Markets

Our seasoned analysts couple their industry-leading B2B research with in-depth buyer intent data for unparalleled insights about critical technology markets.

Overview

Business Applications

Cybersecurity

Data Management, Analytics & AI

Infrastructure, Cloud & DevOps

Services

Clients trust us across their GTMs—from strategy and product development to competitive insights and content creation—because we deliver high-quality, actionable support.

Overview

Insights

Browse our extensive library of research reports, research-based content, and blogs for actionable data and expert analysis of the latest B2B technology trends, market dynamics, and business opportunities.

Insights
Contact Us

Insight

  • SD-WAN Enabling WFH During COVID-19 Pandemic

    ·

    Bob Laliberte

    Work from home

    For the last couple of years, SD-WAN technology has been on a roll. Businesses going through digital transformation initiatives are increasingly leveraging cloud platforms to host applications (both IaaS and SaaS) that are critical to the business. However, the legacy hub and spoke networks leveraging private telco links were not designed for direct connection to cloud-based apps from remote locations. Instead, all the traffic was funneled through the data center, creating a lot of round trips, latency, and poor user experiences.

    SD-WAN changed all that and enabled organizations to effectively take advantage of multiple broadband connections to create highly performant and secure connections from branch offices directly to cloud platforms, corporate data centers, and other remote offices. Leveraging broadband connections (or a combination of broadband, MPLS and even 4G) provided greater flexibility, access, and even lower costs. Additionally, these SD-WAN technologies provided a number of other benefits to the business including:

    1. Zero touch deployments to enable site to be turned up rapidly.
    2. Prioritized application traffic to ensure critical voice and video applications always perform well.
    3. Effective and efficient use of all existing bandwidth.
    4. Securely segmenting application traffic ensures business apps aren’t mixed with gaming traffic.
    5. Centralized policy management and distributed enforcement ensures changes are implanted at every site.

    Over the last week or two, I have spoken to a number of SD-WAN providers (VMware VeloCloud, QoS Networks, Silver Peak, and Cato Networks) who are reporting that in light of the COVID-19 pandemic that businesses are now adapting SD-WAN to enable work-from-home (WFH) initiatives. It stands to reason that if it can provide benefit to the branch office, it can do the same for the employee now working from home. Here are a couple of examples:

    • There is a large insurance company that ordered 5,000 new SD-WAN instances to be rolled out over 10 days to ensure their employees have optimized access to internal and cloud applications and that corporate policies can be enforced at these new edge locations –employee homes. In this case, a partner was handling the staging, distribution and turn up of services with an extremely expedited timeframe. Fortunately, zero touch provisioning and centralized policies ensure minimal involvement is required by the employees.
    • In another instance, the technology is being used to enable doctors and healthcare professionals to more effectively and securely deliver TeleHealth/Telemedicine from not just their offices, but also their home locations as well. Given the risk so many of those on the front lines are facing, the ability to screen potential patients from remote locations or enable doctors from different parts of the country to help those in the hardest hit areas, this is a great application of SD-WAN technology.
    • A call center business handling medical-related issues rapidly transitioned from an on-premises business to a work-from-home model, bringing up 300 agents in less than one week from placing the order, 400 agents within two weeks, and now have 800 employees set up to work from home. Again, because of the innovative zero touch provisioning and centralized control, these technologies are able to be deployed in a very short time frame. For a call center business, SD-WAN technology will provide significant benefit by optimizing real-time audio and video services to ensure the best possible customer experiences, regardless of where the call center operators are located. Click here for more information.

    Clearly the COVID-19 pandemic has forced all organizations to rethink their business continuity plan. As employees shift to work from home to remain safe, we are starting to see innovative technologies like SD-WAN be deployed to ensure call center agents can still deliver services, health care professionals can interact with patients, and other medical centers and employees can access mission-critical business and collaboration apps with prioritized access – especially with so many students also at home, vying for bandwidth for online gaming and streaming video!

  • Top 3 Reasons IT Operations will Accelerate Cloud Consumption Due to WFH

    ·

    Mark Bowker

    Work from home

    IT organizations that are running a data center have a set of challenges on their hands given that the teams are working from home (WFH). Data centers are like your automobile that requires hands-on scheduled and unplanned maintenance. Well-run data centers are a fine oiled piece of machinery that is constantly worked on to meet and deliver business demand. IT organizations are masters at this, but what happens when the team is mandated to WFH?

    Managing and maintaining consumption from the cloud is very different. IT ops teams manage cloud services remotely because it is the only way they can be managed. While businesses have embraced cloud services, the level of maturity varies greatly from one organization to the next. Due to employees having to WFH, including IT organizations, they have a new appreciation for the investment in cloud that they have already made and will likely put cloud on the fast track for these reasons:

    • Remote Access: The cloud was designed for IT to securely access, manage, monitor and maintain cloud services remotely. IT operations teams and developers can all maintain the continuity of access while WFH continues.
    • Unplanned scale: Simple break/fix tasks in the data center are going to be difficult enough with a reduced onsite staff in place. During times like these, businesses are not going to truck racks of IT gear into their data centers, but still may need more capacity. The answer…cloud.
    • Threat detection: As unfortunate and wrong as it is, times like this leave companies vulnerable. The major cloud providers all have threat intelligence that can be used to help protect a business that is operating in the cloud and help reduce the overall risk from multiple threat vectors.

    The advantages of cloud will shine as IT organizations continue to WFH and businesses will further accelerate cloud consumption initiatives. During this time, business will likely prioritize cloud over on-prem and not look back.

  • VDI & DaaS Make WFH Work

    ·

    Mark Bowker

    Work from home

    The technology to help businesses deliver a secure and productive experience for employees as they work from home has been around for years. Businesses have implemented virtual desktop infrastructure (VDI) and desktop-as-a-service (DaaS) to enable remote employees, but the technology has never broken through a relatively small percentage of the employee base or been used outside of specific use cases. ESG has spoken with numerous companies that invested in VDI or DaaS to help address local business continuity, but now companies are finding themselves having to maintain business continuity globally. Something they have not likely planned for.

    I am seeing companies find themselves in one of these four situations:

    1. Those organizations that didn’t have a policy or technical support. They are starting from scratch in all areas and need to scale up quickly.
    2. Those that had policy/technology on a limited scale and not very mature. They need to mature current processes/technologies and then scale them.
    3. Those that had policy/technology on a limited basis (e.g., local business continuity) but good deal of maturity. They need to scale.
    4. Those that had policy/technology on an extensive basis. Maturity level can still vary but this is where they have to double down.

    Each of these situations requires a different approach and level of investment. Unfortunately, companies that had to rush work from home (WFH) enablement took shortcuts that have left company information exposed and have raised a slew of security concerns.

    The technology works. VDI and DaaS are proven and trusted technologies that can deliver an entire desktop operating system, applications, and data to an employee working from home. The security threat is greatly reduced since the user workspace is hosted in a data center or with a cloud service provider and projected to the user. I have been pushing the limits of this technology and can validate that I am a productive work from home employee that accesses a Windows 10 desktop that is hosted with a cloud provider, and I use a smartphone with an external keyboard, mouse, and monitor as my primary device. The technology works and can enable rapid scale for businesses without compromising security.

    Nobody plans for an event like COVID-19. But we have the technology that can support the massive shift to WFH. The question now remains: Once we all work through these times, how will companies leverage the WFH experience to create new opportunities and empower their workforce?

  • 2020 Cybersecurity Spending Trends

    ·

    Jon Oltsik

    Most organizations will increase cybersecurity spending in 2020, driven by the desire to protect business processes and counteract dangerous threats. In fact, organizations targeted by cyber-attacks like ransomware are far more likely to increase spending than those that have not. While most are likely to invest in AI/ML-based analytics, data security, network security, and application security, CISOs will spread budget dollars around in many areas. The data indicates that many organizations are in the process of reengineering their entire cybersecurity infrastructure in an attempt to improve efficacy, streamline security operations, and support new technology-driven business processes.

    (more…)

  • Data Storage Trends in an Increasingly Hybrid Cloud World

    ·

    Scott Sinclair

    In 2019, ESG conducted a research study to better understand enterprise storage buying drivers and challenges across both on- and off-premises cloud environments. This was a quantitative web-based survey covering 372 IT and storage professionals responsible for evaluating, purchasing, and managing data storage technology—including external disk-based storage systems—for their organization.

    The objectives for this research included investigating trends in storage for both on- and off-premises environments; storage challenges for file, block, and cloud-based technologies; on-premises technologies such as flash, NVMe, NVMe-oF, and SDS; and the differences between high and low data growth organizations.

    (more…)

  • Leveraging DevSecOps to Secure Cloud-native Applications

    ·

    Doug Cahill

    Fundamental changes to application architectures and the infrastructure platforms that host them is antiquating existing cybersecurity technologies and challenging traditional approaches to protecting business-critical workloads. Additionally, the continuous integration and continuous delivery (CI/CD) process of DevOps is as impactful a change to cybersecurity programs as the changes to the applications and infrastructure that these methodologies manage.

    In order to get more insight into these trends, ESG surveyed 371 IT and cybersecurity professionals at organizations in North America (US and Canada) responsible for evaluating, purchasing, and managing cloud security technology products and services. These organizations are mature cloud users in terms of public cloud services and/or containers.

    (more…)

  • 3 Ways COVID-19 Is Changing CISO Priorities

    ·

    Jon Oltsik

    According to ESG research, 62% of organizations were poised to increase spending on cybersecurity in 2020. Thirty-two percent of survey respondents said they would invest in cybersecurity technologies using AI/ML for threat detection, followed by data security (31%), network security (30%), and cloud application security (27%).

    COVID-19

    Of course, that was back in the innocent and carefree days before COVID-19. Have things changed?  Yes, and seemingly overnight. Like society at large, the cybersecurity world’s priorities, strategies, and tasks have been turned upside down.

    I reached out to some CISOs and industry beacons this week to get their account of what’s happening. My first observation is it’s difficult to get CISOs on the phone right now as they are heads down trying to secure the new reality. But I did manage to get a few on the line; here’s a synopsis of what they said:

    1. Big projects have been postponed indefinitely. Large organizations tend to have a few cybersecurity projects that require engineering, piloting, and cooperation with IT operations. Think of things like reengineering the security data pipeline, data discovery/classification/security across the enterprise, or IAM initiatives like identity federation. With everyone working remotely, these projects have been tabled for now—even if they were already progressing.
    2. It’s all about securing remote users. This one is obvious but its also the reason why CISOs are so busy. The mandate from executives was to get employees up and running first and then address security afterward. CISOs have been fighting “bolt on” security cycles like this for years, but the virus has forced security teams to work uphill to catch up. This means on-the-fly risk assessments, controls adjustments, and lots of work in tandem with IT and network operations teams.
    3. An immediate search for “quick wins.” CISOs are finding and patching holes as quickly as they can. In some cases, this means they are starting from scratch as they quickly ramp up product research, purchasing cycles, testing, piloting, and deployment. Despite this workflow, CISOs are looking for tools that can be easily installed and configured to mitigate new risks. 

    Budgets haven’t been cut yet and CISOs really don’t have time right now to deal with paper pushing.  Rather, security teams are grabbing money as they can to address the new reality. Some of the emergency purchasing needs include:

    • Endpoint security controls. There are two priorities here: providing network access and blocking malware. This equates to VPN clients and antivirus software—especially for employees sharing their systems with family members. Some are also looking at asset and operations management tools (a la Tanium) to turn unmanaged home PCs into managed short-term corporate assets.
    • Mobile device security. This was on the to-do list at the beginning of the year. Now that executives, high-value employees, and privileged account managers are working from home, mobile device security efforts have become a high priority.
    • Network security. CISOs are defaulting to VPNs to deal with a work from home population that grew from 20% to greater than 80% of employees in a matter of weeks. In some cases, basic VPN access has superseded more thorough zero-trust access projects that require time and planning for things like policy management. VPN growth is accompanied by the need for more firewall and other gateway appliances. Finally, I’m seeing increasing interest in secure DNS services, which is also perceived as a quick win.
    • Simple multi-factor authentication (MFA). Organizations that have success with MFA in small pockets are expanding these efforts as high-value employees migrate from office cubicles to their home offices. Again, the goal is to bolster security first and then fine-tune policies over time.

     Some final observations:

    • The degree of cooperation between security and IT/network operations is unprecedented, with lots of things happening simultaneously.
    • CISOs aren’t doing a lot of shopping. Rather they are working with trusted partners to get things done quickly. This will impact startups.
    • CISOs have asked their staff to do what they can to increase end-user monitoring. They are also working with HR on “crash course” security awareness training. Those that have synthetic phishing tools have increased activity here as well.
    • Data security remains a big issue as there aren’t really any quick fixes. This is one of the reasons for increased end-user monitoring. 
    • Before COVID-19, many organizations did not configure endpoint security tools in the maximum protection setting for fear of disrupting users with false positives or reduced performance. Some of the CISOs I talked with have mandated a change in this policy, reconfiguring endpoint security tools for maximum protection everywhere.
    • CISOs are asking trusted vendors for help. In some cases, they are discovering security product capabilities and free features and services they were unaware of. Who knew?

  • Ransomware Still Rampant, Fueled by Insurance Companies

    ·

    Dave Gruber

    Skull and crossbones

    With ransomware a top security concern for most cybersecurity teams, the cost of cybersecurity insurance is making its way into the annual budgeting process for CFOs around the globe. While ransomware is not a new cyber-threat, largely entering the cybersecurity scene in 2016 and 2017 with high-profile attacks, research conducted by ESG reveals that a majority of organizations continued to experience ransomware attacks in 2019, representing a concern for both business and IT leadership.[1]

    The research further revealed the prominence of cybersecurity insurance policies, and the relationship between ransomware payouts and those companies that hold these policies. A subset of organizations with cybersecurity insurance report that their providers are advising, and possibly even pressuring, them to pay cyber ransoms, further fueling the success rates and the economy built around ransomware. This disturbing trend sets the stage for the continuance of ransomware, and an opportunity for criminals to exploit those organizations that have engaged with cybersecurity insurance companies.

    The ransomware economy stretches well beyond the cryptocurrency that attackers are extorting from both companies and the public sector. Cybersecurity insurance is growing at an equally disturbing pace, along with the many ransomware-targeted security controls that endpoint and data protection vendors are bringing to market to help organizations protect themselves from attacks. Further contributing to this economy are the outside incident response vendors and legal practices that are helping companies understand and recover from successful ransomware attacks.

    I’m a big analogies guy, so I’ll liken this to the use of radar in the automotive industry: As vendors equipped law enforcement with speed-measuring radar guns, it spawned an opportunity for the sales of radar detectors to alert drivers to “speed-traps.” As radar was further used in additional applications including automatic door openers, collision detection systems, and more, new advances were required to filter out the noise, further fueling the economy built around the radar industry.

    Ransomware is following a similar pattern: Software developers are building and selling ransomware to criminals. Criminals are using the ransomware to extort funds from organizations of all types. Cybersecurity insurance companies are selling insurance policies to protect against attacks. Cybersecurity software companies are building and licensing software to protect against attacks. Data loss protection (DLP) vendors are building and selling specialized solutions to enable data to be safeguarded and restored in the event of ransomware attacks. Incident response companies are helping victims understand and recover from attacks.

    With all the positive focus on helping organizations protect against and recover from attacks, ransomware and the economy surrounding it appear to be here to stay. ESG research tells us that this story is only getting worse, with 48% of companies investing in cybersecurity insurance policies, and nearly two-thirds (60%) of organizations experiencing a ransomware attack in 2019. While successful phishing attacks far outweigh successful ransomware attacks, most organizations say that ransomware presents a higher risk.

    To learn more about what organizations say about ransomware and how cybersecurity insurance is impacting the ransomware economy, download my free brief, Ransomware Still Rampant, Fueled by Insurance Companies.

    Download Now

    [1] Source: Enterprise Strategy Group Research Report, 2020 Technology Spending Intentions Survey, February 2020. All Enterprise Strategy Group research references in this blog post have been taken from this research report.

  • The Advantages of a Data Science Team

    ·

    Mike Leone

    As organizations look to prioritize data-driven initiatives, the success of those initiatives will be directly tied to people, processes, and technology. While data science may seem aspirational or even foreign to some organizations, ESG research shows direct ties between organizations with a data science team and better use of data, better use of technology, and better business outcomes. For those organizations looking to drive greater business value through the use of data, a formal data science team can help.

    (more…)

  • The SaaS Data Protection Disconnect

    ·

    Christophe Bertrand

    The broad adoption of cloud services as a source of and repository for business-critical data is placing the onus on data owners to deliver on data protection SLAs for data and applications that are hosted in the cloud. Concurrently, on-premises backup and disaster recovery workloads are leveraging cloud destinations, resulting in hybrid data protection topologies with varying service levels, end-user tradeoffs, and opportunities. How are IT organizations utilizing cloud services as part of their data protection strategy today?

    In order to get more insight into these trends, ESG surveyed 370 IT professionals at organizations in North America (US and Canada) responsible for data protection technology decisions for their organization, specifically around those data protection and production technologies that may leverage cloud services as part of the solution.

    (more…)

  • Toward a Common UI/UX for the SOC (Security Operations Center)

    ·

    Jon Oltsik

    GettyImages-949581000It’s 2020, yet many organizations still depend upon a myriad of disparate point tools for security operations, leading to many challenges. According to ESG research:

    • 35% of cybersecurity professionals say that the biggest challenges associated with managing an assortment of point tools is that it makes security operations complex and time consuming.
    • (more…)

  • Enterprise-class Cybersecurity Vendor Sentiment

    ·

    Jon Oltsik

    ESG conducted a comprehensive online survey of IT professionals at private- and public-sector organizations in North America (US and Canada) between December 9, 2019 and December 17, 2019. To qualify for this survey, respondents were required to be IT/information security professionals responsible for or familiar with their organization’s cybersecurity environment and strategy.

    The data in this master survey results set covers:

    • The cybersecurity technology landscape.
    • Perceptions of and requirements for enterprise-class cybersecurity vendors.
    • Enterprise-class cybersecurity platforms.
    • Security sentiment for cloud service providers.

    (more…)