing services; then XaaS (everything as a service) and virtualization; BYOD; and so on. It's no wonder that many people trying to keep pace with all this evolution feel overwhelmed.
The recent IT history is full of lateral roads and high expectations, to the point where Gartner has set up and practically made famous a model; what they call the Hype Cycle. People started using it as a tool to assess the technology maturity stage and their client's expectations and to predict the future.
During all these years, we have seen many hype cycles for various technologies, more or less likely to dramatically impact Small to Medium-sized enterprises (SMEs). Distributed computing, SOA, Tablet PCs, Social Networks, SSDs, Green IT, and Virtualization, to name a few. Many of these have passed over the entire cycle and have now become mature technological options for businesses around the world.
But how many of them were adopted in SMEs?
How much was/is hype, and how much has become/will be a valuable option for SMEs?
The first line of challenges for the traditional SME infrastructure has been represented by the increase of computing power at the level of the devices that were affordable for SMEs.
First, we were talking about servers and blades and domes that could deliver to the business a lot of CPU, RAM, and storage. A consequence has been the need for security, and this is when perimeter security and all-purpose security appliances came at hand.
The second line of evolution was when humans started to physically move, generating the need for remote access to the resources inside the network and to applications. A lot of agents, software clients, connectors, etc., have been developed as supplements to the classic client-server applications. And the need to secure them, of course, generating the rise of VPN technologies and authentication & access solutions.
Once mobile, these people desired the same computing power but in lighter handheld devices, which have reached the power of traditional computers but at a fraction of their weight. And their evolution hasn't stopped. We are talking about a new wave that is in full movement, and we are expecting a lot from wearable devices as well as other smart objects.
As a consequence for the SME infrastructures, we have seen a serious tendency to accommodate the BYOD work style with the subsequent security concerns and policies.
Up till now, we were talking about computing devices, CPU, RAM, and storage in SME possession – "IT to own." These technologies have evolved, but analysts consider that they have already started to go on a steady and less explosive path: Gartner's Hype Cycle Report for 2013.
There is a lot more to this system of devices that you own and touch. Once considered a promise and declared hype by many, the road to virtualization and cloud computing has become a fulfilled prophecy.
We are facing a paradigm-shift moment from "IT to own" to a "pay per use" model that is very applicable to SMEs, and it has the potential to change the entire SME work style and work environment for the better.
Reason #1: Capacity - the "IT to own" model is reaching its limits. Even though we could stuff more computing power in a traditional on-premise network, there are limits on space and electric ability, facilities, etc. The mobile style of doing the day-by-day work has been changing their IT resources usage model.
Reason #2: Economics - SMEs were forced by the economic crisis to realize that it's more convenient to rent the applications they are using, to store data in the cloud, and eventually also lease CPU, RAM, and storage.
Reason #3: Lack of competencies – the shortage of competent IT resources and their cost has been forcing SMEs to think twice before hiring, even part-time, such personnel. But to benefit from their skills and knowledge and pay a fraction of the cost might be attractive.
Reason #4: Security – choosing to keep the valuable data and the business applications in the cloud, maintaining secure images of the computing devices in a secure data center, with all security patches applied and the risks transferred to the provider and covered by a strong SLA is a dream come true.
Reason #5: Business Continuity & Recovery + Ubiquity – virtualization and XaaS are SMEs' best allies when dealing with Business Continuity constraints. Anything may happen. All the valuable assets are in a secure place, always available. Damages may be covered anytime by just restoring the last secure version/configuration/data.
Some SMEs appreciate the power of cloud and virtualization technologies, and they are using these innovations to improve internal business practices or actually build the business around the new data center. And with these technological advancements, SMB security needs to be in lockstep – innovative platforms need innovative protection.
There will be more about this in the next post in what is promising to become a series. Stay tuned if you're interested in learning more about how SMEs could react to new evolutions.
In the meantime, I invite you to read this:
tags
Horatiu B has been in the field of information security for about 14 years, switching lanes between marketing, sales, consultancy and business development. Engineer by formation, he thinks that a diagram says 10 times more than a speech but sometimes you have to employ words in order to describe diagrams. Horatiu’s principal areas of interest are in security management, practices, processes, buying behaviors and psychology.
View all postsDon’t miss out on exclusive content and exciting announcements!