Data integration is proving to be more complex in the cloud for a majority of organizations, especially ones that use public cloud services in multi-cloud environments as part of their analytics initiatives. Many are turning to new tools and managed services to help them cope with integration challenges. In a lot of cases, though, they’re also moving to decrease the number of vendors they currently use.
Insight
-
-
Most organizations use technologies from a variety of public cloud and third-party software providers to support their data management and analytics strategy. That complicates ongoing operational management of cloud analytics environments, and multi-cloud deployments exacerbate the challenges—and the headaches they cause. This research highlights what organizations are doing to try to ease the pain without disrupting critical data workflows.
-
While most IT decision makers believe their organization is doing a good job of acting on data insights, it often takes weeks or months to generate and then act on those insights. There’s an opportunity to do better by deploying new technologies and making the data lifecycle more efficient—and organizations that don’t address the time-to-value gap may find themselves lagging behind faster and more agile rivals.
-
Research Objectives
Based upon years of previous research, for most organizations, security operations are in a period of both disarray and transition. While organizations expand the development of digital transformation initiatives, cloud-native application development, and remote worker support, SOC teams continue to conduct day-to-day operations using assorted point tools, manual processes, and a shortage of staff and skills. CISOs realize this mismatch leads to an unacceptable reality of ever-increasing cyber-risk.
To address this growing security operations gap, organizations are taking numerous actions to modernize security operations, including automating processes, utilizing advanced analytics, integrating security technologies, and embracing the MITRE ATT&CK framework. In order to gain insights into these trends, ESG surveyed 376 IT and cybersecurity professionals at organizations in North America (US and Canada) personally responsible for evaluating, purchasing, and utilizing threat detection and response security products and services.
-
The path a career can take is often based on moments – a company going out of business, chance encounters, seismic shifts in a given industry, enormous external pressures. My career is no exception. After many years as a consultant or in-house systems engineer, I joined BrianMadden.com where I became an independent blogger, analyst, and speaker focused on end-user computing. TechTarget acquired BrianMadden.com in 2007, and I spent that time covering the EUC space as it expanded from a handful of desktop virtualization vendors to hundreds of companies covering everything from virtual desktops to mobile devices to cloud services, along with all the adjacent technologies that support those pillars. In that role, I saw a lot. I was a participant in a unique community of passionate EUC practitioners. I helped companies introduce products to the market. I watched as companies thrived or failed based on their decisions and, sometimes, luck. Mostly, though, I attempted to explain the complex concepts and products that comprise EUC to our readers in a way that I would’ve liked the vendors to communicate it–-distilling the message to its essence and explaining what really matters.
In 2018, I decided that I’d like to try focusing on one thing as opposed to the entire industry, so I left TechTarget to join FSLogix – a company that solved the problems related to app management, roaming profiles, folder redirection, and Office 365 caches. The small company, all-hands-on-deck feeling was amazing, but FSLogix was almost immediately acquired by Microsoft, where I found myself for another year working on what would become the Azure Virtual Desktop team. I then moved on to VMware, where I focused on the intersection of Horizon and Microsoft Azure as a Product Marketing Manager.
Though each of those was a great experience, I found myself missing the communication with the end-users from a broad perspective. I was creating the company-guided message, not distilling it. I was locked into knowing how a single ecosystem worked, as opposed to looking at the big picture and how it all fits together. And then there was the competition with other vendors. Most importantly, I wasn’t communicating with the end customers in the way that I liked to the most – as an independent, trusted voice.
Why Enterprise Strategy Group?
I had all these thoughts in my mind when I had my first call with ESG about taking this position. Throughout my career, I never thought I’d be an Analyst with a capital “A.” Not that I dislike analysts – I’ve enjoyed working with many – it’s just that after having many conversations with them over the years, it didn’t seem like the job for me.
The philosophy here at ESG changed all of that.
My experience in product marketing has shown that even the most amazing marketing groups need help in the form of content creation, independent validation, and storytelling. At ESG, we’re dedicated to helping customers spread their story with whatever they need, be it a simple white paper or a comprehensive, research-backed study. We do technical and economic validation, and we have experts across all of IT that are constantly performing research that’s available to our subscribers.
Equally important, I think, is what we don’t do. Though there’s a place for comparisons like quadrants, radars, and waves, we think we can better serve our customers when we take rankings off the table. This allows us to have conversations with customers about their actual pain points and allows us to tailor solutions to those needs without the customer having to worry about how any given conversation will affect their ranking.
Most importantly for me, though, is our audience. The vast majority of the work we do is targeted for consumption by our customer’s customer, like IT management or practitioners, This is the audience I always have in mind when I write or speak. It’s who I love talking to the most, and, ultimately, who I want to help. In this new role, I’ll have lots of ways to reach that audience, from research to webinars. Plus, I’ll be able to blog with my thoughts and opinions about what’s going on in the industry from an independent perspective.
Oh–and TechTarget!
I didn’t really need anything beyond ESG’s approach to make me want to make the move, but I was happy to learn that TechTarget acquired ESG in 2020 in a move that I think will be amazing for both companies. Combining ESG’s research-backed content creation expertise with the content syndication and marketing capabilities of TechTarget and BrightTALK (also acquired in 2020), we have so many ways to help IT vendors share their stories.
Plus, being back at TechTarget again lets me work with some of the amazing people that I worked with four years ago. Even though the company has grown, the culture has remained the same.
Put all of this together, helping vendors tell their stories, helping customers understand complex topics, and working with a great team with an awesome culture, and I’ve found what I think is going to be a great chapter in my career as an “EUC Lifer.” I’m looking forward to reaching out to old connections and to making new ones. If you ever want to get in touch with me, you can find me @GabeKnuth on Twitter and LinkedIn, or at [email protected].
See you around!
-
IT suppliers’ environmental, social, and governance (ESG) program status is a new and important evaluation factor for buyers.
See data behind this emerging trend with this free Enterprise Strategy Group Infographic, The Role of ESG Programs in IT Decision Making.
-
In this episode of Women in Cybersecurity, I was delighted to interview Helen Patton, an experienced CISO who literally wrote the book on Navigating the Cybersecurity Career Path and is currently CISO for the Cisco Security Business Group. I’m also a longtime follower of hers on twitter where she shares information and resources for security leaders.
Like many of us, her path to cybersecurity wasn’t exactly direct or planned; she says, it was “a series of accidents and unexpected opportunities,” where she moved from IT support, to disaster recovery, to cybersecurity. As someone who is passionate about her role and helping others, she is generous in sharing information and advice for other CISOs, as well as bringing more people into our field and helping them thrive.
Don’t miss her video below.
Helen described her background in the early ’90s with the rise of PCs, working for a consulting company installing accounting software for small businesses. She also held roles supporting infrastructure, ran a help desk and ran desktop support, network support, and basic data center support. The late ’90s came with computing worms and viruses, such as the ILOVEYOU virus, and Y2K issues. While running an infrastructure team for a software development company, she moved into creating disaster recovery (DR) and business continuity plans. Then, she moved back into consulting with JP Morgan doing DR and business continuity, and when there was an opportunity to take a job running the security team, she made the move into cybersecurity.
She said she was always a working adult, doing school part time and taking 15 years to get her undergrad degree in business administration. When she became CISO at Ohio State University (OSU), she had the opportunity to get her master’s degree in public policy, with a focus on technology policy as part of her employee benefits, and this has influenced her approach as a CISO.
As a CISO, I tend to lean more on governance risk and compliance functions more than, say, software development, although (I have a) background in tech. I geek out on security policy a lot, so I spend my hobby time keeping track of regulations, policy changes that are happening around the globe, so my education has been very influential in my career.
Helen spent 8 years at OSU, where she helped them build out their security team to support their cloud transformation. Her role included evaluating what they had and what they needed, building out the team and adding security functionality. She noted that a few years into the job, they had to get rid of some technologies she introduced years before because they had to evolve as things changed.
In higher ed, you play in many spaces, technologies, and you’re subject to regulations because we have hospitals, we’re regulated like a bank, we have PCI, so I got to play in a lot of areas.
In 2021, she joined Cisco as an advisory CISO. Moving to a security vendor gave her a new respect for how much technical expertise is needed to determine what goes into a security product. Her role at Cisco gives her the opportunity to have a global footprint, understanding industry trends across the globe and applying her experience, while helping customers.
Her advice
When you feel like you’re on top of a mountain of information, it’s easy to get overwhelmed. It’s important to
1) take time intentionally to learn something new, with self-based learning;
2) find mentors and a network as part of a security community to help you with learning or training, to have resources who can set your mind at ease that you don’t have to learn everything, or to have someone who can validate how you’re thinking; and 3) know when to say “no” to things so you can focus.For CISOs: Be intentional about why security, why this industry, why this job, why this company, and why now, and be prepared to share it broadly—not only with your team, but with the community as a whole.
For customers: Take advantage of vendors, and partner with them to make sure you get the most out of their tools and see how you can network with their other customers.
Resources:
Helen says podcasts are a great way to learn and help you gain historical context and learn from past events. And you can listen while exercising or walking your dog—excellent for me since walking my dog is my favorite exercise! Her favorite podcasts include:
Be sure to visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can view past episodes and connect with us to hear more inspiring stories in future shows.
-
Two recent high-profile breaches—Intercontinental Hotels Group and Uber—demonstrate the criticality of securing your identities. Both of these attacks started with a social engineering attack. One started with traditional business email compromise (BEC), and the other started with MFA push bombing. The next stage of both attacks compromised the password/secrets vault. -
Research Objectives
Examine the people, processes, and technology supporting the modernization of security operations. Identify key value points, the metrics to back up those value points, and what’s expected from both products and managed services for XDR and SOC modernization. Determine current perception and role of XDR as a component of security operations modernization efforts. Explore strategies used to automate triage, speed investigations, and help organizations find unknown threats.
-
Organizations are increasingly moving applications to the cloud to better serve their customers, partners, and employees. The ability to quickly deploy applications to the cloud so employees, partners, and customers can connect to companies for business transactions and services gives organizations a competitive advantage. This makes maintaining security posture more important than ever, as increasing the availability of products and services connected to company and customer data increases exposure to attacks. Cloud security posture management (CSPM) is key to mitigating security risk while enabling the use of innovative cloud technologies that drive better business results.
-
Research Objectives
Measure the impact of environmental, social, and governance (ESG) initiatives on the IT evaluation and purchase process. Identify the groups within organizations most responsible for adhering to ESG requirements as part of IT purchases. Highlight the costs and benefits that organizations have experienced as a result of complying with ESG initiatives. Determine which vendors/brands are perceived as strong in terms of ESG and which are viewed as laggards.
-
As enterprises digitally transform and IT environments become more dispersed across multiple public clouds and on-premises data centers, the process of moving data, applications, and workloads to and from various locations quickly becomes regular practice. Moving just one application to and from a location can be difficult, time-consuming, and expensive, in most cases requiring a week or more. For large environments, the costs can be significant. As a result, organizations must take a more deliberative, evaluative approach to moving data and applications when migrating to the cloud and across clouds.
Already an Enterprise Strategy Group client? Log in to read the full report.
If you are not yet a Subscription Client but would like to learn more about accessing this report, please contact us.
The path a career can take is often based on moments – a company going out of business, chance encounters, seismic shifts in a given industry, enormous external pressures. My career is no exception. After many years as a consultant or in-house systems engineer, I joined BrianMadden.com where I became an independent blogger, analyst, and speaker focused on end-user computing. TechTarget acquired BrianMadden.com in 2007, and I spent that time covering the EUC space as it expanded from a handful of desktop virtualization vendors to hundreds of companies covering everything from virtual desktops to mobile devices to cloud services, along with all the adjacent technologies that support those pillars. 
Two recent high-profile breaches—Intercontinental Hotels Group and Uber—demonstrate the criticality of securing your identities. Both of these attacks started with a social engineering attack. One started with traditional business email compromise (BEC), and the other started with MFA push bombing. The next stage of both attacks compromised the password/secrets vault.
Organizations are increasingly moving applications to the cloud to better serve their customers, partners, and employees. The ability to quickly deploy applications to the cloud so employees, partners, and customers can connect to companies for business transactions and services gives organizations a competitive advantage.