Arrow Says Midrange Shops More Worried About Security than Money
September 8, 2008 Timothy Prickett Morgan
IT distributor Arrow Electronics gets a lot of its sales and profits from the midmarket, and it likes to take the pulse of small and medium businesses so it knows how to position its products and services and polish its sales pitches. To that end, the Midmarket Group of Arrow’s Enterprise Computing Solutions division, which distributes servers, storage, and other IT gear to a network of resellers around the globe, did a survey to find out what midrange shops are and are not concerned about.
You can take a look at an executive summary of the survey at this link, but I will give you some of the highlights. Arrow was pretty vague about who was surveyed, saying that it had polled “midsize companies with annual sales volumes ranging from less than $100 million to $1 billion or more.” When I think of midrange shops, I think of companies with a few tens of millions of dollars in sales per year to up to maybe $250 million. Smaller than that and you are in the S of SMB, and larger and you are in big business. Arrow did interviews with 202 IT executives, the real decision makers and check writers, all based in the United States.
Among those IT executives polled from midrange shops, information security was cited as the most important business issue they are facing, followed by reducing IT costs or improving customer service.
“These findings affirm what we’re hearing from our business partners who are on the front lines with midmarket companies, the fastest growing sector of the economy–information security offerings are a top priority,” explained Mark Taylor, vice president and general manager of the Midmarket Group at Arrow ECS.
Interestingly, Quest Software, a maker of systems management tools, hired Aberdeen Group to do a study on how companies secure their IT applications. In a detailed survey of over 150 companies, 52 percent of the companies said that passwords were the only means of restricting access to critical data at the company; you would think that more companies would be using stronger forms of authentication–such as digital certificates, hardware tokens, or risk-based scoring–to control access, but they don’t. Some 64 percent of companies admitted that they do not require their employees to change their passwords, 45 percent said they allow companies to use words straight out of the dictionary (meaning not a mix of letters, numbers, and cases), and 29 percent said they have no requirements for password length. If the presidents and CEOs of small businesses are learning about such things, it is no wonder, then, that they are concerned about security. (I swear, as I am writing this very paragraph, I am talking to a hosting provider where I set up a Windows Server 2003 virtual private server only three weeks ago, and it has been compromised before I moved one bit of data onto it because I did not pick a strong enough password–and I thought I did. Luckily, they could nuke the VPS and let me start over with a much better password.)
Anyway, back to the Arrow midmarket survey, which shows that midrange shops in the States are still looking to make some investments in IT this year; 61 percent of the IT execs polled said they planned to increase spending in the coming year (presumably this meant 2009, not 2008, because 2008 is nearly done) and only 10 percent expecting budget cuts. Only 19 percent of the IT managers that Arrow talked to said that they had a high level of satisfaction with the way their companies used IT to address business issues; 81 percent said they were somewhat satisfied or not satisfied at all. And while 78 percent said they rated security as a big issue for their businesses, only 32 percent said they thought their company was addressing the security issue properly.
It sounds like some CEOs and presidents and business owners are not listening to their IT managers, if you ask me.