Skip to main content

Managed Security Services Growing Among SMBs


A new report from Forrester Research on the state of IT security at small to midsize businesses (SMB) in North America and Europe predicts ongoing growth in the managed security space.

In a result similar to that of enterprise respondents, SMB executives reported that the two top drivers for using managed security services is the demand for a specialized skill set that security requires (cited by 31% of the respondents) and the need to reduce costs (cited by 24%).

Other reasons cited for adopting managed security services include:
  • The need to reduce complexity (19%)
  • The need for 24/7 security coverage (19%)
  • The rest of the IT environment is outsourced (5%)
Managed Services Tops for Filtering and Monitoring
The report also revealed that the top two services SMBs ask from their managed security provider are e-mail or Web content filtering (36%) and network firewall monitoring (33%). Forrester believes that the biggest uptick in the next year, however, will come from increased use of vulnerability management and assessment. Some 20% of SMBs plan to deploy these services in the next twelve months.

The Forrester report clearly shows that SMBs have a strong interest in all facets of managed security services. Some 23% are already using it for identity and access management, and another 35% are interested in it, but either have no plans or no budget for adding it to their slate of services.

Similar proportions of SMB executives recognize these issues: host event log monitoring or management (31% are interested but have no plans or budget); IDS/IPS monitoring or management (30%); endpoint security (34%); and regulatory compliance monitoring and assessment (31%).

When To Add Managed Services
The Forrester survey didn't tackle one of the most interesting questions from a managed services standpoint (in fairness, the focus was on security, not managed services). That is, what will it take for SMBs to start adopting the services in which they express interest, but have not yet budgeted for?

Our recommendation is to be proactive and deliberate about adding services. Don't wait for the need to arise; develop a plan to takes into account your security needs and build capabilities into both your budget and deployment plans on an incremental basis. That way, you'll enjoy the highest level of protection with a minimum amount of disruption.

Popular posts from this blog

Why 97% of Companies Fail at AI Transformation

Many CEOs say their company is all-in on AI. Every one of their earnings calls touts AI integration. Their strategy deck features the words AI-powered a dozen times. Yet when I review these same organizations, I encounter a starkly different reality: employees using consumer  Generative AI (GenAI) tools in secret, departments building redundant solutions, and confusion about what AI transformation actually means. Recent research from Google also reveals the inconvenient truth: Just 3 percent of organizations have achieved meaningful AI transformation. However, 97 percent remain mired in what I call AI aspiration fantasy theater. This isn't a technology problem. The GenAI tools work. The models are remarkable. The issue is that we've fundamentally misunderstood what meaningful and substantive AI transformation requires. The Executive Blind Spot The data reveals a troubling pattern: executives are 15 percentage points more likely than their employees to believe that AI is alread...
Read more