ESG Research Report: Leveraging DevSecOps to Secure Cloud-native Applications

Abstract:

Fundamental changes to application architectures and the infrastructure platforms that host them is antiquating existing cybersecurity technologies and challenging traditional approaches to protecting business-critical workloads. Additionally, the continuous integration and continuous delivery (CI/CD) process of DevOps is as impactful a change to cybersecurity programs as the changes to the applications and infrastructure that these methodologies manage.

In order to get more insight into these trends, ESG surveyed 371 IT and cybersecurity professionals at organizations in North America (US and Canada) responsible for evaluating, purchasing, and managing cloud security technology products and services. These organizations are mature cloud users in terms of public cloud services and/or containers.

Topics: Cybersecurity Cloud Services & Orchestration

ESG Master Survey Results: Enterprise-class Cybersecurity Vendor Sentiment

Abstract:

ESG conducted a comprehensive online survey of IT professionals at private- and public-sector organizations in North America (US and Canada) between December 9, 2019 and December 17, 2019. To qualify for this survey, respondents were required to be IT/information security professionals responsible for or familiar with their organization’s cybersecurity environment and strategy.

This Master Survey Results presentation focuses on cybersecurity technology purchase trends for enterprise-class organizations (i.e., 500 or more employees), including efforts to consolidate vendors and products, as well as the appetite for cybersecurity platforms.

Topics: Cybersecurity

ESG Research Report: The State of Network Security: A Market Poised for Transition

Abstract:

In order to assess the network security landscape over the last 12-24 months, as well as what the priorities over the next 12-24 months are expected to be, ESG surveyed 265 IT security professionals representing enterprise-class (i.e., 1,000 employees or more) organizations in North America (United States and Canada). All respondents were personally responsible for evaluating, purchasing, and managing network security technology products and services.

Survey participants represented a wide range of industries including manufacturing, financial, healthcare, and communications and media, among others.

Topics: Cybersecurity Networking

ESG Master Survey Results: Network Security Trends

Abstract:

This Master Survey Results presentation focuses on the current state of network security, including current strategies and challenges, and how these are guiding the current and (expected) future usage of foundational network security technologies.

Topics covered include:

  • Modern network security challenges.
  • The confusion around "zero trust."
  • Top considerations for SDP and microsegmentation initiatives. 
  • The state of the DDoS prevention market.
  • Third-party deception tool adoption drivers.
Topics: Cybersecurity Networking

ESG Master Survey Results: Trends in Endpoint Security

Abstract:

ESG conducted a comprehensive online survey of IT and cybersecurity professionals from private- and public-sector organizations in North America (United States and Canada) between September 23, 2019 and October 2, 2019. To qualify for this survey, respondents were required to be responsible for evaluating, purchasing, and managing endpoint security technology products and services.

This Master Survey Results presentation focuses on modern endpoint security challenges, plans, and strategies to understand the drivers of endpoint security investments and how decision makers are prioritizing and timing purchase decisions.

Topics: Cybersecurity

ESG Brief: Ransomware Still Rampant, Fueled by Insurance Companies

Abstract:

While ransomware is not a new cyber-threat, largely entering the cybersecurity scene in 2016 and 2017 with a number of high-profile attacks, research conducted by ESG reveals that a majority of organizations continued to experience ransomware attacks in 2019, representing a concern for both business and IT leadership teams. The research further reveals the prominence of cybersecurity insurance policies, and the relationship between ransomware payouts and those companies that hold these policies. A subset of organizations with cybersecurity insurance report that their providers are advising, and possibly even pressuring, them to pay cyber ransoms, further fueling the success rates and the economy built around ransomware. This disturbing trend sets the stage for the continuance of ransomware, and an opportunity for criminals to exploit those organizations that have engaged with cybersecurity insurance companies.

Topics: Cybersecurity

ESG Research Report: 2020 Technology Spending Intentions Survey

Abstract:

In order to assess technology spending priorities over the next 12-18 months, ESG recently surveyed 658 IT professionals representing midmarket (100 to 999 employees) and enterprise-class (1,000 employees or more) organizations in North America and Western Europe. All respondents were personally responsible for or familiar with their organizations’ 2019 IT spending as well as their 2020 IT budget and spending plans at either an entire organization level or at a business unit/division/branch level.

Survey participants represented a wide range of industries including manufacturing, financial services, healthcare, communications and media, retail, government, and business services.

Topics: Storage Cybersecurity Data Protection Networking Data Platforms, Analytics, & AI Converged Infrastructure Enterprise Mobility Cloud Services & Orchestration

ESG Brief: The Expanding Role of DevSecOps Practices

Abstract:

ESG conducted research in the fall of 2019 to examine the composition of cloud-native applications, explore the challenges associated with securing cloud-native environments, and gauge the emergence of secure DevOps programs, or “DevSecOps,” as a methodology to protect the lifecycle of modern applications. The number of organizations who have or plan to implement secure DevOps practices has grown appreciably since ESG’s similar study in 2017, leading to an expanded set of use cases and, over time, broader coverage of an organization’s footprint of cloud-native applications. DevSecOps, for the purposes of this ESG brief, is the automation of security via the integration of cybersecurity controls and processes in the continuous integration and continuous delivery (CI/CD) pipeline of DevOps.

Topics: Cybersecurity

ESG Brief: The Cybersecurity Awareness Conundrum

Abstract:

It is an obvious move to provide cybersecurity awareness training to employees to ensure their secure use of the company network across multiple cloud and hybrid environments—and it is an arguably altruistic bonus to enhance employee personal life cybersecurity. But does cybersecurity training accomplish what we want it to? Does it effectively stop users from clicking on malicious links in phishing emails or help them recognize a seemingly innocuous email that might offer privileged access to an attacker? Some say yes; some say no. ESG conducted several studies in 2019 that provide insight into respondents’ use of cybersecurity awareness training and their perception of the service.

Topics: Cybersecurity cybersecurity education

ESG Master Survey Results: 2020 Technology Spending Intentions Survey

Abstract:

ESG conducted a comprehensive online survey of IT professionals from private- and public-sector organizations in North America (United States and Canada) and Western Europe (UK, France, and Germany) between October 31, 2019 and November 26, 2019. To qualify for this survey, respondents were required to be senior IT professionals familiar and involved with their organization’s overall 2020 IT budget and spending plans. All respondents were provided an incentive to complete the survey in the form of cash awards and/or cash equivalents.

This Master Survey Results presentation focuses on 2020 IT budget expectations, technology initiatives and priorities, year-over-year spending change (overall and by different technologies), hiring/staffing challenges, and cloud adoption/usage trends.

Topics: Storage Cybersecurity Data Protection Networking Data Platforms, Analytics, & AI Converged Infrastructure Enterprise Mobility Cloud Services & Orchestration