Small Businesses Can’t Keep Up with Security Trends

Small to medium businesses, let’s say under 1,000 employees, may be in the toughest position as we enter a time where attackers are more sophisticated than ever. In speaking with fifty or so leaders in the past few months I have heard a recurring theme – leaders are aware of the threats they may face, but are paralyzed by complexity and a lack of resources. What can we do as security practitioners to help these lean businesses lower their security risk?

I believe that it is time for consolidation within the security industry. Today, the average company interacts with 32 security vendors (Kerravala, 2016). That is a staggering amount of vendors, and even if the number was reduced for smaller customers it still would not be sustainable.

How many businesses run lean, with one or two IT staff members? (hint: A lot) Are we, in the security industry, doing the right thing by forcing companies to choose multiple vendors or designing security architectures based on disparate technologies?

As we move into a new era of cybersecurity, small to medium businesses have two options. They can either outsource their security efforts or consolidate the number of vendors they use. An outsourcing effort would likely leave the business more secure, but outsourcing can come with high operational expenses. I think vendor consolidation is the better approach. A small IT team can manage one or two vendors, especially if one is an existing security vendor.

Companies like Checkpoint, Palo Alto, and Cisco are all offering security products in different segments of the security industry. Palo Alto offers web, firewall, and others, as does Cisco. A small business could theoretically focus all of their security efforts with Cisco or Palo Alto and have a fairly robust security strategy.

Company leaders should not feel paralyzed by their security strategy. Vendor consolidation will help small to medium businesses get the most out of their IT teams and security budget. An expensive alternative could be to outsource the security practice to a specialized vendor. The vendor could then handle the complexity. Those of us in the security industry have a responsibility to help businesses design architectures that are secure, not a burden.


Kerravala, Z. (2016, April 22). Cisco well positioned to dominate cybersecurity market. Retrieved December 07, 2016, from

Leave a Reply

Your email address will not be published. Required fields are marked *