Doug Cahill

Doug Cahill

Senior Analyst and Group Director Doug Cahill covers cybersecurity at Enterprise Strategy Group, drawing upon more than 25 years of industry experience across a broad range of cloud, host, and network-based products and markets.

Recent Posts by Doug Cahill:

ESG Research Report: Leveraging DevSecOps to Secure Cloud-native Applications

Abstract:

Fundamental changes to application architectures and the infrastructure platforms that host them is antiquating existing cybersecurity technologies and challenging traditional approaches to protecting business-critical workloads. Additionally, the continuous integration and continuous delivery (CI/CD) process of DevOps is as impactful a change to cybersecurity programs as the changes to the applications and infrastructure that these methodologies manage.

In order to get more insight into these trends, ESG surveyed 371 IT and cybersecurity professionals at organizations in North America (US and Canada) responsible for evaluating, purchasing, and managing cloud security technology products and services. These organizations are mature cloud users in terms of public cloud services and/or containers.

Topics: Cybersecurity Cloud Services & Orchestration

ESG Brief: The Expanding Role of DevSecOps Practices

Abstract:

ESG conducted research in the fall of 2019 to examine the composition of cloud-native applications, explore the challenges associated with securing cloud-native environments, and gauge the emergence of secure DevOps programs, or “DevSecOps,” as a methodology to protect the lifecycle of modern applications. The number of organizations who have or plan to implement secure DevOps practices has grown appreciably since ESG’s similar study in 2017, leading to an expanded set of use cases and, over time, broader coverage of an organization’s footprint of cloud-native applications. DevSecOps, for the purposes of this ESG brief, is the automation of security via the integration of cybersecurity controls and processes in the continuous integration and continuous delivery (CI/CD) pipeline of DevOps.

Topics: Cybersecurity

ESG Brief: Cybersecurity Predictions for 2020

Abstract:

The ESG cybersecurity analyst team got together recently to discuss our top predictions for 2020. This brief details our predictions in three categories: threats, technology, and the cybersecurity community (i.e., cybersecurity professionals and the industry at large).

Topics: Cybersecurity

ESG Brief: The Role of DevSecOps in Automating Application Container  Security

Abstract:

The rapid adoption of application containers is creating a new set of cybersecurity challenges and, as a result, an expanded set of requirements for server workload security solutions. Research conducted by ESG shows that containers are moving quickly into production with a side effect of sprawl, as previously experienced by IT departments with the advent of virtual machines. Exploit attacks experienced by many organizations have created concerns about how application container environments—including registry-resident images and orchestration platforms—expose a new set of software, configuration, and access vulnerabilities. ESG research also reveals a strong interest in automating security via DevOps (“DevSecOps”) and shows how these practices allow cybersecurity and operations teams to integrate security in each stage of the continuous integration and continuous delivery (CI/CD) pipeline that governs the build-ship-run phases of the container lifecycle.

Topics: Cybersecurity AWS re:Invent Cloud Services & Orchestration

ESG Brief: The Growth in the Use of Application Containers

Abstract:

Over the past several years, application containers and container management platforms, such as Docker and Kubernetes, have emerged as a new application packaging and delivery format, optimized for more agile application management and delivery. But with this rise has come questions about both the level of adoption and pervasiveness of usage for containers. Research conducted by ESG shows that containers are quickly moving from labs into production via the continuous integration and continuous delivery (CI/CD) DevOps methodologies being employed by many organizations that now manage infrastructure as code (IaC). But ESG also found that the move to containers doesn’t exclude existing application deployment methods, nor are containers limited to only new cloud-native applications.

Topics: Cybersecurity AWS re:Invent Cloud Services & Orchestration

ESG Brief: 2018 Cybersecurity Spending Trends

Abstract:

IT spending for cybersecurity products and services continues to accelerate in 2018 as business and IT executives grapple with the dangerous threat landscape. Given the scope of the monetary and brand damage associated with data breaches and other security incidents, it is not surprising that cybersecurity continues to be treated as a business issue—rather than merely an IT priority—and budgeted appropriately.

Topics: Cybersecurity Cloud Services & Orchestration IT Spending Intentions

ESG Brief: Perspectives on Readiness for and Impact of GDPR

Abstract:

With the May 2018 deadline a mere four months away, are organizations ready for the General Data Protection Regulation (GDPR)? According to ESG research, there is still work ahead. Many firms aren’t completely prepared and may have to make incremental technology purchases for GDPR compliance over the next few months. Furthermore, organizations need to button down their incident response plans so they are prepared to report breaches to supervisory authorities within 72 hours as stipulated by GDPR. To address the many GDPR challenges ahead, ESG recommends focusing on areas like data discovery/classification, identity and access management, encryption, and IR planning.

Topics: Storage Cybersecurity Data Protection Networking Data Platforms, Analytics, & AI Converged Infrastructure Enterprise Mobility Cloud Services & Orchestration

ESG Brief: The Role of Endpoint Detection and Response in Improving Endpoint Security Posture

Abstract:

As cyberthreats increase in frequency and complexity, it becomes more of a strategic imperative for businesses to strengthen their endpoint security postures. Many organizations do so by supplementing traditional antivirus (AV) products with layered preventative and endpoint detection and response (EDR) controls. The desired outcomes of employing additional controls are to improve both threat detection efficacy and the operational efficiency of managing endpoint security solutions and responding to incidents. To realize greater efficiencies, many organizations are adopting endpoint security-as-a-service (SECaaS) and managed endpoint security services to mitigate threats and close the cybersecurity talent gap.

Topics: Cybersecurity

ESG Research Report: The State of Cloud Security in the Enterprise

Abstract:

ESG conducted an in-depth survey of 303 IT and cybersecurity professionals with knowledge of or responsibility for cloud security policies, processes, or technologies at enterprise organizations (i.e., more than 1,000 employees) in North America. This research was intended to assess the current practices and challenges associated with cloud computing security. Furthermore, respondents were asked about future strategic plans intended to improve the efficacy and efficiency of cloud security.

Topics: Cybersecurity

ESG Brief: Shining a Light on Shadow IT

Abstract:

The consumerization of IT, fueled by knowledge worker mobility and the prevalence of cloud applications, has created the conditions for line-of-business owners and even individual employees to commission and use business applications not sanctioned by corporate IT groups, a phenomenon commonly referred to as shadow IT. Recent ESG research shows that nearly two-thirds of enterprise organizations are aware of at least a moderate amount of non-IT-sanctioned cloud application usage. This is a trend that ESG believes will continue to grow at a problematic rate.

Topics: Cybersecurity Enterprise Mobility