RSAC 2011: The Midmarket View
Our CEO spoke for all of us at TriGeo when she wrote, “I Love the Midmarket.“ TriGeo has a well-deserved reputation for delivering award-winning SIEM technology that’s built for the SME. We know this market and we know that midsize companies are usually resource strained, not staffed with security “experts,” and certainly not running 24/7 Security Operations Centers (unless you count the network administrator carrying the IT equivalent of the Bat-Phone).
As I sat through days of RSA presentations, I started to tally up the obvious disconnects, mixed messages and faulty assumptions that you hear from enterprise vendors as they try to re-frame the discussion for the midsize universe. Here’s three of the biggest:
Assumption #1: IT and security teams are separate, diverse entities.
During the presentation of a real-world case study on malware, the presenter described a classic SME environment when he said, “there are two of us, and neither of us are security experts.” That’s two, not-quite security people responsible for IT and the security of 500 desktops, 50 servers, 6 offices and 44 remote access sites – with more on the way. This midmarket IT team will have trouble identifying with phrases I’ve heard this week at RSA like “engage your SAN team” and “security analysts” (both from the Mature SIEM presentation).
Assumption #2: IT has time.
I know, the enterprise IT teams are busy, too, there’s no shortage of work. But, things like product evaluations, testing, extensive due diligence, intense development – these are luxuries that the midmarket IT team simply can’t afford. These folks are trying to solve a problem. They’re trying to find a vendor that will help get them as close to a solution as possible and deploy it quickly without a huge development process – or a ton of services. In a presentation on IDS/IPS, Richard Stiennon mentioned “most analysts can handle 3-4 specific tasks a day” – if that’s true of an “analyst” what does it mean for someone also responsible for all of IT?
Assumption #3: IT isn’t versatile.
In the enterprise world, moving objectives through the organization, getting buy-in, purchasing, and implementing solutions is a long process. New technologies like cloud-based solutions are approached with caution while they are proven in smaller business units, test environments, and limited pilot projects. Smaller organizations can be more versatile and are more focused on finding something that solves their problem. Those “two guys in IT” trying to mitigate malware infections implemented a cloud-based solution to route their risky traffic through the external network first – a solution they took from evaluation to purchase to implementation in 2 weeks.
We see situations like this every day. There are products on the market made for the enterprise and most of the attention from the vendors is focused on enterprise clients. I understand it – these organizations are household names, but the majority of the business of the world is done through midsize companies. Interestingly, there’s also a lot of talk about the convergence of IT and security, pushing security “down the stack,” and the proliferation of user-owned devices making security everyone’s issue. It sounds like those midmarket IT teams that are wearing IT and security hats are just ahead of the curve – that’s all.
*** This is a Security Bloggers Network syndicated blog from TriGeoSphere authored by Nicole Pauls. Read the original post at: http://blog.trigeo.com/2011/rsac-2011-the-midmarket-view/
