Markets

Our seasoned analysts couple their industry-leading B2B research with in-depth buyer intent data for unparalleled insights about critical technology markets.

Overview

Business Applications

Cybersecurity

Data Management, Analytics & AI

Infrastructure, Cloud & DevOps

Services

Clients trust us across their GTMs—from strategy and product development to competitive insights and content creation—because we deliver high-quality, actionable support.

Overview

Insights

Browse our extensive library of research reports, research-based content, and blogs for actionable data and expert analysis of the latest B2B technology trends, market dynamics, and business opportunities.

Insights
Contact Us

Insight

  • The Tape Renaissance and Ransomware

    ·

    Christophe Bertrand

    ransomware-protectionIn my predictions for 2020, I highlighted that tape is not going away any time soon. It’s actually experiencing a renewal as it has become quite obvious to a whole new generation of IT professionals that it is a great medium for high-capacity and low-cost storage. 

    While the traditional use case of backup and recovery suffered in the past from recovery performance limitations compared to disk, other use cases have recently emerged. Large-scale archiving of course but also cold cloud storage, which is really large-scale archiving behind a cloud service interface and consumption model. Yes…tape actually powers a whole bunch of storage cloud services! Capacity, automation, and low cost make it possible.

    Modern devices that integrate fast “cache” layers and the ability to leverage easy and friendly user and file system interfaces now make it a lot easier to “plug” tape into an environment without having to hire a PhD in “tapeology.” In combination with specialized high performance devices, mass producers of data can leverage high-performance (memory and disk-based) devices for production, and high-performance/large-capacity tape devices for storage. The media space is a good example. 

    A couple of tape vendors have recently announced initiatives and/or new products that help address parts of the gigantic ransomware issue. It should come as no surprise: Tape can easily be put off-line, air-gapping the data from the main network and the outside world—and by that I mean the nefarious actors that might corrupt the data to extort a ransom. It’s a great solution that can help improve compliance levels, and provide a “gold” copy type and isolated recovery capability. Some ransomware attacks can corrupt backups—sometimes specifically targeting the backup systems—so everyone should have an air-gapped gold copy mechanism in place. With modern devices and many integrations into the ecosystem, recovery can be accelerated (compared to the good old days) should it be necessary. I recently wrote a paper on the topic for HPE.  

    As I said, tape is not going away any time soon… 🙂

  • Crime Fighting, Protecting the Innocent, and Stopping the Embarrassment of Modern Email Attacks

    ·

    Dave Gruber

    Introducing Enterprise Strategy Group’s Modern Email Security Video Series

    As part of my ongoing research around modern email security, I am shooting a series of video interviews with leaders from several email security solution providers, talking about the current email threat landscape and strategies to defend against them. My goal is to make these educational, explaining what’s happening on both the attacker side and the defender side.

    I’ll be talking with a variety of industry experts from very small security companies to the largest of email security providers, covering specific defensive techniques to broad, cross-vector strategies that include email security. Most of these will be shot in our ESG Studios, but I may end up with a few shot on location in my travels.

    Leading off the series, I’m talking with DJ Sampath, founder of Armorblox Security. Armorblox has built a natural language understanding platform that can be used to help organizations fight business email compromise (BEC), among other email-related threats. DJ explains the challenges associated with stopping business email compromise, introduces natural language processing (NLP), and talks about how Armorblox has applied NLP to stop BEC attacks. We shot this one in two five-minute increments, so please enjoy the series. This is the first of many to come!!

    Part 1 with DJ Sampath from Armorblox

    Part 2 with DJ Sampath from Armorblox

  • CISOs Are Finding Ways to Address the Cybersecurity Skills Shortage

    ·

    Jon Oltsik

    GettyImages-849372092As part of the ESG annual IT spending intentions research for 2020, respondents were asked to identify the area where their organizations have a problematic shortage of skills. Cybersecurity topped the list of problematic skills shortage areas, just as it has for the past 9 years.

    (more…)

  • The Expanding Role of DevSecOps Practices

    ·

    Doug Cahill

    ESG conducted research in the fall of 2019 to examine the composition of cloud-native applications, explore the challenges associated with securing cloud-native environments, and gauge the emergence of secure DevOps programs, or “DevSecOps,” as a methodology to protect the lifecycle of modern applications. The number of organizations who have or plan to implement secure DevOps practices has grown appreciably since ESG’s similar study in 2017, leading to an expanded set of use cases and, over time, broader coverage of an organization’s footprint of cloud-native applications. DevSecOps, for the purposes of this ESG brief, is the automation of security via the integration of cybersecurity controls and processes in the continuous integration and continuous delivery (CI/CD) pipeline of DevOps.

    (more…)

  • The Cybersecurity Awareness Conundrum

    ·

    Enterprise Strategy Group

    It is an obvious move to provide cybersecurity awareness training to employees to ensure their secure use of the company network across multiple cloud and hybrid environments—and it is an arguably altruistic bonus to enhance employee personal life cybersecurity. But does cybersecurity training accomplish what we want it to? Does it effectively stop users from clicking on malicious links in phishing emails or help them recognize a seemingly innocuous email that might offer privileged access to an attacker? Some say yes; some say no. ESG conducted several studies in 2019 that provide insight into respondents’ use of cybersecurity awareness training and their perception of the service.

    (more…)

  • Veeam Acquisition: The Net Net

    ·

    Christophe Bertrand

    GettyImages-1167819372020 started with a bang in the data protection space with the announcement of the acquisition of Veeam by Private Equity firm Insight Partners. Insight Partners is no stranger to the space, having invested in Acronis, as well. In this short blog, I am going to net out my views on this acquisition.  

    It’s great news for the market! Let’s be clear, the backup and recovery space is hot and growing, but it is yesterday’s market. It is evolving into something else, which I have coined the data intelligence market, an evolution of backup and recovery that places data and data reuse at the heart of the enterprise. Whether enabling digital transformation or leveraging “dark” or dormant data, the idea is to leverage data assets. This acquisition is about the next stage of the market.

    (more…)

  • The Evolution from Data Backup to Data Intelligence

    ·

    Christophe Bertrand

    ESG conducted a comprehensive online survey of IT and data protection professionals at private- and public-sector organizations in North America (US and Canada) between June 28, 2019 and July 21, 2019. To qualify for this survey, respondents were required to be IT decision makers currently responsible for or familiar with their organizations’ production storage and data protection mechanisms, as well as their organization’s approaches to facilitating data usage by primary and secondary beneficiaries.

    This Master Survey Results presentation focuses on the transition from traditional data backup processes to data management strategies in which data is better understood and reused for other technical or business purposes.

    (more…)

  • 2020 Technology Spending Intentions Survey

    ·

    Enterprise Strategy Group

    ESG conducted a comprehensive online survey of IT professionals from private- and public-sector organizations in North America (United States and Canada) and Western Europe (UK, France, and Germany) between October 31, 2019 and November 26, 2019. To qualify for this survey, respondents were required to be senior IT professionals familiar and involved with their organization’s overall 2020 IT budget and spending plans. All respondents were provided an incentive to complete the survey in the form of cash awards and/or cash equivalents.

    This Master Survey Results presentation focuses on 2020 IT budget expectations, technology initiatives and priorities, year-over-year spending change (overall and by different technologies), hiring/staffing challenges, and cloud adoption/usage trends.

    (more…)

  • Putting Some Heat on Phishing and Credential Theft

    ·

    Dave Gruber

    GettyImages-471219563Today’s announcement of Mimecast acquiring Segasec should help companies close another important gap in the race against the rampant phishing and credential theft attacks.

    As Mimecast builds out their Email 3.0 strategy, the acquisition of Segasec will put the heat on bad actors who are busy stealing credentials by impersonating many of the world’s biggest companies. With so many phishing attacks attempting to lead users to fake or impersonated web sites where they unknowingly give up login credentials and other sensitive information, many of the largest online companies become the biggest targets.

    Mimecast continues to extend their email security platform to protect against the growing email-led threat vector. While many email security companies have implemented filtering techniques to detect and slow down url and domain spoofing, impersonation sites have been left unattended. Segasec’s subscription service proactively hunts down impersonation sites and shuts them down. This is kind of like going after the drug dealer’s home instead of the drug user. To accomplish this, Segasec continuously monitors domain name registrations, certificates, social networks, and more, looking for indications of impersonation. And when they find them, they have several methods of blocking access or taking down the impersonated sites. (more…)

  • The CCPA is here. What does it mean for AI?

    ·

    Mike Leone

    GettyImages-1179285892As of January 1st, the California Consumer Privacy Act is now in effect. The CCPA lets anyone in California request all the information a company has on them as a consumer, including what data has been sold to /accessed by other companies. And when it comes to penalties, if a company is notified of being out of compliance (i.e., unable to provide all the data of their consumers), they have 30 days to comply or they will get fined per record. And that “per record” component is important because it highlights how quickly a fine could balloon into billions of dollars in fines. The interesting component of this is that if a company doesn’t comply, it opens companies to face class action lawsuits from consumers.

    (more…)

  • Digital Work Survey: Cybersecurity Takeaways

    ·

    John Grady

    GettyImages-988469836Enterprise Strategy Group recently completed an interesting study where, rather than surveying IT buyers and practitioners as is normally the case, we targeted employees in non-IT roles like sales, human resources, marketing, and finance. This provided a view of how the typical worker thinks about technology and the impact it has on their professional life. While a lot of the survey focused on end-user focused processes and technologies (mobile devices, applications, voice assistants), respondents were also asked for their perspectives on cybersecurity.

    The cybersecurity results are reviewed in detail in this ESG Brief, but some of the high level takeaways included:

    • Threats are exacerbated by risky employee behavior – between one in five and one third of employees report downloading personal applications to work devices, sharing sensitive information on public Wi-Fi networks, or disabling/removing AV software. The numbers are even higher for certain types of workers (mobile, senior managers, younger). When cybersecurity best practices get in the way of productivity or convenience, workers will obviously cut corners.
    • Passwords remain an issue – nearly three-quarters of workers report reusing passwords at least occasionally. This isn’t surprising due to device and application sprawl, but is still worrisome. Single sign-on/password manager technologies are at the top of the list for technologies that workers want to alleviate the frustrating and productivity draining process of managing multiple passwords.
    • Awareness training is becoming more common, but is still not pervasive – 60% of workers report participating in required cybersecurity training, but only 43% said it was a recurring practice. Companies don’t want to burden their employees with unnecessarily or unproductive trainings. However, when done right, cyber awareness training can make an impactful difference. But this requires going past just checking the box and creating an iterative program of training and testing to focus on the most vulnerable vectors and employees.

    Overall, my takeaway was that cybersecurity vendors need to spend more time on the user aspect of security. Accounting for the views of those that are on the top line will become increasingly important as cybersecurity continues to move into the mainstream. That’s happened within the IT department, but there’s still room to grow among the non-IT employee base.

  • Taking the Pulse of Employee Cybersecurity Habits

    ·

    John Grady

    Cybersecurity clearly has the attention of IT departments and executives. High-profile attacks and the resulting direct and indirect costs associated with security breaches have helped drive awareness over the last decade and give security practitioners a louder voice in the organization. However, the average worker is more concerned with maintaining productivity and convenience in their increasingly overlapped work and personal life. Cybersecurity solutions must begin to deliver the technology experience workers demand.

    (more…)