Doug Cahill

Doug Cahill

Senior Analyst and Group Director Doug Cahill covers cybersecurity at Enterprise Strategy Group, drawing upon more than 25 years of industry experience across a broad range of cloud, host, and network-based products and markets.

Recent Posts by Doug Cahill:

Adopting an Identity-centric View of the Perimeter

The notion of a matrix of “anyness” describes how the combination of knowledge worker mobility and the broad use of cloud services has significantly impacted the cybersecurity remit. The recent surge in remote workers has brought this concept to the fore and shown how conducting business on any device from any location at any time accessing any app and any data is the norm. This reality certainly challenges the castle and moat security model, highlighting the need to evolve how we think about the perimeter, to one that contemplates the many aspects of identity.

Topics: Cybersecurity COVID-19 Tech Effect

RSA Conference 2020 Wrap-up: The Human Perimeter (Includes Video)

With RSA Conference 2020 now in the rearview mirror, my colleague John Grady and I discuss the theme of the conference in this video blog, the human element. After acknowledging the importance of community, we explore how the emergence of software-defined perimeters (SDP) will help secure a variety of user access use cases. We also discuss how the broad adoption of cloud services is necessitating a retooling of identity and access management programs from SSO to MFA, privileged access management, and user activity analytics. We wrap-up noting how much we enjoyed seeing so much of our community at our annual ESG Breakfast at RSA Conference event.

Topics: Cybersecurity

Seven Cybersecurity Take-aways from AWS re:Invent 2019

The set of announcements at AWS’s annual re:Invent is always impressive, albeit a bit of a firehose for which AWS’s own Amazon Kinesis data streaming processing engine would be helpful. At last week’s AWS re:Invent, a seminal annual IT event only AWS can get away with scheduling the week after Thanksgiving, the company announced a number of important security capabilities, some small, some big, all customer-driven. Thematically, in addition to a clear focus on identity and access management features designed to help customers rein in their AWS identities and secure S3 buckets, AWS is clearly focused on enabling enterprise-class use cases.

Topics: Cybersecurity AWS re:Invent

Black Hat 2019 Insights: 8 Key Cybersecurity Market Observations

There was a lot to take in at Black Hat 2019 in Las Vegas. Fortunately, ESG covered a lot of ground with our expanded team of analysts. With the dust now settling from Black Hat 2019, ESG analysts share some takeaways from the event in this ESG On Location Video, including:

Topics: Cybersecurity Black Hat

The Three Pillars of DevSecOps

Jerry Garcia once said the Grateful Dead is like black licoriceyou either love them or hate them. Well, I have finally been able to make a connection between the Dead and cybersecurity as it sure seems to me that “DevSecOps” is the Grateful Dead of cybersecurityyou either love it or hate it.

Topics: Cybersecurity

Palo Alto Networks’ Strong Move to Secure the Modern Application Stack

One of the marketing campaigns that resonated the most with me over the last few years is the messaging behind Trend Micro’s XGen campaign because it aptly captures the challenge cybersecurity teams face: the complexity of securing multiple generations of technology. That is, it’s not just about next-gen. It’s also about protecting the last gen, and whatever comes after next-gen.

After all, while we still have mainframes, tape libraries, and Oracle running on UNIX, appdev teams are leveraging public cloud platforms and a rich set of microservices to rapidly build and deliver applications. Such heterogeneity represents a requirement to secure a diverse set of applications stacks deployed across hybrid, multi-clouds. Palo Alto Networks' stated intention to acquire Twistlock and PureSec, the former for container security, and the latter for serverless security, is a strong move to add cloud-native application security controls to companies' already extensive product portfolio.

Topics: Cybersecurity

Previewing RSA Conference 2019: Cybersecurity Services, Cloud Security, and DevSecOps

In this video blog, ESG’s new principal analyst, Christina Richmond, and I preview what we expect to see at RSA Conference 2019. The scope and scale of RSA Conference continues to grow with adjunct events held by industry organizations such as the Cloud Security Alliance, vendors, and ESG with our own breakfast event. A few of the topics we expect to be front and center at this year’s RSA Conference include:

Topics: Cybersecurity RSA Conference

Recapping VMworld Europe: Built-in Cybersecurity for Hybrid, Multi-Clouds (Includes Video)

As a follow-up to VMworld US in Las Vegas this past August, VMware reiterated its compelling albeit ambitious strategy at VMworld Europe in Barcelona. From my perspective, that strategy is well aligned with the flexibility today’s enterprises require – the ability to run any app on any cloud accessed from any device with intrinsic security. This is the true essence of hybrid clouds for which VMware has a comprehensive definition – private cloud, public clouds, as well as Telco clouds – and a plan to offer a hybrid cloud control plane with equally flexible delivery options.

Topics: Cybersecurity

Three Expected Security Themes at AWS re:Invent 2018 (Video)

As a cybersecurity industry analyst, I am admittedly guilty of being myopic in looking for security to be the leading act in the keynote at major industry events. Such was the case at AWS re:Invents of the past when security was front and center starting with a discussion about the shared responsibility security model, the foundation of any cloud security program. That started to change in the last few years with security playing more of a supporting role in Andy Jassy's and Werner Vogels' keynotes. To be clear - it’s not that AWS is now being dismissive of security by any stretch, it’s simply that security is no longer an impediment to the adoption of public cloud platforms, at least those operated and secured by major CPS such as AWS, who has always treated security as job #1. AWS no longer needs to convince the market the cloud is secure, the conversation is now about how to meet your part of the shared responsibility model.

Topics: Cybersecurity AWS re:Invent

Five Ways to Get Started with DevSecOps

Integrating, and thus automating, security via the continuous integration and delivery (CI/CD) processes of DevOps, an approach referred to as “DevSecOps,” is a topic that had, until somewhat recently, been discussed largely only at DevOps and cloud-specific forums and events. But DevSecOps is coming of age. The ongoing adoption of DevOps by enterprise organizations, and the growing interest in bringing security along for the ride, is getting the topic a bigger stage, with DevSecOps being presented in sessions at more mainstream events such as RSA Conference, the CISO Summit at Black Hat, and VMworld. The adoption of application containers and the Kubernetes environment that orchestrates their lifecycle across the build-ship-run continuum has also been a catalyst for CI/CD integrated security. Because DevSecOps starts with a cultural shift, leverages CI/CD methods, and requires purposeful controls, it is an amorphous concept not only hard to define, but challenging to make actionable.

Topics: Cybersecurity