Appliances only protect some of the people, some of the time.

The days when employees worked in an office from 9 to 5 are all but over. The widespread availability of Wi-Fi has enabled workers to be on the move outside the traditional office perimeter. More and more employees are working from home offices, airports, coffee shops, hotels – really anywhere they have a wireless connection. In addition to employees, vendors, IT technicians, contractors, and others have access, often on weekends and at odd hours of the day. Traditional appliances only protect the declining number of fixed servers and workstations that reside behind the office perimeter. Laptops, personal (BYOD) phones, other tablet devices that move freely back and forth between the home and corporate networks aren’t protected and often carry threat payloads.

Another trend along with increased mobility is the move to gradually replace large central offices in favor of multiple, smaller regional or branch offices. To connect and secure these offices, IT often employs a mix of MPLS (Multiprotocol Label Switching) leased lines, VPN concentrators, or duplicate sets of security appliances for each location. In doing so, branch office security becomes inherently costly, inefficient, and complex. Amid the confusion and hassle, many workers connect directly to the internet, bypassing the office network security. When they do, most have ZERO protection beyond antivirus security.

As an IT Service Provider, how are you protecting employees outside the office walls?

Appliances only protect some of your data.

The old days when the central office contained all the company data are over. The last 10 years have seen a huge shift from on-premise server and central office data rooms to the cloud-based public and privately hosted virtual servers and virtual data centers. The last 10 years have also seen rapid adoption by SMBs of third-party cloud applications, like Office 365, Salesforce, Box, and hundreds of others.

This means that company data is now scattered across multiple servers and cloud data centers. New 5G technologies will continue to encourage and accelerate the already rapid shift to distributed, cloud-based data centers.

In most companies today, the on-premise appliance now only protects a fraction of the company data that used to reside within the office perimeter.

As an IT Service Provider, how are you protecting your clients’ data outside the office walls?

SMB appliances do not provide enterprise-grade protection.

While nearly all UTMs and SWGs advertise an SSL / TLS decryption feature, they’re most often turned off because they’re frequently undersized to meet budget requirements. In fact, according to Gartner, 90% of UTMs have SSL web inspection feature turned off due to latency issues and/or SSL certificate error issues. This leaves a gaping security hole, leaving the network near totally exposed, since the vast majority of business traffic (including security threats) are now encrypted!

Without the SSL / TLS inspection features turned on, every other security feature on the appliance means absolutely nothing! With SSL and the many other configuration options, most appliances are incorrectly configured in the field. Even if correctly set up, they require security experts with rare skillsets for constant adjustment and certificate updates to stay current and work most effectively with other network devices.

Without the SSL / TLS inspection features turned on, every other security feature on the security appliance means absolutely nothing!

SMB appliances don't have the latest security lists.

Defense against advanced threats should be as good for an SMB as it is for an enterprise, just on a smaller, more affordable scale. According to Small Business Trends, SMBs are increasingly targeted by hackers with 43% of cybersecurity attacks targeting small business.

In addition, new threat variants appear at an astonishing rate of 125,000 per day. Unfortunately, most on-premise appliances have definition files downloaded infrequently and allow these new variants into the network before the definition lists are updated.

With thousands of new threats daily, IT Service Providers need cloud based gateways to provide assurance that all customers are protected by the latest lists.

“All in One” UTM appliances really aren't all you need.

While UTMs are often marketed as “all-in-one” appliances, they don’t contain the layers of security required to protect small and medium-sized businesses. UTMs pack several layers of security into one box, but they often take shortcuts on features, functions, and sizes of definition files. Depending on the manufacturer, most UTMs will not offer integrated email security, antivirus endpoint security, patch management, and identity or password management – all of which are key components of a comprehensive layered security strategy for SMBs. By contrast, to eliminate security gaps, the typical enterprise business will have multiple, expensive boxes to protect each office location. Enterprise IT staff will normally install point solution appliances as opposed to an all-in-one UTM. In effect, these boxes are high-powered computers that specialize and excel in a particular layer of security.

Finally, legacy appliances UTMs and SWGs often can’t keep up with employee growth and additions of new bandwidth, restricting productivity and security. SMBs typically stick to a 3 to 5 year budget cycle and will risk their security and sacrifice productivity in order to wait for the next opportunity to purchase.

Appliances have several hidden costs.

There is a certain attractiveness to a plug-and-play appliance. However, the real truth is that SWG and UTM security appliances are only a small part of the total cost of ownership (TCO)!

• Appliances normally have add-on support and maintenance contracts
• Appliance performance degrades and will most often need to be upgraded to a higher model when:
• More employees and/or locations are added.
• Appliances are single points of failure. If they break, businesses either need hot-spare backups or expensive “High Availability” contracts to reduce company downtime.
• Appliances require on-site IT experts to set up and perform firmware and software upgrades on a regular basis. A severe shortage of IT and security experts in SMB markets continue to drive the costs higher.
• Branch offices either need completely new sets of appliances or expensive MPLS leased lines to backhaul traffic through to the central office and back out to the internet.
• Appliances require secure computer rooms with HVAC, racks, battery backup and electricity

All these factors lead to increased operational costs for Managed Service Providers, without adding any extra benefits to SMBs.

All of these costs are minor compared to the ultimate cost: losing your business due to inadequate security!