ESG Brief: The Expanding Role of DevSecOps Practices

Abstract:

ESG conducted research in the fall of 2019 to examine the composition of cloud-native applications, explore the challenges associated with securing cloud-native environments, and gauge the emergence of secure DevOps programs, or “DevSecOps,” as a methodology to protect the lifecycle of modern applications. The number of organizations who have or plan to implement secure DevOps practices has grown appreciably since ESG’s similar study in 2017, leading to an expanded set of use cases and, over time, broader coverage of an organization’s footprint of cloud-native applications. DevSecOps, for the purposes of this ESG brief, is the automation of security via the integration of cybersecurity controls and processes in the continuous integration and continuous delivery (CI/CD) pipeline of DevOps.

Topics: Cybersecurity

ESG Brief: The Cybersecurity Awareness Conundrum

Abstract:

It is an obvious move to provide cybersecurity awareness training to employees to ensure their secure use of the company network across multiple cloud and hybrid environments—and it is an arguably altruistic bonus to enhance employee personal life cybersecurity. But does cybersecurity training accomplish what we want it to? Does it effectively stop users from clicking on malicious links in phishing emails or help them recognize a seemingly innocuous email that might offer privileged access to an attacker? Some say yes; some say no. ESG conducted several studies in 2019 that provide insight into respondents’ use of cybersecurity awareness training and their perception of the service.

Topics: Cybersecurity cybersecurity education

ESG Master Survey Results: The Evolution from Data Backup to Data Intelligence

Abstract:

ESG conducted a comprehensive online survey of IT and data protection professionals at private- and public-sector organizations in North America (US and Canada) between June 28, 2019 and July 21, 2019. To qualify for this survey, respondents were required to be IT decision makers currently responsible for or familiar with their organizations’ production storage and data protection mechanisms, as well as their organization’s approaches to facilitating data usage by primary and secondary beneficiaries.

This Master Survey Results presentation focuses on the transition from traditional data backup processes to data management strategies in which data is better understood and reused for other technical or business purposes.

Topics: Data Protection data management