Research

Abstract:

IT spending is accelerating in 2022, and cybersecurity initiatives are leading the charge as enterprises race to digitally transform and satisfy heightened customer expectations while simultaneously securing hybrid workforces. Among the top cybersecurity areas targeted for increased spending are cloud security, data security, network security, and endpoint security—indicative of a more holistic approach to cybersecurity investments. Although organizations face a range of cyber-threats, ransomware continues to be among the most challenging attack types, making ransomware readiness a top business priority that’s prompting senior leaders to participate in ransomware strategies.

Abstract:

Abstract:

ESG conducted a comprehensive online survey of IT security professionals from private- and public-sector organizations in North America (United States and Canada) between December 7, 2020 and December 26, 2020. To qualify for this survey, respondents were required to be IT/information security professionals responsible for evaluating or purchasing cloud security technology products and services.

This Master Survey Results presentation focuses on the current and future composition and environments of cloud-native apps and infrastructure, including the security problem space with respect to operational challenges and the threat landscape.

Abstract:

The composition of cloud-native applications is a mix of APIs, containers, VMs, and serverless functions continuously integrated and delivered. Securing these applications, the underlying infrastructure, and the automation platforms that orchestrate their deployment necessitates revisiting threat models, gaining organizational alignment, and leveraging purposeful controls. Additionally, as security and DevOps continue to converge, cloud security controls are being consolidated. Project teams are evolving from a siloed approach to a unified strategy to securing cloud-native applications and platforms. In parallel, vendors are consolidating cloud security posture management (CSPM), cloud workload protection (CWP), container security, and more into integrated cloud security suites, impacting buyer personas and vendor sales motions.

In order to gain insight into these trends, ESG surveyed 383 IT and cybersecurity professionals at organizations in North America (US and Canada) personally responsible for evaluating or purchasing cloud security technology products and services.

Abstract:

The broad adoption of public cloud services demands a retooling of identity and access management programs. Perimeter security must evolve from a traditional castle and moat model to one that focuses on cloud identities inclusive of service accounts, as well as individual users and the data they access. To protect sensitive cloud-resident data, cybersecurity and IT operations teams need to work with their line-of-business teams on strengthening identity programs with both the user experience and risk in mind.

In order to gain insight into these trends, ESG surveyed 379 IT and cybersecurity professionals at organizations in North America (US and Canada) personally responsible for evaluating or purchasing identity and access management and cloud security technology products and services. This research aimed to understand the problem space, organizational responsibilities, compliance implications, and plans for securing user access to a wide portfolio of cloud services. The study also looked at the current and planned use of various authentication methods, privileged access management, device profiling, unified directories, user activity analytics, and service account protection.

Abstract:

ESG’s Master Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.

This Master Survey Results presentation focuses on current identity and access management (IAM) challenges and threats, as well as strategies and buying intentions, including assessing the prioritization of IAM and identity governance and administration (IGA) technologies.

Abstract:

Fundamental changes to application architectures and the infrastructure platforms that host them is antiquating existing cybersecurity technologies and challenging traditional approaches to protecting business-critical workloads. Additionally, the continuous integration and continuous delivery (CI/CD) process of DevOps is as impactful a change to cybersecurity programs as the changes to the applications and infrastructure that these methodologies manage.

In order to get more insight into these trends, ESG surveyed 371 IT and cybersecurity professionals at organizations in North America (US and Canada) responsible for evaluating, purchasing, and managing cloud security technology products and services. These organizations are mature cloud users in terms of public cloud services and/or containers.

Abstract:

ESG conducted research in the fall of 2019 to examine the composition of cloud-native applications, explore the challenges associated with securing cloud-native environments, and gauge the emergence of secure DevOps programs, or “DevSecOps,” as a methodology to protect the lifecycle of modern applications. The number of organizations who have or plan to implement secure DevOps practices has grown appreciably since ESG’s similar study in 2017, leading to an expanded set of use cases and, over time, broader coverage of an organization’s footprint of cloud-native applications. DevSecOps, for the purposes of this ESG brief, is the automation of security via the integration of cybersecurity controls and processes in the continuous integration and continuous delivery (CI/CD) pipeline of DevOps.

Abstract:

The ESG cybersecurity analyst team got together recently to discuss our top predictions for 2020. This brief details our predictions in three categories: threats, technology, and the cybersecurity community (i.e., cybersecurity professionals and the industry at large).