Part One of a Four-Part Series
Every year since 2014, Kaseya has surveyed hundreds of midmarket IT professionals to gauge the state of their operations, and help others learn from what colleagues do well or sometimes poorly.
The IT Operations Benchmark Survey Results Report looks at organizations with up to 5,000 employees. Needs, including resource allocation, planning, and operation challenges, are far different for midsize businesses than Global 2000 enterprises.
“Technology today has leveled the playing field between SMBs and their enterprise counterparts—to the point that the size of an organization has lost much of its previous importance. Smaller IT organizations can better compete, but with that comes the realization these organizations have the same challenges the enterprises face,” said Mike Puglia, chief strategy officer, Kaseya. “This research serves as a key indicator for us on the most important technology priorities that affect the midmarket enterprise. Our customers can attest that not only do we learn from this data, but we also execute against it. We continuously develop our IT Complete suite of products with these exact needs in mind so our customers are equipped with the technologies they need to succeed.”
But like their larger global enterprise brethren, the 1,300 organizations surveyed face difficult security challenges – issues that are, in fact, their biggest concern.
Security Still Keeps IT Pros Awake at Night
In our 2017 survey respondents said security was their No. 1 concern. With the ever-evolving modern threat landscape, it is no surprise to hear the same answer this year. Making matters worse, data breaches have serious consequences, and if not handled correctly, can decimate the business. This year’s IT Operations survey found that one in three respondents experienced a security breach in the past five years, and over one in 10 within the past 12 months.
That is why 54 percent cited security as their main concern in 2018, up from 2017. That trend is not likely to reverse. Looking ahead to 2019, nearly 60 percent of respondents anticipate security will be their primary concern in the coming year.
Security as a concern is nearly twice that of reducing costs and compliance, which came in second and third, respectively.
With these threats, best-of-breed respondents take security and data protection seriously, and as a result, they are using layered security and modern vulnerability management. Across the board our results indicate that organizations have heeded the warnings and understand the importance of a stringent security strategy.
In fact, 65 percent of respondents have not experienced a single security breach in the past 5 years. Fewer security breaches mean less unplanned downtime.
Heavy Focus on Backup
Backup has always been critical, even more so now with the scourge of ransomware attacks, which lock data and often destroy it.
At the same time, businesses can adopt more than just backup, but move up to disaster recovery and high uptime solutions. In fact, there is a direct correlation between deploying an optimal backup and disaster recovery solution and maximizing uptime.
Because hackers threaten data through ransomware, malware and data leakage, organizations are looking at data backup and uptime as critical to their operations. Eighty-six percent of respondents reported that they experienced at least one IT network outage lasting longer than five minutes over the past year, and 45 percent reported having two to four outages lasting longer than five minutes.
Fortunately, it is possible to mitigate the potential impact of downtime with an effective multi-prong backup strategy that many organizations are already engaged in. When it comes to backup and recovery, 90 percent of respondents back up servers, and another 69 percent back servers up both locally and onsite. What’s more, almost 40 percent run automated disaster recovery and have a formal, management-approved business continuity and disaster recovery plan in place. On average, respondents rely on four backup and recovery technologies, demonstrating the critical nature of these solutions.
As more computing moves to the cloud, the same is true for applications, and we are seeing increased SaaS adoption among respondents.
SaaS applications are a natural fit for midsize and smaller companies, with Microsoft Office 365 leading the way as the most deployed solution (72 percent) followed by Dropbox (29 percent) and Salesforce and Google Suite both coming in with 17 percent. While turning to a SaaS-based-application provides the functionality that businesses need, organizations own their data and with that comes the responsibility of data protection — unless they opt to outsource that as well. Slightly more than half of the survey’s respondents use a third-party vendor to protect at least some of their data.
Compliance of Increasing Importance
Regulatory compliance is a bigger issue as new regulations emerge and enforcement of established rules becomes stricter. According to our survey, PCI and HIPAA/HITECH are the most common compliance requirements respondents adhere to, comprising 64 percent. Though now underway, GDPR showed that it is still a new standard that global companies are coming to grips with, as only 11 percent of companies adhering to it at the time of the survey commissioning.
When it comes to meeting compliance requirements and InfoSec standards, size has little bearing. SMBs must adhere to the same rules as their larger counterparts.
Endpoint Auditing a Critical Function
IT pros know you cannot manage what you do not know you have. Nor can you protect endpoints from malware and cybercrime unless you have some sort of inventory, and an understanding of exactly what is on these devices in terms of operating systems, updates, and applications – including Shadow IT.
Eighty four percent of respondents audit endpoints as part of their asset management processes. Of those, 68 percent track operating system information, 64 percent track installed software, and almost half track software licensing data (48 percent).
SMBs are facing huge challenges such as security, but are wisely addressing them with layered security and backup that can protect against Ransomware.