ESG Brief: The Expanding Role of DevSecOps Practices

Abstract:

ESG conducted research in the fall of 2019 to examine the composition of cloud-native applications, explore the challenges associated with securing cloud-native environments, and gauge the emergence of secure DevOps programs, or “DevSecOps,” as a methodology to protect the lifecycle of modern applications. The number of organizations who have or plan to implement secure DevOps practices has grown appreciably since ESG’s similar study in 2017, leading to an expanded set of use cases and, over time, broader coverage of an organization’s footprint of cloud-native applications. DevSecOps, for the purposes of this ESG brief, is the automation of security via the integration of cybersecurity controls and processes in the continuous integration and continuous delivery (CI/CD) pipeline of DevOps.

Topics: Cybersecurity

ESG Brief: The Cybersecurity Awareness Conundrum

Abstract:

It is an obvious move to provide cybersecurity awareness training to employees to ensure their secure use of the company network across multiple cloud and hybrid environments—and it is an arguably altruistic bonus to enhance employee personal life cybersecurity. But does cybersecurity training accomplish what we want it to? Does it effectively stop users from clicking on malicious links in phishing emails or help them recognize a seemingly innocuous email that might offer privileged access to an attacker? Some say yes; some say no. ESG conducted several studies in 2019 that provide insight into respondents’ use of cybersecurity awareness training and their perception of the service.

Topics: Cybersecurity cybersecurity education

ESG Brief: Taking the Pulse of Employee Cybersecurity Habits

Abstract:

Cybersecurity clearly has the attention of IT departments and executives. High-profile attacks and the resulting direct and indirect costs associated with security breaches have helped drive awareness over the last decade and give security practitioners a louder voice in the organization. However, the average worker is more concerned with maintaining productivity and convenience in their increasingly overlapped work and personal life. Cybersecurity solutions must begin to deliver the technology experience workers demand.

Topics: Cybersecurity

ESG Research Report: The rise of cloud-based security analytics and operations technologies

Abstract:

Security analytics and operations can be complex, requiring highly skilled professionals and detailed processes. To overcome these issues, security teams tend to deploy an array of security analytics tools and technologies to collect, process, analyze, and act upon growing volumes of security telemetry. Despite this investment, however, many organizations continue to find it difficult to manage cyber risk or detect and respond to cyber incidents.

How can CISOs address these issues and develop effective security analytics and operations processes? In order to get more insight into these trends, ESG surveyed 406 IT and cybersecurity professionals at organizations in North America (US and Canada) involved with the planning, implementation, and/or operations of their organization’s information security policies, processes (including purchase decisions), or technical safeguards and familiar with their organization’s collection and/or analysis of security data in support of information security management strategy

Topics: Cybersecurity Data Platforms, Analytics, & AI Cloud Services & Orchestration

ESG Master Survey Results: Trends in Modern Application Environments

Abstract:

ESG conducted a comprehensive online survey of IT professionals and software developers at private- and public-sector organizations in North America (US and Canada) between June 7, 2019 and June 17, 2019. To qualify for this survey, respondents were required to be responsible for supporting their organization’s application development environment, including their plans and strategy for containers technology. All respondents were provided an incentive to complete the survey in the form of cash awards and/or cash equivalents.

This Master Survey Results presentation focuses on the current state of application development architectures and methodologies in use in enterprise environments, specifically usage of and plans for containers technology.

Topics: Cybersecurity Data Protection Networking Enterprise Mobility Cloud Services & Orchestration

ESG Master Survey Results: Cloud-scale Security Analytics Survey

Abstract:

ESG’s Master Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.

This Master Survey Results presentation focuses on the current strategies used for security analytics and operations, including the impact of public cloud resources for processing and storing large and fast growing volumes of security data.

Topics: Cybersecurity Data Platforms, Analytics, & AI Cloud Services & Orchestration

ESG Research Report: Cybersecurity services - omnipresent and heavily invested in

Abstract:

ESG conducted an in-depth survey of 220 cybersecurity professionals concerning their organizations’ usage of, experiences with, and future plans for cybersecurity services. Survey participants represented small (50 to 99 employees), midmarket (100 to 999 employees), and enterprise-class (1,000 employees or more) organizations in North America (United States and Canada).

This research report reveals how cybersecurity service providers can answer IT’s call for help with advisory, implementation, incident, outsourcing, testing, and specialty services, and also covers purchasing trends.

Topics: Cybersecurity

ESG Brief: Cybersecurity Predictions for 2020

Abstract:

The ESG cybersecurity analyst team got together recently to discuss our top predictions for 2020. This brief details our predictions in three categories: threats, technology, and the cybersecurity community (i.e., cybersecurity professionals and the industry at large).

Topics: Cybersecurity

ESG Master Survey Results: Cybersecurity Services Trends

Abstract:

This cybersecurity market data covers:

  • The cybersecurity services landscape
  • Recent services engagements
  • Purchase processes and considerations
Topics: Cybersecurity

ESG Brief: Managed DNS Security Services Finally Step Up

Abstract:

Malware, phishing, and data theft occur through domain name system (DNS) lookups. DNS security (DNSSEC) is well understood for the secure resolution of these lookups. Managed DNS services using the DNS threat vector for visibility and controls are becoming a desired offering. In a recent ESG survey on cybersecurity services, respondents selected DNS security services as one of the top services engaged in the last 12-18 months. Respondents also called out the need for managed security service providers (MSSPs) to provide DNS security in their offerings.

Topics: Cybersecurity