ESG Research Report: Network Security Trends in Hybrid Cloud Environments

Research Objectives:

In order to gain insight into how public cloud computing services are impacting network security strategies, ESG surveyed 255 cybersecurity and IT/information security professionals at organizations in North America (US and Canada) familiar with their organization’s network security tools and processes and responsible for evaluating, purchasing, and/or operating corporate network security controls across public cloud infrastructure and on-premises data centers/private cloud.

This study sought to answer the following questions:

  • How difficult is operating public cloud infrastructure compared to two years ago? What are the greatest challenges organizations face when it comes to public cloud security?
  • What tools do organizations currently use to protect their public cloud infrastructure environment?
  • What are the biggest reasons organizations use security groups or network firewalls from cloud security providers?
  • How difficult is on-premises data center/private cloud security compared to two years ago? What are the greatest challenges organizations face when it comes to public cloud infrastructure security?
  • What are the most important attributes when it comes to on-premises data center/private cloud network security tools?
  • How do organizations view hybrid cloud models?
  • What are the biggest challenges with respect to supporting applications spanning public cloud infrastructure and on-premises data center infrastructure?
  • How often do organizations evaluate their network security tools for public cloud and on-premises data center/private cloud infrastructure?
  • Do organizations spend more on public cloud infrastructure or on on-premises data center/private cloud security? How will security spending change in the next 24 months?
  • What groups are responsible for the security processes, policies, and technologies associated with protecting the organization's public cloud infrastructure and on-premises data center/private cloud? How is their day-to-day collaboration characterized? How willing are they to invest in and support public cloud security initiatives?
  • Do organizations use microsegmentation today? How will this change 24 months from now? How will organizations employ microsegmentation? Why would organizations not use microsegmentation more widely?
  • How often are security incidents a result of encrypted traffic? What is the most attractive method of encrypted traffic visibility?

Survey participants represented a wide range of industries including manufacturing, financial services, retail, healthcare, and technology. For more details, please see the Research Methodology and Respondent Demographics sections of this report.

Topics: Cybersecurity Networking

ESG Research Report: Trends in Modern Application Protection

Research Objectives:

Securing applications has become more difficult than ever. Increasingly heterogeneous application environments coupled with distributed responsibility for application security has resulted in security complexity and tool sprawl. Further, attackers understand this challenge and use it to their advantage. While exploits against known application vulnerabilities remain common, advanced campaigns use bots to amplify denial of service and credential attacks that target web applications as well as the APIs they rely upon. Converged application protection platforms have emerged to address many of these issues, but organizations can struggle with prioritizing the capabilities they require, assessing the different types of tools available, and meeting the diverse needs of a broad set of stakeholders.

In order to gain insight into these trends, ESG surveyed 366 IT, cybersecurity, and application development professionals personally involved with web application protection technology and processes at North American organizations.

This study sought to answer the following questions:

  • How many public-facing web applications and websites do organizations support? What percentage run on public cloud infrastructure today, and how is this expected to change over the next 24 months?
  • What percentage of organizations' public-facing web applications are based on microservices today, and how is this expected to change over the next 24 months? To what extent do organizations plan to incorporate security processes and controls via DevOps processes?
  • How do organizations view web application protection? What challenges do organizations face with protecting their public-facing web applications?
  • What kind of web applications and API attacks have organizations experienced in the last year? What impacts do organizations experience from the attacks?
  • Is ensuring secure and available applications among the top cybersecurity priorities for organizations? Will organizations increase spending on web application and API protection technologies, services, and personnel? What are the critical drivers of spending?
  • Which discrete tools and capabilities do organizations use to protect web applications? Why do organizations use multiple web application protection tools? What challenges do organizations face with the tools they use to protect applications?
  • What proportion of organizations' public-facing web applications and websites use APIs today, and how is this expected to change over the next 24 months? What are the biggest challenges with protecting APIs?
  • What are organizations' plans regarding WAAP? To what extent have they deployed WAAP? What types of applications and APIs do organizations anticipate would use a WAAP platform? Which tools are the most important in a WAAP platform? How would organizations prefer to deploy a WAAP platform?

Survey participants represented a wide range of industries including manufacturing, technology, financial services, and retail/wholesale. For more details, please see the Research Methodology and Respondent Demographics sections of this report.


Topics: Cybersecurity Networking

ESG Brief: What Do Security Hygiene and Posture Management Leaders Do?


Security hygiene and posture management is still one of the least mature areas of cybersecurity, and the external attack surface continues to be vulnerable and prone to exploitation at many organizations. While diligent efforts, such as improved asset management and security testing, can help, security hygiene and posture management remains a challenge. Organizations that are addressing their security hygiene and posture management proactively are currently making the most progress. This brief looks at the research data and reports on some of the things these organizations are doing to get ahead.

Topics: Cybersecurity

ESG Brief: Businesses Take an 'Infrastructure-out' Approach to Digital Transformation


Developer velocity – the speed at which new applications can be developed and deployed – often determines success for digital transformation and digital business initiatives. Many businesses, however, don't have the infrastructure in place to optimize application development efforts and fully maximize the potential of these initiatives. Given the prominent role that IT transformation plays in digital transformation initiatives, businesses need to take a holistic "infrastructure-out" approach to their digital transformation journeys, with a focus on regular and constant collaboration between IT operations and application development teams.

Topics: Storage Digital Transformation

ESG Research Report: Technology Perspectives from Cybersecurity Professionals

Executive Summary:

Report Conclusions

In late 2021 and early 2022, ESG in partnership with the Information Systems Security Association (ISSA) conducted a survey of 280 cybersecurity professionals focused on security processes and technologies at organizations of all sizes in industries such as technology, government, financial services, and business services, among others, spanning countries in North/Central/South America, Europe, Asia, and Africa.

Based upon the research collected for this project, ESG and ISSA reached the following conclusions:

  • Security professionals want more industry cooperation and technology standards.
  • Organizations are actively consolidating security vendors and integrating technologies.
  • and more...
Topics: Cybersecurity ISSA

ESG Infographic: Distributed Cloud Series: Observability from Code to Cloud


IT operations teams continue to strive to improve collaboration with developers on building modern application architectures. As companies accelerate or embark on their digital transformation journeys, what is the expected role of ITSM in enabling businesses to realize the benefits of automation, observability, intelligence, and optimization? ESG recently surveyed IT, DevOps, and application development professionals responsible for application infrastructure to find the answers.

Find out what ESG research uncovered with this free infographic, Distributed Cloud Series: Observability from Code to Cloud.

Topics: Cybersecurity Data Protection

ESG Infographic: Securing the Identity Perimeter with Defense in Depth


Organizations continue to rely on user and machine identities that are susceptible to compromise, misuse, and theft. Modern, cloud-managed identity services are available, but organizations have been slow to pivot their security programs to an approach that focuses on identity orchestration and experiences. ESG surveyed IT and cybersecurity professionals responsible for identity and access management programs and solutions to gain insights into these trends.

Topics: Data Protection Identity and Access Management

ESG Complete Survey Results: ESG/ISSA Cybersecurity Process and Technology Survey


ESG conducted a comprehensive online survey of IT professionals from private- and public-sector organizations in North America (United States and Canada), Western Europe, Central/South America, Africa, Asia, and Australia between December 20, 2021 and December 31, 2021. To qualify for this survey, respondents were required to be information security managers, chief information officers, IT senior executives, IT managers/directors, or general IT staff responsible for information security and other comparable titles.

This Complete Survey Results presentation focuses on cybersecurity technology purchase trends, including the current threat landscape’s impact on strategies and subsequent buying decisions, efforts to consolidate vendors and products, the appetite for cybersecurity platforms, and cybersecurity process integration with DevOps practices.

Topics: Cybersecurity ISSA

ESG Brief: Has the Web Browser Become the New Operating System?


End-users are increasingly relying on web browsers as their primary access to corporate applications and data. The most commonly used web browsers are Google Chrome, Mozilla Firefox, Microsoft Edge, and Apple Safari. Due to advances in technology, security, and internet speeds, browsers can provide several advantages in a corporate environment compared to PC and mobile operating systems. Yet browser security remains a major issue among IT professionals charged with managing security patches, updates, and policies as part of an overall end-user computing (EUC) strategy. As businesses accelerate the adoption of applications accessed through web browsers, and IT continues to improve support and security for multiple browsers, enterprises may one day treat browsers as the de facto operating system in a corporate environment.

Topics: Enterprise Mobility

ESG Brief: The Impact of 5G on End-user Computing Strategies


The significant performance and bandwidth advantages of 5G cellular networks have numerous implications for businesses as well as consumers. 5G has the potential to deliver reliable connections for hybrid work and collaboration strategies while enabling augmented reality and other multimedia applications to run on a wider range of endpoints and locations. To realize these opportunities, IT leaders should consider 5G integral to their network infrastructure plans and strategies.

Topics: Enterprise Mobility