SMEs Face Security Pressure with Too Many Tools, Not Enough Skills

Security concerns are on the rise as the greatest challenge for IT admins at SMEs in Q1 2024, with 56% revealing that they’re more concerned about their organization’s security posture today than they were in April 2023.  

According to JumpCloud’s Q1 2024 SME IT Trends report, which surveyed IT stakeholders in UK, US, and India, the implication is that SMEs could be more vulnerable to cyber-attack than other segments. The report highlighted concerns over security amid a shortage of specialist skills and additional pressure on IT teams around compliance, with over two-thirds (75%) saying that more compliance and regulation requirements have been mandated in their region. 

These concerns are backed up by long term trends in compliance. The International Organization for Standardization, which maintains the framework for ISO27001, said in its most recent report that certifications for ISO27001 increased 51% between 2020 to 2022 as more companies bowed to pressure from their own customers to prove security hardening and compliance.  

AI adoption is adding fuel to the fire 

While AI is seen by some as a cost-effective way of plugging the skills gap left by sweeping layoffs and a general lack of experienced professionals in specific sectors (such as security and cloud), IT admins tasked with integrating AI appear less confident, JumpCloud found.  

Despite a mostly positive attitude toward AI in their organization, admins also report significant unease around AI’s impact on organizational security, with nearly two-thirds (62%) agreeing that AI is outpacing their organization’s ability to protect against threats overall. 

Too many tools to be effective

Another challenge, compounded by a lack of manpower to carry out tasks, is that IT admins find themselves juggling too many tools to do their job.  

The vast majority (75%) of global respondents continue to prefer a single tool for a specific job rather than several-point solutions, roughly the same as the 77% who said the same in April 2023.  

MSPs come out on top 

But this is all good news for Managed Service Providers, which continue to be a go-to resource for organizations under pressure.  

Nearly 76% rely on an MSP for at least some features and the trend is that organizations are leaning on MSPs for increased responsibilities, where SMEs are lacking the skills or the tools, or the ability to use the tools effectively.  

The survey found that an MSP completely manages the IT environment for 42% of respondents in UK, US, and India, versus 27% in April 2023—a 56% increase over 12 months. 

Tellingly, security is the most common function for which organizations use MSPs (57% in 2024 versus 53% in April 2023), and the most popular reason why is that SMEs believe MSPs are up to date on the latest technologies (65%, up from 61% in April 2023), suggesting that smaller organizations are plugging the skills gap for complex subjects like security, cloud, and AI, with outsourcing.  

Aggregation of tools and automation as the solution 

These trends that JumpCloud has highlighted in the SME sector align closely with what we are hearing from the market and our own SME customer base.

When it comes to cloud security specifically, IT admins and security professionals are struggling with multiple point solution tools that only apply to a single ecosystem. The cloud provider security tools only work for their own cloud, and skills for managing and securing that cloud are not transferable to another cloud either. This leaves SMEs struggling to meet security and compliance requirements and potentially losing business as a result.  

So, it comes as no surprise to see MSPs as the winners here. When small and medium businesses cannot get the skills in-house, but are seeing growing compliance pressures, they have no choice but to outsource the problem. What’s interesting is that MSPs and MSSPs face the same challenge, because the skills shortage is industry wide. But we work with a large number of managed service providers to help them unify their cloud security tools into a single platform and use automation to augment the security skills of their analysts to be transferable across all clouds and containerized environments. This means they can serve more customers with the same resources.