John Grady

John Grady

ESG Analyst John Grady covers network security at ESG. John leverages over 15 years of IT vendor and analyst experience to help clients identify and quantify key market trends to facilitate data-driven business decisions. Prior to ESG, John spent four years at Symantec, where he was responsible for developing market insights in support of product, go-to-market, and executive stakeholders. Previous to that, John worked as an analyst covering network, web, and email protection, leading initial research initiatives on then-emerging areas such as advanced threat prevention and DDoS. As an analyst, he has also focused on infrastructure channels, assessing and advising on the go-to-market strategies of IT vendors, especially from an indirect perspective. John has been quoted in Network World, CSO, eWeek, and Investor’s Business Daily, among other publications. He holds a B.A. in History from Providence College in Providence, Rhode Island.

Recent Posts by John Grady:

ESG Brief: EUC Zero Trust Strategies Gain Momentum

Abstract:

Security threats are on the upswing, businesses are hastening digital transformation plans, IT infrastructures are accelerating toward the cloud, and hybrid and remote workforces are the new reality. Enterprises have stepped up efforts to protect an expanding attack surface and the vulnerable access points of corporate-owned devices and BYODs. As a result, zero trust network access (ZTNA), barely on the radar screen as part of an end-user computing (EUC) strategy a short time ago, is now a top-of-mind consideration among IT professionals. Yet, compared to other established EUC strategy components, zero trust deployments in most corporations are just in the early innings.

Topics: Cybersecurity

ESG Research Report: Trends in Modern Application Protection

Research Objectives:

Securing applications has become more difficult than ever. Increasingly heterogeneous application environments coupled with distributed responsibility for application security has resulted in security complexity and tool sprawl. Further, attackers understand this challenge and use it to their advantage. While exploits against known application vulnerabilities remain common, advanced campaigns use bots to amplify denial of service and credential attacks that target web applications as well as the APIs they rely upon. Converged application protection platforms have emerged to address many of these issues, but organizations can struggle with prioritizing the capabilities they require, assessing the different types of tools available, and meeting the diverse needs of a broad set of stakeholders.

In order to gain insight into these trends, ESG surveyed 366 IT, cybersecurity, and application development professionals personally involved with web application protection technology and processes at North American organizations.

This study sought to answer the following questions:

  • How many public-facing web applications and websites do organizations support? What percentage run on public cloud infrastructure today, and how is this expected to change over the next 24 months?
  • What percentage of organizations' public-facing web applications are based on microservices today, and how is this expected to change over the next 24 months? To what extent do organizations plan to incorporate security processes and controls via DevOps processes?
  • How do organizations view web application protection? What challenges do organizations face with protecting their public-facing web applications?
  • What kind of web applications and API attacks have organizations experienced in the last year? What impacts do organizations experience from the attacks?
  • Is ensuring secure and available applications among the top cybersecurity priorities for organizations? Will organizations increase spending on web application and API protection technologies, services, and personnel? What are the critical drivers of spending?
  • Which discrete tools and capabilities do organizations use to protect web applications? Why do organizations use multiple web application protection tools? What challenges do organizations face with the tools they use to protect applications?
  • What proportion of organizations' public-facing web applications and websites use APIs today, and how is this expected to change over the next 24 months? What are the biggest challenges with protecting APIs?
  • What are organizations' plans regarding WAAP? To what extent have they deployed WAAP? What types of applications and APIs do organizations anticipate would use a WAAP platform? Which tools are the most important in a WAAP platform? How would organizations prefer to deploy a WAAP platform?

Survey participants represented a wide range of industries including manufacturing, technology, financial services, and retail/wholesale. For more details, please see the Research Methodology and Respondent Demographics sections of this report.

 

Topics: Cybersecurity Networking

ESG Research Report: Network Security Trends in Hybrid Cloud Environments

Research Objectives:

In order to gain insight into how public cloud computing services are impacting network security strategies, ESG surveyed 255 cybersecurity and IT/information security professionals at organizations in North America (US and Canada) familiar with their organization’s network security tools and processes and responsible for evaluating, purchasing, and/or operating corporate network security controls across public cloud infrastructure and on-premises data centers/private cloud.

This study sought to answer the following questions:

  • How difficult is operating public cloud infrastructure compared to two years ago? What are the greatest challenges organizations face when it comes to public cloud security?
  • What tools do organizations currently use to protect their public cloud infrastructure environment?
  • What are the biggest reasons organizations use security groups or network firewalls from cloud security providers?
  • How difficult is on-premises data center/private cloud security compared to two years ago? What are the greatest challenges organizations face when it comes to public cloud infrastructure security?
  • What are the most important attributes when it comes to on-premises data center/private cloud network security tools?
  • How do organizations view hybrid cloud models?
  • What are the biggest challenges with respect to supporting applications spanning public cloud infrastructure and on-premises data center infrastructure?
  • How often do organizations evaluate their network security tools for public cloud and on-premises data center/private cloud infrastructure?
  • Do organizations spend more on public cloud infrastructure or on on-premises data center/private cloud security? How will security spending change in the next 24 months?
  • What groups are responsible for the security processes, policies, and technologies associated with protecting the organization's public cloud infrastructure and on-premises data center/private cloud? How is their day-to-day collaboration characterized? How willing are they to invest in and support public cloud security initiatives?
  • Do organizations use microsegmentation today? How will this change 24 months from now? How will organizations employ microsegmentation? Why would organizations not use microsegmentation more widely?
  • How often are security incidents a result of encrypted traffic? What is the most attractive method of encrypted traffic visibility?

Survey participants represented a wide range of industries including manufacturing, financial services, retail, healthcare, and technology. For more details, please see the Research Methodology and Respondent Demographics sections of this report.

Topics: Cybersecurity Networking

ESG Infographic: 2021 SASE Trends

Abstract:

Interest in secure access service edge (SASE) architectures has exploded as IT organizations struggle using traditional solutions to support distributed enterprise environments.

Topics: Cybersecurity

ESG Research Report: SASE Trends

Abstract:

The amount of interest in secure access service edge (SASE) architectures has exploded over the last 18 months. Organizations struggle using traditional, on-premises-based network and security solutions to support distributed, cloud-centric enterprise environments. While this has been an increasing challenge over the last few years, the pandemic and resulting spike in newly remote workers pushed many organizations to a tipping point. At the same time, the broad applicability of SASE leads to some confusion about where to begin and which technologies are required, exacerbated by legacy organizational dynamics.

Topics: Cybersecurity Networking

ESG Brief: Network Security Predictions for 2022

Abstract:

This brief looks at some the key trends and events that will shape network security technologies, suppliers, and customers in 2022.

Topics: Cybersecurity Networking

ESG Complete Survey Results: Network Security Trends in Hybrid Cloud Environments

Abstract:

ESG conducted a comprehensive online survey of cybersecurity and IT/information security professionals from private- and public-sector organizations in North America (United States and Canada) between June 2, 2021 and June 21, 2021. To qualify for this survey, respondents were required to be cybersecurity and IT/information security professionals familiar with their organization’s network security tools and processes and responsible for evaluating, purchasing, and/or operating corporate network security controls across public cloud infrastructure and on-premises data centers/private cloud.

This Complete Survey Results presentation focuses on network security tools and strategies used to protect both public cloud environments and on-premises data centers, as more organizations look to take a more hybrid approach to IT.

Topics: Cybersecurity Networking Cloud Services & Orchestration

ESG Brief: The Criticality of Encrypted Traffic Visibility

Abstract:

Attackers increasingly use encrypted traffic to mask their activity. While most agree that better visibility into this traffic would improve their organization’s security posture, many continue to forgo decryption for a variety of reasons. While tools that can detect threats in encrypted traffic remain fairly new, they represent an attractive approach to improve visibility into encrypted threats without sacrificing privacy or performance.

Topics: Cybersecurity

ESG Brief: Microsegmentation Is Critical to Zero Trust, But Adoption Lags

Abstract:

Microsegmentation offers a dynamic and scalable approach to segmenting IT networks that helps enable zero trust security. Despite its potential value, it isn’t widely used now. To gain broader adoption, microsegmentation tools must be easy to deploy in both cloud and on-premises environments and provide several key features, including a focus on segmentation at the application and workload level.

Topics: Cybersecurity

ESG Brief: Organizational Considerations Weigh Heavily on Zero Trust Success

Abstract:

The breadth of zero trust inherently requires a variety of teams to collaborate effectively for implementations to be successful. Given this, it is unsurprising that organizational issues are the most common reason cited for projects being paused or abandoned. Effective communications channels, clarity of roles and responsibilities, and alignment of goals and success metrics are all important aspects of a zero trust strategy.

Topics: Cybersecurity