Shadow IT and Cloud Access Security Brokers Video

ESG’s recent cloud security research was designed to gain insights into organizations' awareness of, requirements for, and future plans with regard to cloud security.

One of the most startling takeaways from that research was the pervasiveness of “shadow IT.” Organizations are struggling to get a grip on their cloud application usage and policies, and, in many cases, they are turning to CASB (cloud application security broker) providers for help.

Watch ESG’s infographic research video below for more insights on this topic.

Topics: Cybersecurity CASB shadow IT cloud access security brokers

Squirrel! What to chase at Black Hat 2016

Being a cybersecurity industry analyst can be a bit like a dog on a walk. Squirrel! And off you go. Which is to say creating a plan for Black Hat next week, be it which sessions to attend, what tech to look for, what trends to double-click on (never mind what parties to hit), can be challenging. With an attempt to keep some of the squirrels out of my peripheral vision, here a few of the ones I’ll be chasing next week at Black Hat 2016.

Topics: Cybersecurity CASB ransomware black hat 2016

Cisco, CloudLock and the accelerated pace of CASB market maturation

The cloud access security broker (CASB) market is exhibiting all the signs of rapid maturation — active buying motions, channel engagement, enterprise-ready requirements, and consolidation. Makes sense — the strong adoption of cloud apps, including the prevalence of Shadow IT apps, necessitates purpose-built solutions to secure sensitive data headed northbound and prevent threats coming in southbound. That is, the game of catch-up that many IT and security professional are playing to secure cloud apps their organization are already using is driving CASB evaluations and deployments. Enter Cisco into this market vis-a-vis its announced intention to acquire CloudLock. 

Topics: Cybersecurity Cisco CASB cloudlock

4 Themes Amidst the Noise of RSA Conference 2016

To be honest, I have mixed feelings about the state of the RSA Conference (RSAC). After attending for six years, I missed a year while focusing on public cloud infrastructure. Upon returning to the security industry and RSAC, I was thrilled to see how much the conference — and as a proxy, the industry — had grown with both South and North Hall jammed with vendor booths and overflow sessions scheduled in Moscone West.

But after a few days of weaving through the highways and byways of the Moscone Center attempting to digest and process a sea of vendor signage and the barrage of similar messaging, I realized that the security buyer and practitioner alike must find the noise level confusing, if not annoying. It must be the product manager in me always mapping feature-function to benefits and the marketer in me seeking to quickly grok what a vendor does and how it’s different.

Topics: Cybersecurity endpoint security hybrid cloud CASB

2016 Cybersecurity Radar Screen

Instead of making 2016 predictions in December, I decided to kick off the new year by sharing what’s on my cybersecurity radar screen for 2016. Given fundamental changes in computing models from cloud to mobility to IoT; the complexity of the threat landscape with hacker motivations of cybercrime, espionage, and activism; and the multitude of technology and solution providers; one’s radar screen quickly fills with more blips than can be reasonably tracked. And so I somewhat reluctantly offer up just a few threads of particular interest. But before looking at 2016, here’s a positive retrospective thought about 2015.

Topics: Network Security Cybersecurity containers CASB