Research Brief: Prioritizing Shift Left Security Solutions to Keep Up with Faster Release Cycles

Abstract:

As organizations modernize their software development processes leveraging cloud services for faster, more efficient software application delivery, cybersecurity teams are investing in developer-focused security tools to keep up. ESG research shows organizations have experienced a range of security incidents, many caused by preventable coding mistakes. This puts pressure on security teams to incorporate security into development to fix coding issues before the applications are deployed and to enable efficient remediation to prevent security incidents.

Topics: Cybersecurity

Research Brief: Addressing Cloud Infrastructure and Open Source Code for Cloud Application Security

Abstract:

As organizations move to cloud-native application development to meet business demands with greater productivity and innovation, security teams need to adapt their application security strategies to support modern development processes. Developers’ increased usage of infrastructure-as-code (IaC) to provision their own cloud infrastructure and the availability of open source software (OSS) enable them to efficiently build, release, and update their software. Security teams need to ensure that they have the right security processes and controls in place to support these key components of cloud-native software and to effectively manage risk as development scales.

Topics: Cybersecurity

Research Brief: Ransomware Data Recovery Needs Work

Abstract:

Most organizations are not doing a very good job of protecting all their mission-critical data and applications. And, after suffering a ransomware attack, these victimized companies further report difficulties in recovering clean and recent data that might also have been compromised. Businesses have several options to protect their data and applications from attack but are slow in adopting perhaps the most viable and practical solution: air-gapped data protection infrastructure.

Topics: Cybersecurity Data Protection

Research Brief: Ransomware: The Gift That Keeps on Taking

Abstract:

Ransomware attacks are frequent, disruptive, and costly, but paying a ransom to the perpetrators as a quick fix is a bad idea. Ransom payments usually don't guarantee the return of all the stolen data or prevent further attacks. Even the data that's returned may have been encrypted or compromised. That's why ransomware attacks must be prevented before they happen. And if they do occur, a foolproof data backup and recovery process must be in place to avoid suffering the consequences of paying a ransom and rewarding bad behavior.

Topics: Cybersecurity Data Protection

Research Brief: State of the Ransomware Preparedness Market

Abstract:

Findings from a TechTarget’s Enterprise Strategy Group survey gauging the state of the ransomware preparedness market conclude that much work lies ahead for many organizations as they holistically address and resolve ransomware's ongoing threat to disrupt IT and business operations. Though most organizations are at a relatively low level of ransomware preparedness maturity, a notable gap exists in attack prevention and data recovery between the companies most prepared and the industry average.

Topics: Cybersecurity Data Protection

Research Brief: What Ransomware Attackers Really Want

Abstract:

Ransomware attackers disrupt business operations by targeting a variety of data sources and leveraging multiple types of infrastructure to get what they want: business’ money. But the most often targeted point of entry in successful ransomware attacks is not a bad link in an infected email. Rather, the most vulnerable points of attack lie in the software and misconfigurations. Therefore, organizations must plan for every contingency, look beyond safeguarding the obvious vulnerabilities, and protect all components of their IT environment.

Topics: Cybersecurity Data Protection

Research Brief: The Need to Operationalize Strong Authentication

Abstract:

Challenged by ransomware and other password-related breaches and attacks, organizations are taking action to strengthen their authentication processes by deploying multifactor authentication (MFA). Like passwords, MFA is susceptible to attack, and doesn’t completely address the authentication problem. Passwordless authentication methods can protect against phishing and other attacks. To increase security and gain additional benefits, such as a better user experience and improved efficiency of IT and security teams, organizations need to operationalize strong authentication, making MFA or passwordless authentication mandatory.

Topics: Cybersecurity

Research Brief: The Complexity of Identity Security

Abstract:

Managing and securing the identities of an organization to increase security can be a challenge, and it is getting more challenging with the increased need for anywhere, anytime access to both cloud and in-house resources. Organizations are leveraging third parties and commercial solutions, including privileged access management (PAM) and identity governance and administration (IGA) to secure identities in their IT environment.

Topics: Cybersecurity

Research Brief: Identity Proofing, Screening, and Monitoring Reduce Risk

Abstract:

As business activity shifts online, with a hybrid workforce, many activities are conducted over the network rather than in person, exposing an organization to fraud and attacks by nefarious individuals or groups or through identity theft. Organizations are increasingly protecting themselves from the uncertainty of working entirely online by using services to help screen their employees, contractors, and customers to prove they are who they say they are.

Topics: Cybersecurity

Research Brief: The Benefits of Commercial CIAM Solutions

Abstract:

Building an in-house system to manage customer and third-party usernames and passwords may seem straightforward, but in practice may be an unexpectedly difficult task fraught with security risks. As a result, organizations are increasingly turning to customer identity and access management (CIAM) solutions to help increase performance and scalability with less effort and expense. While enterprises are turning to commercial CIAM solutions, IT and cybersecurity leaders are facing issues as they evaluate their CIAM options.

Topics: Cybersecurity