Small and medium business and enterprises often make do with what they can do today while dreaming about tomorrow. Most SMBs look to have communication tools in place both for communication with the outside world (email, the Web, Twitter, Facebook, Google+, etc.) and for communication between team members (email, IM, etc.). Most of this can be done online these days by embracing the relevant tools from Google or other sources. Alternatively, SMBs can stand up their own; however, cost is often the bottom line for an SMB. 

When it comes to data protection, networking, management, virtualization, cloud, desktops, and security, however, things are quite a bit different. SMBs are hampered by cost concerns. They may want more of everything but end up with the same they had before. Why? Because they have to make do. So, how can they improve without spending a dime? SMBs often turn to open-source and free online tools, and they sometimes make some very bad decisions. Costs rule everything, but the long and short of it is that the IT person at an SMB is just not qualified to do everything. Very few people are. They try to get things going but may get dragged away to other duties, fostering a responsive approach to IT instead of forward thinking.

Compliance and the bottom line are the crucial drivers for an SMB, not security and management. If a PCI audit fails—even an automated one—then your IT person fixes PCI-related issues at the expense of everything else. If there is a team of folks, then they are also working on the latest hot button.

How can we change this behavior? It is harder to do then most realize, but the key is to have one person who is working on the problems of today and another looking into the problems of tomorrow. You can do this by hiring a group that takes care of all that for you, or by having time in the day to consider the future. Perhaps the future is a NoSQL database. This is a good example of how IT can help a business. IT can research the various flavors and determine if there is a cloud version, hosted version, or something you have to host yourself, and of course the costs of doing so.

Making do often implies you choose the most cost-effective solution over the best solution. These are trade-offs SMBs have to make every day. Now, once you have a solution, the recurring costs can also be hard to swallow. This implies that many SMBs either embrace open-source tools specifically for monitoring and automation, or they make do with nothing at all.

SMBs need a lot of help in many areas, but mostly they need good tools that scale to their needs while being inexpensive. Tools do not necessarily need to be free of charge, but SMBs do need better-priced tools for security,  data protection, networking, and the like. This is one reason why the cloud is so popular with SMBs. The SMBs can offload all management, network, security, and data protection to a cloud provider—but unfortunately, that is not actually the truth. No cloud provider will assume an organization’s security and data protection responsibilities.

This is an area in which an organization (of any size) needs to take responsibility. Yes, one can use cloud to perform necessary actions, but unless otherwise stated by the service an SMB is using, they do not assume any responsibility. Because of this, SMBs using the cloud may be experiencing a false sense of security. Instead of hiring administrators, they need to hire cloud administrators who can get data there and back again, maintain  relationships, manage costs, and otherwise deal with cloud service providers.

For some SMB verticals, there are organizations that can do all of this. However, they also can end up being costly but important if your SMB is in a highly regulated industry. Offloading auditing and similar functions could be very important. However, even in this case, read your contracts carefully; the SMB is most likely still responsible.

SMBs make do with what they can afford and absolutely need to sustain the business. However, the startup costs for an SMB have not changed much, while options have. How do we bring the future to an SMB?

  • Have someone whose job is to look at future items, from programming languages to cloud services; just one or two half days a week might be adequate
  • Change an administrator’s role from on-premises management to cloud administrator (maintain your cloud relationships)
  • SMBs must assume responsibility for security, data protection, and compliance
  • Read the fine print of any contract/service agreement
  • Investigate open-source tools.

What is on your list of options for SMBs so they can move to the future?

Share this Article:

Share Button
Edward Haletky (376 Posts)

Edward L. Haletky, aka Texiwill, is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization.

[All Papers/Publications...]

Connect with Edward Haletky:


Related Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *


− 8 = zero