Verizon Enterprise Solutions is taking its security management offering down market, creating a scaled-down version that it believes will appeal to companies with between 50 and 1,000 employees or less.

Those businesses have the same security needs as larger enterprises but often have fewer resources to devote to securing their customer data, proprietary information, workforce computers, and mobile networks, says Patrick Sullivan, marketing director for medium businesses at Verizon.

What Verizon has done is take a subset of what it offers to larger, multinational enterprises and package it for this market, Sullivan says. Where the Verizon Security Management Program (SMP) for multinationals covers the full set of security controls from the International Standards Organization 27002 security standard, the SMB version covers the 69 controls most relevant to that market, he adds.

The complete ISO 27002 information security standard addresses many issues for companies with multinational operations that don't affect mid-sized businesses, according to Sullivan.

"Enterprises that are multinational have many more areas of vulnerability," he says.

Verizon based the capabilities it includes in its SMB offering on what its annual Data Breach Investigative Report indicates is most vulnerable, says Cindy Bellefeuille, director of security product management.

Verizon is offering SMBs two flavors of SMP: an On-Site version that includes a pre-set number of hours that Verizon technicians will spend at the business, assessing vulnerability risks and detailing deployment plans; and a Remote version that offers the same kind of coverage but without on-site assessments.

"Verizon would typically be on-site for a couple of days, where our technicians could validate things such as physical security controls such as locks and cameras, and do internal risk assessments that would include interviewing people on site about company policies," Sullivan says. "With an enterprise, we would have to spend more time, because they have larger networks."

That on-site assessment can lead to a CyberTrust certified seal of approval that isn't available with the less costly Remote service option, he adds.

That can be important because SMBs face the same kind of regulatory compliance requirements as larger companies, such a Payment Card Industry (PCI) standards for retailers or HIPPA standards for medical facilities, Sullivan says.

"We thought it would be a little less stringent, but to our surprise, it isn't," Sullivan said. "That is why we are pumped about this. We know that the threats are increasing, that businesses have these security needs. In businesses where the resources are strained to begin with, we are able to position this as a strong value proposition."

Since its acquisition of CyberTrust, Verizon Business has been actively expanding its managed security services for enterprises. (See Verizon Boosts IT Data Security.)

The carrier conducts its own annual Data Breach Investigative Report and is pushing the industry to share more data to increase understanding of security issues. (See Verizon Hopes to Spur Security Data Sharing.)

— Carol Wilson, Chief Editor, Events, Light Reading