More organizations are turning to the public cloud to support data initiatives, many of them using cloud services from both cloud providers and third-party software vendors. Within 12 months, sizable majorities of organizations plan to run various data management and analytics tools on public cloud infrastructure. Hybrid environments that also include on-premises systems often need to be maintained, but investments in cloud-based technologies clearly are on the rise to help meet data-driven business goals.
Insight
-
-
The public cloud is a good match for modern data needs and goals, and organizations increasingly recognize that as part of their data analytics strategy. The benefits they’re gaining will drive further adoption of public cloud services to support data initiatives. But there are challenges that must be overcome to ensure that cloud analytics deployments are successful. This research provides insight into the top benefits and challenges of using the cloud.
-
Research Objectives
The need for rapid insight is forcing organizations to prioritize agility, transparency, and speed across their data ecosystems with a goal of improving operational efficiency, improving collaboration, and accelerating time to value from investments in support of data-driven initiatives. But organizations need help ensuring seamless orchestration, appropriate management, and timely delivery of data in support of the people, tools, processes, and environments that fuel their business. Between data quality issues, distributed data, tool proliferation, overburdened and under-skilled teams, rising costs, and increased risk, the complexity of today’s data ecosystem hinders democratization of data and analytics. This is a big reason why organizations are turning to DataOps—an agile, automated, and process-oriented methodology used by data stakeholders to improve the quality, delivery, and management of data and analytics. And the wide belief is that establishing DataOps will set organizations up for success as they look to achieve a data-driven future through an agile, process-oriented approach to securely accessing and analyzing data at scale.
-
My colleague John Grady completed a new research report on Trends in Modern Application Protection. It covers how organizations are modernizing their application architectures and the challenges they are seeing in web application and API protection platforms. In this video, we discuss some of his findings on API security. Watch the video below to learn about:
- The growth of APIs
- Challenges and methods to secure them
- API incidents that organizations have experienced and their impacts
- Methods of remediating API coding errors and their effectiveness
- What to look for in an API protection platform
Watch the video below, and be sure to check out the new research: Trends in Modern Application Protection.
-
As ransomware actors have gained in experience and sophistication, they’ve adopted new tactics. Before encrypting your data, they exfiltrate it. This way, they can make you pay twice–first for an encryption key, and second, an extortion fee to prevent the attacker from publishing your sensitive data.Data security encompasses the principles and practice of ensuring legitimate access and preventing unauthorized access to data to preserve the cybersecurity triad of confidentiality, integrity, and access (CIA). A data security platform that enables you to discover, classify, and protect your sensitive data can stop a ransomware attacker from data exfiltration and limit your exposure to extortion.
-
Easy-to-remember passwords are easy to crack. Strong passwords are hard to remember,
leading to password reuse and the risk of password compromise that causes multiple account takeovers. Passwords are risky business.Multifactor authentication (MFA) is a way to combat the inherent weaknesses of passwords. Yet MFA is also susceptible to compromise. Passwordless authentication based on the FIDO standards and public key encryption is the new archetype for authentication, and is phishing- and compromise-resistant.
-
The ransomware threat is a top-of-mind issue for many organizations, but few feel totally prepared for an attack. IT organizations are building their own processes to respond, but many are confused about the scope of what is to be included and even who is responsible for the implementation.
In order to establish a framework for modern ransomware preparedness, Enterprise Strategy Group surveyed IT and cybersecurity professionals personally involved with protecting against ransomware attacks and developed the 5 pillars of ransomware preparedness.
For more information or to discuss these findings with an analyst, please contact us.
-
This episode of Women in Cybersecurity features my dear friend, Laurie Haley, VP of Strategic Alliances at application security company Veracode. I first met Laurie when we worked together at Qualys, where she was a superstar sales leader who had a technical background. She got her start in tech support, moving into network engineering, and then into cybersecurity roles at VeriSign and SecureWorks. Then she worked at CVS doing vulnerability management before moving to Qualys, where she spent nearly nine years, including serving as Executive VP of Worldwide Field Operations. Now she heads up strategic alliances for Veracode. With her technical background and her understanding of customer needs, she is passionate about helping them solve their biggest cybersecurity challenges with effective solutions.
Don’t miss her video below.
Laurie got her start in tech support and network engineering, but has been in cybersecurity since 2007 because it’s such a rewarding field.
“What really was important to me was I wanted to do something with my career that was interesting and I was talented at, but was going to make an impact.”
After working at CVS in vulnerability management, she moved to Qualys, a company known for hiring practitioners on their sales team. “Here I was with this opportunity to take that background and bring in another skill set that I have – which is working with people, communication, negotiation – and bringing to focus helping people, working with clients, helping them do what I did at CVS.”
I have great memories of working with Laurie there, getting her perspective for product releases and working with her on customer case studies.
Now, Laurie is running strategic alliances for Veracode, working on technical integrations to benefit their customers. “I’m taking my hands-on experience to help Veracode align itself with technologies and companies that will help them overcome their challenges.”
I love our industry for the people I meet, and Laurie is one of my favorites. She gave me tips and advice when I was pregnant with my son, as we share aspirations of being powerhouse career women while raising our families. In addition to being a superstar at work, she’s a mother of four.
“I’m a mother of four. It’s a challenge to be a professional at my level in a very fast-paced business in an industry that requires a lot of involvement and effort. I have got to have people who can help me out. So asking for help to be able to balance everything so you can achieve your goals is a really important piece of advice that was hard-learned for me.”
Laurie said the Executive Women’s Forum has been a big part of her journey. “They are one of the biggest groups to support women in cyber, and I’m a part of their mentor program,” she said. “They’re focused on supplying the networking forums that all of us women in this business can use to figure out challenges and help each other get ahead. And there’s the mentor program bringing up young professionals so that they can take over for us someday when we retire.”
Be sure to check out Laurie’s video below. Also, check out the Executive Women’s Forum: https://www.ewf-usa.com/ and connect with Laurie on LinkedIn.
Be sure to visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can also find a link to the full audio interview with Laurie where we discuss this and much more. You can also view past episodes and connect with us to hear more inspiring stories in future shows.
-
The clear path to cloud-native applications is to use modern methodologies such as DevOps and agile development on modern application platforms and “developer-ready” infrastructure. However, the self-reported maturity of organizations in their use of modern methodologies is not substantiated by development KPIs, such as hourly code production, and most are hobbled by an IT skills gap. Choosing the right platform and building internal skills are critical in implementing the development methodologies needed for successful cloud-native deployments.
Already an Enterprise Strategy Group client? Log in to read the full report.
If you are not yet a Subscription Client but would like to learn more about accessing this report, please contact us.
-
Security threats are on the upswing, businesses are hastening digital transformation plans, IT infrastructures are accelerating toward the cloud, and hybrid and remote workforces are the new reality. Enterprises have stepped up efforts to protect an expanding attack surface and the vulnerable access points of corporate-owned devices and BYODs. As a result, zero trust network access (ZTNA), barely on the radar screen as part of an end-user computing (EUC) strategy a short time ago, is now a top-of-mind consideration among IT professionals. Yet, compared to other established EUC strategy components, zero trust deployments in most corporations are just in the early innings.
-
Securing applications has become more difficult than ever thanks to heterogeneous application environments, distributed responsibility for application security, and advanced attack campaigns. Converged application protection platforms have emerged to address many of these issues, but organizations can struggle with prioritizing the capabilities they require, assessing the different types of tools available, and meeting the diverse needs of a broad set of stakeholders.
For more information or to discuss these findings with an analyst, please contact us.
-
As organizations add more IT assets, their attack surfaces also grow, and so does the organization’s need for better security hygiene and posture management. Security hygiene and posture management rely on a broad range of tools such as vulnerability management, asset management, attack surface management and security testing to monitor all IT assets in an organization.
As ransomware actors have gained in experience and sophistication, they’ve adopted new tactics. Before encrypting your data, they exfiltrate it. This way, they can make you pay twice–first for an encryption key, and second, an extortion fee to prevent the attacker from publishing your sensitive data.
Easy-to-remember passwords are easy to crack. Strong passwords are hard to remember,