ESG Complete Survey Results: SOC Modernization and the Role of XDR

Research Objectives

Examine the people, processes, and technology supporting the modernization of security operations. Identify key value points, the metrics to back up those value points, and what’s expected from both products and managed services for XDR and SOC modernization. Determine current perception and role of XDR as a component of security operations modernization efforts. Explore strategies used to automate triage, speed investigations, and help organizations find unknown threats.

Topics: Cybersecurity

ESG Complete Survey Results: The Role of ESG Programs in IT Decision Making

Research Objectives

Measure the impact of environmental, social, and governance (ESG) initiatives on the IT evaluation and purchase process. Identify the groups within organizations most responsible for adhering to ESG requirements as part of IT purchases. Highlight the costs and benefits that organizations have experienced as a result of complying with ESG initiatives. Determine which vendors/brands are perceived as strong in terms of ESG and which are viewed as laggards.

Topics: Storage Cybersecurity Data Protection Networking Data Platforms, Analytics, & AI Converged Infrastructure Cloud Services & Orchestration Systems Management End User Computing

ESG Research Report: The Role of ESG Programs in IT Decision Making

Research Objectives

In order to gain insight into how environmental, social, and governance (ESG) initiatives are impacting IT purchases, Enterprise Strategy Group (also ESG) surveyed 400 IT professionals at organizations in North America (US and Canada), UK, Singapore, Australia, and New Zealand involved in IT product and service purchase decisions.

Topics: Storage Cybersecurity Data Protection Networking Data Platforms, Analytics, & AI Converged Infrastructure Cloud Services & Orchestration

ESG Research Report: The State of Digital Ecosystems at the Edge

Research Objectives

Organizations are distributing applications across multiple public cloud environments and edge locations. This is driven by the need to collect and analyze the data generated at these remote sites to enable organizations to improve quality, deliver enhanced experiences (both customer and employee), and gather deeper insights into the business. Because the “edge” can be defined in many ways depending on several factors, such as company size and industry, organizations employ a range of strategies and an ecosystem of partners that includes cloud service providers, telecommunication companies, colocation providers, and even traditional technology vendors to ensure robust edge computing environments that deliver critical business insights.

Topics: Cybersecurity Networking

ESG Brief: ESG Brief: Cloud-native Transition Is Dependent on Iterative Methodologies

Abstract:

The clear path to cloud-native applications is to use modern methodologies such as DevOps and agile development on modern application platforms and "developer-ready" infrastructure. However, the self-reported maturity of organizations in their use of modern methodologies is not substantiated by development KPIs, such as hourly code production, and most are hobbled by an IT skills gap. Choosing the right platform and building internal skills are critical in implementing the development methodologies needed for successful cloud-native deployments.

Topics: Cybersecurity

ESG Brief: EUC Zero Trust Strategies Gain Momentum

Abstract:

Security threats are on the upswing, businesses are hastening digital transformation plans, IT infrastructures are accelerating toward the cloud, and hybrid and remote workforces are the new reality. Enterprises have stepped up efforts to protect an expanding attack surface and the vulnerable access points of corporate-owned devices and BYODs. As a result, zero trust network access (ZTNA), barely on the radar screen as part of an end-user computing (EUC) strategy a short time ago, is now a top-of-mind consideration among IT professionals. Yet, compared to other established EUC strategy components, zero trust deployments in most corporations are just in the early innings.

Topics: Cybersecurity

ESG Brief: More Assets, More Security Hygiene and Posture Management Problems

Abstract:

As organizations add more IT assets, their attack surfaces also grow, and so does the organization's need for better security hygiene and posture management. Security hygiene and posture management rely on a broad range of tools such as vulnerability management, asset management, attack surface management and security testing to monitor all IT assets in an organization.

Topics: Cybersecurity

ESG Research Report: Trends in Modern Application Protection

Research Objectives:

Securing applications has become more difficult than ever. Increasingly heterogeneous application environments coupled with distributed responsibility for application security has resulted in security complexity and tool sprawl. Further, attackers understand this challenge and use it to their advantage. While exploits against known application vulnerabilities remain common, advanced campaigns use bots to amplify denial of service and credential attacks that target web applications as well as the APIs they rely upon. Converged application protection platforms have emerged to address many of these issues, but organizations can struggle with prioritizing the capabilities they require, assessing the different types of tools available, and meeting the diverse needs of a broad set of stakeholders.

In order to gain insight into these trends, ESG surveyed 366 IT, cybersecurity, and application development professionals personally involved with web application protection technology and processes at North American organizations.

This study sought to answer the following questions:

  • How many public-facing web applications and websites do organizations support? What percentage run on public cloud infrastructure today, and how is this expected to change over the next 24 months?
  • What percentage of organizations' public-facing web applications are based on microservices today, and how is this expected to change over the next 24 months? To what extent do organizations plan to incorporate security processes and controls via DevOps processes?
  • How do organizations view web application protection? What challenges do organizations face with protecting their public-facing web applications?
  • What kind of web applications and API attacks have organizations experienced in the last year? What impacts do organizations experience from the attacks?
  • Is ensuring secure and available applications among the top cybersecurity priorities for organizations? Will organizations increase spending on web application and API protection technologies, services, and personnel? What are the critical drivers of spending?
  • Which discrete tools and capabilities do organizations use to protect web applications? Why do organizations use multiple web application protection tools? What challenges do organizations face with the tools they use to protect applications?
  • What proportion of organizations' public-facing web applications and websites use APIs today, and how is this expected to change over the next 24 months? What are the biggest challenges with protecting APIs?
  • What are organizations' plans regarding WAAP? To what extent have they deployed WAAP? What types of applications and APIs do organizations anticipate would use a WAAP platform? Which tools are the most important in a WAAP platform? How would organizations prefer to deploy a WAAP platform?

Survey participants represented a wide range of industries including manufacturing, technology, financial services, and retail/wholesale. For more details, please see the Research Methodology and Respondent Demographics sections of this report.

 

Topics: Cybersecurity Networking

ESG Research Report: Network Security Trends in Hybrid Cloud Environments

Research Objectives:

In order to gain insight into how public cloud computing services are impacting network security strategies, ESG surveyed 255 cybersecurity and IT/information security professionals at organizations in North America (US and Canada) familiar with their organization’s network security tools and processes and responsible for evaluating, purchasing, and/or operating corporate network security controls across public cloud infrastructure and on-premises data centers/private cloud.

This study sought to answer the following questions:

  • How difficult is operating public cloud infrastructure compared to two years ago? What are the greatest challenges organizations face when it comes to public cloud security?
  • What tools do organizations currently use to protect their public cloud infrastructure environment?
  • What are the biggest reasons organizations use security groups or network firewalls from cloud security providers?
  • How difficult is on-premises data center/private cloud security compared to two years ago? What are the greatest challenges organizations face when it comes to public cloud infrastructure security?
  • What are the most important attributes when it comes to on-premises data center/private cloud network security tools?
  • How do organizations view hybrid cloud models?
  • What are the biggest challenges with respect to supporting applications spanning public cloud infrastructure and on-premises data center infrastructure?
  • How often do organizations evaluate their network security tools for public cloud and on-premises data center/private cloud infrastructure?
  • Do organizations spend more on public cloud infrastructure or on on-premises data center/private cloud security? How will security spending change in the next 24 months?
  • What groups are responsible for the security processes, policies, and technologies associated with protecting the organization's public cloud infrastructure and on-premises data center/private cloud? How is their day-to-day collaboration characterized? How willing are they to invest in and support public cloud security initiatives?
  • Do organizations use microsegmentation today? How will this change 24 months from now? How will organizations employ microsegmentation? Why would organizations not use microsegmentation more widely?
  • How often are security incidents a result of encrypted traffic? What is the most attractive method of encrypted traffic visibility?

Survey participants represented a wide range of industries including manufacturing, financial services, retail, healthcare, and technology. For more details, please see the Research Methodology and Respondent Demographics sections of this report.

Topics: Cybersecurity Networking

ESG Research Report: Technology Perspectives from Cybersecurity Professionals

Executive Summary:

Report Conclusions


In late 2021 and early 2022, ESG in partnership with the Information Systems Security Association (ISSA) conducted a survey of 280 cybersecurity professionals focused on security processes and technologies at organizations of all sizes in industries such as technology, government, financial services, and business services, among others, spanning countries in North/Central/South America, Europe, Asia, and Africa.

Based upon the research collected for this project, ESG and ISSA reached the following conclusions:

  • Security professionals want more industry cooperation and technology standards.
  • Organizations are actively consolidating security vendors and integrating technologies.
  • and more...
Topics: Cybersecurity ISSA