Research

Research Objectives

In order to assess technology spending priorities over the next 12-18 months, ESG recently surveyed 742 senior IT decision makers representing midmarket (100 to 999 employees) and enterprise-class (1,000 employees or more) organizations in North America and Western Europe. All respondents were personally responsible for or familiar with their organization’s 2022 IT spending, as well as their 2023 IT budget and spending plans at either an entire organization level or a business unit/division/branch level.

Research Objectives

Ascertain IT budget outlook for 2023 overall and for specific technologies. Determine key business and technology priorities driving 2023 spending plans. Establish a profile of digitally mature companies in terms of the technologies and processes underlying their IT strategies. Monitor YoY trends with respect to technology adoption and changing customer preferences.

Research Objectives

Measure the impact of environmental, social, and governance (ESG) initiatives on the IT evaluation and purchase process. Identify the groups within organizations most responsible for adhering to ESG requirements as part of IT purchases. Highlight the costs and benefits that organizations have experienced as a result of complying with ESG initiatives. Determine which vendors/brands are perceived as strong in terms of ESG and which are viewed as laggards.

Research Objectives

In order to gain insight into how environmental, social, and governance (ESG) initiatives are impacting IT purchases, Enterprise Strategy Group (also ESG) surveyed 400 IT professionals at organizations in North America (US and Canada), UK, Singapore, Australia, and New Zealand involved in IT product and service purchase decisions.

Research Objectives

Organizations are distributing applications across multiple public cloud environments and edge locations. This is driven by the need to collect and analyze the data generated at these remote sites to enable organizations to improve quality, deliver enhanced experiences (both customer and employee), and gather deeper insights into the business. Because the “edge” can be defined in many ways depending on several factors, such as company size and industry, organizations employ a range of strategies and an ecosystem of partners that includes cloud service providers, telecommunication companies, colocation providers, and even traditional technology vendors to ensure robust edge computing environments that deliver critical business insights.

Research Objectives

Understand the current state of the edge computing environment, including budgets and prioritization. Determine the key drivers, challenges, benefits, and use cases for edge computing. Get an accurate picture of edge infrastructure, network, security, and data environments. Identify vital players and their roles/influence for enabling edge environments.

Research Objectives:

Securing applications has become more difficult than ever. Increasingly heterogeneous application environments coupled with distributed responsibility for application security has resulted in security complexity and tool sprawl. Further, attackers understand this challenge and use it to their advantage. While exploits against known application vulnerabilities remain common, advanced campaigns use bots to amplify denial of service and credential attacks that target web applications as well as the APIs they rely upon. Converged application protection platforms have emerged to address many of these issues, but organizations can struggle with prioritizing the capabilities they require, assessing the different types of tools available, and meeting the diverse needs of a broad set of stakeholders.

In order to gain insight into these trends, ESG surveyed 366 IT, cybersecurity, and application development professionals personally involved with web application protection technology and processes at North American organizations.

This study sought to answer the following questions:

• How many public-facing web applications and websites do organizations support? What percentage run on public cloud infrastructure today, and how is this expected to change over the next 24 months?
• What percentage of organizations' public-facing web applications are based on microservices today, and how is this expected to change over the next 24 months? To what extent do organizations plan to incorporate security processes and controls via DevOps processes?
• How do organizations view web application protection? What challenges do organizations face with protecting their public-facing web applications?
• What kind of web applications and API attacks have organizations experienced in the last year? What impacts do organizations experience from the attacks?
• Is ensuring secure and available applications among the top cybersecurity priorities for organizations? Will organizations increase spending on web application and API protection technologies, services, and personnel? What are the critical drivers of spending?
• Which discrete tools and capabilities do organizations use to protect web applications? Why do organizations use multiple web application protection tools? What challenges do organizations face with the tools they use to protect applications?
• What proportion of organizations' public-facing web applications and websites use APIs today, and how is this expected to change over the next 24 months? What are the biggest challenges with protecting APIs?
• What are organizations' plans regarding WAAP? To what extent have they deployed WAAP? What types of applications and APIs do organizations anticipate would use a WAAP platform? Which tools are the most important in a WAAP platform? How would organizations prefer to deploy a WAAP platform?

Survey participants represented a wide range of industries including manufacturing, technology, financial services, and retail/wholesale. For more details, please see the Research Methodology and Respondent Demographics sections of this report.

Research Objectives:

In order to gain insight into how public cloud computing services are impacting network security strategies, ESG surveyed 255 cybersecurity and IT/information security professionals at organizations in North America (US and Canada) familiar with their organization’s network security tools and processes and responsible for evaluating, purchasing, and/or operating corporate network security controls across public cloud infrastructure and on-premises data centers/private cloud.

This study sought to answer the following questions:

• How difficult is operating public cloud infrastructure compared to two years ago? What are the greatest challenges organizations face when it comes to public cloud security?
• What tools do organizations currently use to protect their public cloud infrastructure environment?
• What are the biggest reasons organizations use security groups or network firewalls from cloud security providers?
• How difficult is on-premises data center/private cloud security compared to two years ago? What are the greatest challenges organizations face when it comes to public cloud infrastructure security?
• What are the most important attributes when it comes to on-premises data center/private cloud network security tools?
• How do organizations view hybrid cloud models?
• What are the biggest challenges with respect to supporting applications spanning public cloud infrastructure and on-premises data center infrastructure?
• How often do organizations evaluate their network security tools for public cloud and on-premises data center/private cloud infrastructure?
• Do organizations spend more on public cloud infrastructure or on on-premises data center/private cloud security? How will security spending change in the next 24 months?
• What groups are responsible for the security processes, policies, and technologies associated with protecting the organization's public cloud infrastructure and on-premises data center/private cloud? How is their day-to-day collaboration characterized? How willing are they to invest in and support public cloud security initiatives?
• Do organizations use microsegmentation today? How will this change 24 months from now? How will organizations employ microsegmentation? Why would organizations not use microsegmentation more widely?
• How often are security incidents a result of encrypted traffic? What is the most attractive method of encrypted traffic visibility?

Survey participants represented a wide range of industries including manufacturing, financial services, retail, healthcare, and technology. For more details, please see the Research Methodology and Respondent Demographics sections of this report.

Abstract:

Secure access service edge (SASE) frameworks are increasingly gaining interest with enterprise customers. The deployment of these services presents an opportunity to switch from perpetual licensing or even subscription licensing to delivering SASE as a managed service. The success of SD-WAN, a major component of a SASE framework, is certainly a driver for consuming SASE as a managed service as well. Organizations need to understand how managed service providers are delivering SASE, especially the ability to manage on-premises and cloud offerings.

Abstract:

Secure access service edge (SASE) offers opportunities for both networking and security, but in most organizations the security and networking teams still operate independently. This independence means enterprise strategies for pursuing SASE may often be focused either on networking or security. It should be noted, however, that some organizations are starting with a converged approach. Depending on who is leading the SASE initiative, priorities may differ. This brief will focus on the nearly one-third of organizations taking a network-focused approach to SASE implementation.