As organizations modernize their software development processes leveraging cloud services for faster, more efficient software application delivery, cybersecurity teams are investing in developer-focused security tools to keep up. ESG research shows organizations have experienced a range of security incidents, many caused by preventable coding mistakes. This puts pressure on security teams to incorporate security into development to fix coding issues before the applications are deployed and to enable efficient remediation to prevent security incidents.
Cybersecurity & Networking
-
-
As organizations move to cloud-native application development to meet business demands with greater productivity and innovation, security teams need to adapt their application security strategies to support modern development processes. Developers’ increased usage of infrastructure-as-code (IaC) to provision their own cloud infrastructure and the availability of open source software (OSS) enable them to efficiently build, release, and update their software. Security teams need to ensure that they have the right security processes and controls in place to support these key components of cloud-native software and to effectively manage risk as development scales.
-
Challenged by ransomware and other password-related breaches and attacks, organizations are taking action to strengthen their authentication processes by deploying multifactor authentication (MFA). Like passwords, MFA is susceptible to attack, and doesn’t completely address the authentication problem. Passwordless authentication methods can protect against phishing and other attacks. To increase security and gain additional benefits, such as a better user experience and improved efficiency of IT and security teams, organizations need to operationalize strong authentication, making MFA or passwordless authentication mandatory.
-
Managing and securing the identities of an organization to increase security can be a challenge, and it is getting more challenging with the increased need for anywhere, anytime access to both cloud and in-house resources. Organizations are leveraging third parties and commercial solutions, including privileged access management (PAM) and identity governance and administration (IGA) to secure identities in their IT environment.
Already an Enterprise Strategy Group client? Log in to read the full report.
If you are not yet a Subscription Client but would like to learn more about accessing this report, please contact us.
-
As business activity shifts online, with a hybrid workforce, many activities are conducted over the network rather than in person, exposing an organization to fraud and attacks by nefarious individuals or groups or through identity theft. Organizations are increasingly protecting themselves from the uncertainty of working entirely online by using services to help screen their employees, contractors, and customers to prove they are who they say they are.
-
Building an in-house system to manage customer and third-party usernames and passwords may seem straightforward, but in practice may be an unexpectedly difficult task fraught with security risks. As a result, organizations are increasingly turning to customer identity and access management (CIAM) solutions to help increase performance and scalability with less effort and expense. While enterprises are turning to commercial CIAM solutions, IT and cybersecurity leaders are facing issues as they evaluate their CIAM options.
-
Security teams are challenged by the speed of modern software development processes. See data behind the movement to shift security left in an effort to increase security (without slowing down development) with this infographic, Walking the Line: GitOps and Shift Left Security.
-
Research Objectives
As organizations adopt modern software development processes, developers are empowered to quickly develop and release their applications by deploying them to the cloud. Security teams are challenged keeping up with the growth and speed of continuous integration/continuous deployment (CI/CD) cycles and their dynamic components.
While the industry has been talking about shifting security left to help security scale with rapid development, organizations have faced challenges putting that into practice. Most cloud-native security incidents are caused by misconfigurations, putting pressure on security teams to find ways to incorporate security into development so coding issues are caught and fixed before deployment. Organizations also need to focus on better ways to work with developers for rapid remediation of any detected security issues.
In order to gain insights into these trends, ESG surveyed 350 IT (30%) and cybersecurity (40%) decision makers, as well as application developers (30%), responsible for evaluating, purchasing, and utilizing developer-focused security products at midmarket (100 to 999 employees) and enterprise (1,000 or more employees) organizations in North America (US and Canada).
-
Research Objectives
Determine the extent to which organizations incorporate security into developer workflows. Understand the challenges organizations face with faster cloud-native development lifecycles. Gain insights into what types of solutions are most effective at securing software without slowing development processes. Gauge buyer preferences for vendor solutions, how solutions are deployed, and how to reduce work across teams.
-
Explore new research into how security operations centers are coping with the massive scale needed to meet modern demands with this infographic, SOC Modernization and the Role of XDR.
-
This episode of Women in Cybersecurity features Barbie Bigelow, a veteran CIO, cybersecurity executive, board member, advisor, and investor. She is currently CEO of Emerald Growth Partners, LLC, (formerly Better Technology Partners, LLC), which she founded to help clients develop and execute strategic moves while leveraging technology to accelerate growth and increase margins. Clients have included Fortune 500 companies, startup ventures, and non-profits, and she is passionate about sharing her knowledge and increasing the number of women in leadership and board member roles.
Barbie said she got into cybersecurity out of operational necessity; after all, if there is a cybersecurity incident, it affects operations. In her first CIO role at an electronics company, she created a cyber incident response team (CIRT). Since then, she’s held roles and advised companies on how to approach cybersecurity in ways to support technological innovation and business needs.
Don’t miss her video below to learn about her story and her commitments to helping increase the number of women in leadership roles in cybersecurity.
Early in her career, Barbie held technical roles in engineering and program management. She spent 16 years as CIO for Lockheed Martin, and served in other CIO roles, gaining experience in the C-suite and leadership of professional services for companies across industries, including aerospace and defense, government agencies, manufacturing, and financial services.
I think key to my success has been those P&L (profit and loss) and operational roles. There’s really no substitute for knowing business and working with customers in the roles I’ve had. The problems aren’t that different as you move from industry to industry, but the way that maybe people approach them is a little different. And being able to leverage a best practice in a different industry into your industry is a really powerful way to get better and bring innovation into your organization.
About 10 years ago, when her company had a successful exit, she was planning on taking a break. But when some friends in the legal field needed help with a global company facing a cyber breach, she came in to help communicate with their Board of Directors and determine what needed to be done, taking on a year-and-a-half consultancy project with them. Then she launched her cyber consultancy company, working with boards advising on cyber risk and governance.
Barbie is also active in the cybersecurity community and in increasing the number of women in the field and in leadership roles. In June, leveraging other groups that she works with – Women’s Business Collaborative (WBC), and Digital Directors Network (DDN) – with sponsorship from The Gula Tech Foundation, she launched The Women Cyber Governance Collaborative with the mission to equip women board directors and executive leadership with the capability to effectively govern the real and growing risks to organizations from cyber threats. Their goal is to both increase the pipeline of highly qualified cyber savvy women and increase the number of women in executive leadership and board director positions.
It’s focused on training and advancing women in cybersecurity, technology executives, and women who are ready to go on the boards… So we teach technology executives about cyber governance and systemic risk.
Check out Barbie’s resources and video below.
Resources:
- The Women Cyber Governance Collaborative
- Women’s Business Collaborative (WBC)
- Digital Directors Network (DDN)
Be sure to visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can view past episodes and connect with us to hear more inspiring stories in future shows.
-
Research Objectives
Based upon years of previous research, for most organizations, security operations are in a period of both disarray and transition. While organizations expand the development of digital transformation initiatives, cloud-native application development, and remote worker support, SOC teams continue to conduct day-to-day operations using assorted point tools, manual processes, and a shortage of staff and skills. CISOs realize this mismatch leads to an unacceptable reality of ever-increasing cyber-risk.
To address this growing security operations gap, organizations are taking numerous actions to modernize security operations, including automating processes, utilizing advanced analytics, integrating security technologies, and embracing the MITRE ATT&CK framework. In order to gain insights into these trends, ESG surveyed 376 IT and cybersecurity professionals at organizations in North America (US and Canada) personally responsible for evaluating, purchasing, and utilizing threat detection and response security products and services.