Our seasoned analysts couple their industry-leading B2B research with in-depth buyer intent data for unparalleled insights about critical technology markets.
Clients trust us across their GTMs—from strategy and product development to competitive insights and content creation—because we deliver high-quality, actionable support.
Browse our extensive library of research reports, research-based content, and blogs for actionable data and expert analysis of the latest B2B technology trends, market dynamics, and business opportunities.
Our seasoned analysts couple their industry-leading B2B research with in-depth buyer intent data for unparalleled insights about critical technology markets.
Clients trust us across their GTMs—from strategy and product development to competitive insights and content creation—because we deliver high-quality, actionable support.
Browse our extensive library of research reports, research-based content, and blogs for actionable data and expert analysis of the latest B2B technology trends, market dynamics, and business opportunities.
Organizations are distributing applications across multiple public cloud environments and edge locations. This is driven by the need to collect and analyze the data generated at these remote sites to enable organizations to improve quality, deliver enhanced experiences (both customer and employee), and gather deeper insights into the business. Because the “edge” can be defined in many ways depending on several factors, such as company size and industry, organizations employ a range of strategies and an ecosystem of partners that includes cloud service providers, telecommunication companies, colocation providers, and even traditional technology vendors to ensure robust edge computing environments that deliver critical business insights.
Understand the current state of the edge computing environment, including budgets and prioritization. Determine the key drivers, challenges, benefits, and use cases for edge computing. Get an accurate picture of edge infrastructure, network, security, and data environments. Identify vital players and their roles/influence for enabling edge environments.
My colleague John Grady completed a new research report on Trends in Modern Application Protection. It covers how organizations are modernizing their application architectures and the challenges they are seeing in web application and API protection platforms. In this video, we discuss some of his findings on API security. Watch the video below to learn about:
The growth of APIs
Challenges and methods to secure them
API incidents that organizations have experienced and their impacts
Methods of remediating API coding errors and their effectiveness
As ransomware actors have gained in experience and sophistication, they’ve adopted new tactics. Before encrypting your data, they exfiltrate it. This way, they can make you pay twice–first for an encryption key, and second, an extortion fee to prevent the attacker from publishing your sensitive data.
Data security encompasses the principles and practice of ensuring legitimate access and preventing unauthorized access to data to preserve the cybersecurity triad of confidentiality, integrity, and access (CIA). A data security platform that enables you to discover, classify, and protect your sensitive data can stop a ransomware attacker from data exfiltration and limit your exposure to extortion.
Easy-to-remember passwords are easy to crack. Strong passwords are hard to remember, leading to password reuse and the risk of password compromise that causes multiple account takeovers. Passwords are risky business.
Multifactor authentication (MFA) is a way to combat the inherent weaknesses of passwords. Yet MFA is also susceptible to compromise. Passwordless authentication based on the FIDO standards and public key encryption is the new archetype for authentication, and is phishing- and compromise-resistant.
This episode of Women in Cybersecurity features my dear friend, Laurie Haley, VP of Strategic Alliances at application security company Veracode. I first met Laurie when we worked together at Qualys, where she was a superstar sales leader who had a technical background. She got her start in tech support, moving into network engineering, and then into cybersecurity roles at VeriSign and SecureWorks. Then she worked at CVS doing vulnerability management before moving to Qualys, where she spent nearly nine years, including serving as Executive VP of Worldwide Field Operations. Now she heads up strategic alliances for Veracode. With her technical background and her understanding of customer needs, she is passionate about helping them solve their biggest cybersecurity challenges with effective solutions.
Don’t miss her video below.
Laurie got her start in tech support and network engineering, but has been in cybersecurity since 2007 because it’s such a rewarding field.
“What really was important to me was I wanted to do something with my career that was interesting and I was talented at, but was going to make an impact.”
After working at CVS in vulnerability management, she moved to Qualys, a company known for hiring practitioners on their sales team. “Here I was with this opportunity to take that background and bring in another skill set that I have – which is working with people, communication, negotiation – and bringing to focus helping people, working with clients, helping them do what I did at CVS.”
I have great memories of working with Laurie there, getting her perspective for product releases and working with her on customer case studies.
Now, Laurie is running strategic alliances for Veracode, working on technical integrations to benefit their customers. “I’m taking my hands-on experience to help Veracode align itself with technologies and companies that will help them overcome their challenges.”
I love our industry for the people I meet, and Laurie is one of my favorites. She gave me tips and advice when I was pregnant with my son, as we share aspirations of being powerhouse career women while raising our families. In addition to being a superstar at work, she’s a mother of four.
“I’m a mother of four. It’s a challenge to be a professional at my level in a very fast-paced business in an industry that requires a lot of involvement and effort. I have got to have people who can help me out. So asking for help to be able to balance everything so you can achieve your goals is a really important piece of advice that was hard-learned for me.”
Laurie said the Executive Women’s Forum has been a big part of her journey. “They are one of the biggest groups to support women in cyber, and I’m a part of their mentor program,” she said. “They’re focused on supplying the networking forums that all of us women in this business can use to figure out challenges and help each other get ahead. And there’s the mentor program bringing up young professionals so that they can take over for us someday when we retire.”
Be sure to visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can also find a link to the full audio interview with Laurie where we discuss this and much more. You can also view past episodes and connect with us to hear more inspiring stories in future shows.
Security threats are on the upswing, businesses are hastening digital transformation plans, IT infrastructures are accelerating toward the cloud, and hybrid and remote workforces are the new reality. Enterprises have stepped up efforts to protect an expanding attack surface and the vulnerable access points of corporate-owned devices and BYODs. As a result, zero trust network access (ZTNA), barely on the radar screen as part of an end-user computing (EUC) strategy a short time ago, is now a top-of-mind consideration among IT professionals. Yet, compared to other established EUC strategy components, zero trust deployments in most corporations are just in the early innings.
Securing applications has become more difficult than ever thanks to heterogeneous application environments, distributed responsibility for application security, and advanced attack campaigns. Converged application protection platforms have emerged to address many of these issues, but organizations can struggle with prioritizing the capabilities they require, assessing the different types of tools available, and meeting the diverse needs of a broad set of stakeholders.
As organizations add more IT assets, their attack surfaces also grow, and so does the organization’s need for better security hygiene and posture management. Security hygiene and posture management rely on a broad range of tools such as vulnerability management, asset management, attack surface management and security testing to monitor all IT assets in an organization.
Securing applications has become more difficult than ever. Increasingly heterogeneous application environments coupled with distributed responsibility for application security has resulted in security complexity and tool sprawl. Further, attackers understand this challenge and use it to their advantage. While exploits against known application vulnerabilities remain common, advanced campaigns use bots to amplify denial of service and credential attacks that target web applications as well as the APIs they rely upon. Converged application protection platforms have emerged to address many of these issues, but organizations can struggle with prioritizing the capabilities they require, assessing the different types of tools available, and meeting the diverse needs of a broad set of stakeholders.
In order to gain insight into these trends, ESG surveyed 366 IT, cybersecurity, and application development professionals personally involved with web application protection technology and processes at North American organizations.
This study sought to answer the following questions:
How many public-facing web applications and websites do organizations support? What percentage run on public cloud infrastructure today, and how is this expected to change over the next 24 months?
What percentage of organizations’ public-facing web applications are based on microservices today, and how is this expected to change over the next 24 months? To what extent do organizations plan to incorporate security processes and controls via DevOps processes?
How do organizations view web application protection? What challenges do organizations face with protecting their public-facing web applications?
What kind of web applications and API attacks have organizations experienced in the last year? What impacts do organizations experience from the attacks?
Is ensuring secure and available applications among the top cybersecurity priorities for organizations? Will organizations increase spending on web application and API protection technologies, services, and personnel? What are the critical drivers of spending?
Which discrete tools and capabilities do organizations use to protect web applications? Why do organizations use multiple web application protection tools? What challenges do organizations face with the tools they use to protect applications?
What proportion of organizations’ public-facing web applications and websites use APIs today, and how is this expected to change over the next 24 months? What are the biggest challenges with protecting APIs?
What are organizations’ plans regarding WAAP? To what extent have they deployed WAAP? What types of applications and APIs do organizations anticipate would use a WAAP platform? Which tools are the most important in a WAAP platform? How would organizations prefer to deploy a WAAP platform?
Survey participants represented a wide range of industries including manufacturing, technology, financial services, and retail/wholesale. For more details, please see the Research Methodology and Respondent Demographics sections of this report.
Already an Enterprise Strategy Group client? Log in to read the full report.
If you are not yet a Subscription Client but would like to learn more about accessing this report, please contact us.
In order to gain insight into how public cloud computing services are impacting network security strategies, ESG surveyed 255 cybersecurity and IT/information security professionals at organizations in North America (US and Canada) familiar with their organization’s network security tools and processes and responsible for evaluating, purchasing, and/or operating corporate network security controls across public cloud infrastructure and on-premises data centers/private cloud.
This study sought to answer the following questions:
How difficult is operating public cloud infrastructure compared to two years ago? What are the greatest challenges organizations face when it comes to public cloud security?
What tools do organizations currently use to protect their public cloud infrastructure environment?
What are the biggest reasons organizations use security groups or network firewalls from cloud security providers?
How difficult is on-premises data center/private cloud security compared to two years ago? What are the greatest challenges organizations face when it comes to public cloud infrastructure security?
What are the most important attributes when it comes to on-premises data center/private cloud network security tools?
How do organizations view hybrid cloud models?
What are the biggest challenges with respect to supporting applications spanning public cloud infrastructure and on-premises data center infrastructure?
How often do organizations evaluate their network security tools for public cloud and on-premises data center/private cloud infrastructure?
Do organizations spend more on public cloud infrastructure or on on-premises data center/private cloud security? How will security spending change in the next 24 months?
What groups are responsible for the security processes, policies, and technologies associated with protecting the organization’s public cloud infrastructure and on-premises data center/private cloud? How is their day-to-day collaboration characterized? How willing are they to invest in and support public cloud security initiatives?
Do organizations use microsegmentation today? How will this change 24 months from now? How will organizations employ microsegmentation? Why would organizations not use microsegmentation more widely?
How often are security incidents a result of encrypted traffic? What is the most attractive method of encrypted traffic visibility?
Survey participants represented a wide range of industries including manufacturing, financial services, retail, healthcare, and technology. For more details, please see the Research Methodology and Respondent Demographics sections of this report.
This episode of Women in Cybersecurity features Arti Raman, the founder and CEO of Titaniam, an innovative data security company that helps organization protect their data even if they have been infiltrated.
Arti didn’t start out in cybersecurity; her education was in economics and math, but when she worked at Agiliance in the area of Governance, Risk, and Compliance (GRC) 12 years ago, she was drawn to solving security problems and decided to put her analytical background to use to solve challenging security problems. She then worked at Symantec, where she tackled enterprise cybersecurity challenges, such as data center security and isolating workloads. Today, she leads her own company, drawing from her past experience of running another successful startup before she got into cybersecurity. Don’t miss her video below.
Arti went from receiving an undergraduate degree in economics and math straight into a PhD program, but halfway through the program, she decided to put her skills and her experience into commercial applications to use. Starting out as a consultant at American Management Systems (AMS), a high-tech management and consulting firm, she consulted on projects, including customer relationship management (CRM) and data warehousing. Arti was in her early 20s when she founded her first startup, Liquid Engine. After five years, she sold the tax management company to Thomson Reuters.
Later, she moved to Agiliance, working in GRC, and then she transitioned into cybersecurity when she moved to Symantec. After running competitive intelligence and market intelligence, Arti found a gap in information protection, so she started her own security company, Titaniam.
“Security is such a rich domain, and if you’ve got any analytical or mathematics background, you can find those inclinations in your brain well exercised in the security domain,” she said.
With experience under her belt from her first startup, she discussed the importance of working hard on her product and its value proposition, investing her time in solving customer problems, benchmarking its effectiveness in the lab, and working closely with enterprise customers so she could build the best product and bring it to market.
The company is focused on solving the challenge with encryption, which typically works “at rest,” meaning it works only when it is not being accessed. Arti decided to apply her knowledge of math, systems, and cryptography to create “encryption in use” to solve the problem of protecting data with encryption while it is in use. This helps enterprises protect valuable data, even if the company is infiltrated or if data is being accessed by a malicious person who got in with valid credentials.
Arti shared her favorite resources for women in cybersecurity:
Learn more about Arti’s company, Titaniam, and follow her on LinkedIn.
Be sure to visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can also find a link to the full audio interview with Arti where we discuss this and much more. You can also view past episodes and connect with us to hear more inspiring stories in future shows.
As ransomware actors have gained in experience and sophistication, they’ve adopted new tactics. Before encrypting your data, they exfiltrate it. This way, they can make you pay twice–first for an encryption key, and second, an extortion fee to prevent the attacker from publishing your sensitive data.
Easy-to-remember passwords are easy to crack. Strong passwords are hard to remember,