Doug Cahill

Doug Cahill

Doug is a senior analyst covering cybersecurity at ESG, drawing upon more than 25 years of industry experience across a broad range of cloud, host, and network-based products and markets.
Prior to joining ESG, Doug held executive leadership positions at security firms Threat Stack and Bit9, where he launched market leading products and forged strategic partnerships. Over the years, Doug has also served in product management, marketing, and business development roles for storage management, networking, and database vendors, and started his career in IT as a business analyst.
Doug has a B.A. from the University of Massachusetts, Amherst, and enjoys spending time in the northern New England mountains and lakes.

Recent Posts by Doug Cahill:

ESG Brief: The Role of DevSecOps in Automating Application Container  Security

Abstract:

The rapid adoption of application containers is creating a new set of cybersecurity challenges and, as a result, an expanded set of requirements for server workload security solutions. Research conducted by ESG shows that containers are moving quickly into production with a side effect of sprawl, as previously experienced by IT departments with the advent of virtual machines. Exploit attacks experienced by many organizations have created concerns about how application container environments—including registry-resident images and orchestration platforms—expose a new set of software, configuration, and access vulnerabilities. ESG research also reveals a strong interest in automating security via DevOps (“DevSecOps”) and shows how these practices allow cybersecurity and operations teams to integrate security in each stage of the continuous integration and continuous delivery (CI/CD) pipeline that governs the build-ship-run phases of the container lifecycle.

Topics: Cybersecurity Systems Management

ESG Brief: The Growth in the Use of Application Containers

Abstract:

Over the past several years, application containers and container management platforms, such as Docker and Kubernetes, have emerged as a new application packaging and delivery format, optimized for more agile application management and delivery. But with this rise has come questions about both the level of adoption and pervasiveness of usage for containers. Research conducted by ESG shows that containers are quickly moving from labs into production via the continuous integration and continuous delivery (CI/CD) DevOps methodologies being employed by many organizations that now manage infrastructure as code (IaC). But ESG also found that the move to containers doesn’t exclude existing application deployment methods, nor are containers limited to only new cloud-native applications.

Topics: Cybersecurity Systems Management Cloud Platforms & Services

ESG Brief: 2018 Cybersecurity Spending Trends

Abstract:

IT spending for cybersecurity products and services continues to accelerate in 2018 as business and IT executives grapple with the dangerous threat landscape. Given the scope of the monetary and brand damage associated with data breaches and other security incidents, it is not surprising that cybersecurity continues to be treated as a business issue—rather than merely an IT priority—and budgeted appropriately.

Topics: Cybersecurity Cloud Platforms & Services

ESG Brief: Perspectives on Readiness for and Impact of GDPR

Abstract:

With the May 2018 deadline a mere four months away, are organizations ready for the General Data Protection Regulation (GDPR)? According to ESG research, there is still work ahead. Many firms aren’t completely prepared and may have to make incremental technology purchases for GDPR compliance over the next few months. Furthermore, organizations need to button down their incident response plans so they are prepared to report breaches to supervisory authorities within 72 hours as stipulated by GDPR. To address the many GDPR challenges ahead, ESG recommends focusing on areas like data discovery/classification, identity and access management, encryption, and IR planning.

Topics: Storage Cybersecurity Data Protection Networking Data Management Converged Infrastructure Enterprise Mobility Systems Management Cloud Platforms & Services

ESG Brief: The Role of Endpoint Detection and Response in Improving Endpoint Security Posture

Abstract:

As cyberthreats increase in frequency and complexity, it becomes more of a strategic imperative for businesses to strengthen their endpoint security postures. Many organizations do so by supplementing traditional antivirus (AV) products with layered preventative and endpoint detection and response (EDR) controls. The desired outcomes of employing additional controls are to improve both threat detection efficacy and the operational efficiency of managing endpoint security solutions and responding to incidents. To realize greater efficiencies, many organizations are adopting endpoint security-as-a-service (SECaaS) and managed endpoint security services to mitigate threats and close the cybersecurity talent gap.

Topics: Cybersecurity

ESG Research Report: The State of Cloud Security in the Enterprise

Abstract:

ESG conducted an in-depth survey of 303 IT and cybersecurity professionals with knowledge of or responsibility for cloud security policies, processes, or technologies at enterprise organizations (i.e., more than 1,000 employees) in North America. This research was intended to assess the current practices and challenges associated with cloud computing security. Furthermore, respondents were asked about future strategic plans intended to improve the efficacy and efficiency of cloud security.

Topics: Cybersecurity

ESG Brief: The Importance of Securing Cloud Application Data

Abstract:

The broad adoption of cloud applications, often driven by a line of business outside of the visibility and control of corporate IT, provides organizations with compelling business agility, but also puts corporate data assets at risk. Organizations need purposeful security controls that embrace and enable the use of such cloud apps while also securing cloud-resident data with a rich data loss prevention (DLP) policy lexicon.

Topics: Cybersecurity

ESG Brief: Shining a Light on Shadow IT

Abstract:

The consumerization of IT, fueled by knowledge worker mobility and the prevalence of cloud applications, has created the conditions for line-of-business owners and even individual employees to commission and use business applications not sanctioned by corporate IT groups, a phenomenon commonly referred to as shadow IT. Recent ESG research shows that nearly two-thirds of enterprise organizations are aware of at least a moderate amount of non-IT-sanctioned cloud application usage. This is a trend that ESG believes will continue to grow at a problematic rate.

Topics: Cybersecurity Enterprise Mobility

ESG Brief: CounterTack: Next-generation, Big Data Endpoint Security and Response

Abstract:

In today’s dynamic business environment, data breaches continue to occur at an alarming rate. Staying ahead of cybercriminals can be a seemingly endless, though essential, undertaking for already-stretched IT personnel. While there is no silver bullet for thwarting an increasing variety of cyber threats, including exploits and malware, organizations should be looking to add next-generation endpoint security controls, including endpoint detection and response (EDR) solutions (a combination of detection, analysis, and real-time response and remediation capabilities), to their arsenal. Companies need to augment traditional signature-based antivirus with endpoint detection and response solutions as a means of mitigating advanced and often targeted security threats. With a number of options on the market today, next-generation endpoint detection and response vendor CounterTack is offering solutions that address those endpoint security challenges throughout the cybersecurity attack lifecycle.

Topics: Cybersecurity Data Management