You both make very good points. I think a key issue which applies to SMBs is realization of the security they actually need. Blair, you suggest that SMBs are satisfied by “checking” the box for audits, compliance, etc… as an individual intimately associated with an SMB, I know that this is purely out of ignorance. If I don’t know/understand the threats that exist, I am going to stick with the cehckboxes, and keep my head in the sand hoping that is enough to keep me safe… especially if I’m on an SMB budget.

David, I think the solution to this for a company which offers a suite of SaaS solutions like Perimeter is two-fold:

(1) (self-) assessment – provide the SMBs with tools to understand what threats are out there.. and what is vital to their operations.. maybe even a self-assesment on the website… with a customized product offering at the end of the tutorial…

(2) customization… offering SMBs the ability create their own soutions.. so they dont have to buy into big packages for their limited VARs (sounds like this is already in your game plan for Perimeter)

It’s likely that I am way behind your biz dev plans on this (if so, just disregard), but thought I would throw out some ideas.

- Jory

Your posting really struck a chord with me; I have also made an investment in the “SaaS security for SMB’s” space, with a Texas-based company called Alert Logic, and for slightly different (but related) reasons than you describe.

Yes, SMBs are indeed struggling to deploy and manage an adequate security infrastructure to properly protect themselves. But in our experience they’re struggling even more to comply with regulations like PCI-DSS that require the use of advanced security technologies (like IDS, VA and log management) that are beyond the reach of ordinary SMBs because of cost and/or complexity. The funny thing is, many of these smaller companies aren’t necessarily experiencing security incidents and don’t feel compelled to deploy more security technology, they’re primarily deploying the technology to meet the minimum requirements of the regulation and to satisfy the auditors (i.e., checkbox compliance”). Better security is definitely a benefit, but it’s not the primary goal, and they don’t need best-of-breed capabilities, but something easy and affordable.

Your prediction that the company with the best soup-to-nuts security “utility mashup” will win the day is interesting – but we’ve placed our bet on a company who is producing (IMHO) the best combination of ease-of-ownership, affordability, and check-box compliance.