Comment: Managing the SMB Security Challenge

UK leads the way: 34% of UK SMBs have implemented policies, procedures and IT systems to manage employees’ use of personal devices at work
UK leads the way: 34% of UK SMBs have implemented policies, procedures and IT systems to manage employees’ use of personal devices at work

A new breed of cloud-based systems is dramatically changing the way today’s small and medium-sized businesses (SMBs) operate, as increasingly mobile, application-hungry employees take advantage of software tools that were previously only available to their counterparts in larger enterprises.

The cloud has a lot to offer smaller businesses – increased productivity, more flexibility, and the ability to work effectively from any device, in any location – but it also brings a host of new security challenges that, if ignored, can wreak havoc for businesses and their customers.

You’ve heard the horror stories in the news of stolen identities, massive hacks, lost laptops and mobile devices, and service interruptions, none of which help to allay common concerns over whether a business can trust its valuable data to the cloud. A recent global YouGov survey conducted on behalf of Citrix showed that security questions around document and application downloads and network access remain top concerns for smaller businesses, particularly when it comes to allowing employees to use personal devices for business purposes.

Despite these concerns, it’s clear that the cloud is here to stay. More and more employees are using their phones and tablets for work and demanding access to mobile technologies. And the growing number of businesses that are responding to those demands are reaping the benefits of an increasingly mobile, connected, and productive workforce.

UK businesses appear to be on board: the YouGov/Citrix research found that the UK has overtaken the US and other countries and is leading the way on BYOD management. Thirty-four percent of UK SMBs have implemented policies, procedures and IT systems to manage employees’ use of personal devices at work.

Even as they create the necessary structure for BYOD and step up network security, many SMBs don’t have the resources to effectively assess and manage the full spectrum of risk and find the cloud service providers that best meet their security needs.

Naturally, the types of security threats differ from business to business, and there is often a disconnect between the perceived risks managers worry about and the actual risks they are likely exposed to. In addition, firms working in highly regulated industries may require more stringent controls than a business that is subject to fewer rules and regulations.

So, before you begin searching for a system or software to help manage BYOD and data security needs, make sure you thoroughly document and understand the specific requirements for physical security, administrative and technical controls that are associated with your business and industry. What kind of data do you maintain? What laws and regulations apply to the storage and transmittal of that data?

Once you’ve mapped key security and compliance requirements, you can identify the products and services that can meet your needs. Your business might be best served by software-as-a-service, or you might require a more robust infrastructure-as-a-service solution – and there are lots of options to choose from.

As you evaluate tools, carefully and exhaustively question the service provider about security controls. Among the questions you should ask: Where do you store my data? Is my data encrypted? Are there backups for my data? How do you provision and de-provision media? Can you perform these functions instantly and remotely in the event of a stolen device? What security controls will I be able to manage? What is my responsibility or liability in the event of a breach?

I particularly like services that allow the client to configure some security measures. Being able to set your own passwords, access permissions, session time-outs and encryption levels can be useful if you share a lot of data with people inside and outside your company.

If your preferred software doesn’t cover all the security needs you have, consider implementing an overlaying master data management solution to bridge gaps in device management and BYOD coverage.

Data security has always been a business challenge, and it likely always will be. The two most important things you can do to manage the challenge are to thoroughly document your business’s compliance requirements and data security needs and to clearly understand the steps your vendor takes to help meet those needs.

Then, be sure to revisit both lists often: Just as your (and your employees’) needs are sure to change over time, so too will the technology that’s available.


Jesse Lipson joined Citrix as vice president and general manager of the Data Sharing Group through the acquisition of ShareFile in October 2011.Citrix ShareFile is a file-transfer service built for business users who need secure, reliable and easy tools for sharing data which today has 10 million users in 100 countries. 

What’s Hot on Infosecurity Magazine?