Markets

Our seasoned analysts couple their industry-leading B2B research with in-depth buyer intent data for unparalleled insights about critical technology markets.

Overview

Business Applications

Cybersecurity

Data Management, Analytics & AI

Infrastructure, Cloud & DevOps

Services

Clients trust us across their GTMs—from strategy and product development to competitive insights and content creation—because we deliver high-quality, actionable support.

Overview

Insights

Browse our extensive library of research reports, research-based content, and blogs for actionable data and expert analysis of the latest B2B technology trends, market dynamics, and business opportunities.

Insights
Contact Us

Cybersecurity & Networking

  • Women in Cybersecurity: Laurie Haley

    ·

    Melinda Marks

    This episode of Women in Cybersecurity features my dear friend, Laurie Haley, VP of Strategic Alliances at application security company Veracode. I first met Laurie when we worked together at Qualys, where she was a superstar sales leader who had a technical background. She got her start in tech support, moving into network engineering, and then into cybersecurity roles at VeriSign and SecureWorks. Then she worked at CVS doing vulnerability management before moving to Qualys, where she spent nearly nine years, including serving as Executive VP of Worldwide Field Operations. Now she heads up strategic alliances for Veracode. With her technical background and her understanding of customer needs, she is passionate about helping them solve their biggest cybersecurity challenges with effective solutions. 

    Don’t miss her video below.

    Laurie got her start in tech support and network engineering, but has been in cybersecurity since 2007 because it’s such a rewarding field.

    “What really was important to me was I wanted to do something with my career that was interesting and I was talented at, but was going to make an impact.”

    After working at CVS in vulnerability management, she moved to Qualys, a company known for hiring practitioners on their sales team. “Here I was with this opportunity to take that background and bring in another skill set that I have – which is working with people, communication, negotiation – and bringing to focus helping people, working with clients, helping them do what I did at CVS.”

    I have great memories of working with Laurie there, getting her perspective for product releases and working with her on customer case studies.

    Now, Laurie is running strategic alliances for Veracode, working on technical integrations to benefit their customers. “I’m taking my hands-on experience to help Veracode align itself with technologies and companies that will help them overcome their challenges.”

    I love our industry for the people I meet, and Laurie is one of my favorites. She gave me tips and advice when I was pregnant with my son, as we share aspirations of being powerhouse career women while raising our families. In addition to being a superstar at work, she’s a mother of four.

    “I’m a mother of four. It’s a challenge to be a professional at my level in a very fast-paced business in an industry that requires a lot of involvement and effort. I have got to have people who can help me out. So asking for help to be able to balance everything so you can achieve your goals is a really important piece of advice that was hard-learned for me.”

    Laurie said the Executive Women’s Forum has been a big part of her journey. “They are one of the biggest groups to support women in cyber, and I’m a part of their mentor program,” she said. “They’re focused on supplying the networking forums that all of us women in this business can use to figure out challenges and help each other get ahead. And there’s the mentor program bringing up young professionals so that they can take over for us someday when we retire.”

    Be sure to check out Laurie’s video below. Also, check out the Executive Women’s Forum: https://www.ewf-usa.com/ and connect with Laurie on LinkedIn.

    Be sure to visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can also find a link to the full audio interview with Laurie where we discuss this and much more. You can also view past episodes and connect with us to hear more inspiring stories in future shows.

  • EUC Zero Trust Strategies Gain Momentum

    ·

    John Grady

    Security threats are on the upswing, businesses are hastening digital transformation plans, IT infrastructures are accelerating toward the cloud, and hybrid and remote workforces are the new reality. Enterprises have stepped up efforts to protect an expanding attack surface and the vulnerable access points of corporate-owned devices and BYODs. As a result, zero trust network access (ZTNA), barely on the radar screen as part of an end-user computing (EUC) strategy a short time ago, is now a top-of-mind consideration among IT professionals. Yet, compared to other established EUC strategy components, zero trust deployments in most corporations are just in the early innings.

    (more…)

  • Trends in Modern Application Protection

    ·

    Enterprise Strategy Group

    Securing applications has become more difficult than ever thanks to heterogeneous application environments, distributed responsibility for application security, and advanced attack campaigns. Converged application protection platforms have emerged to address many of these issues, but organizations can struggle with prioritizing the capabilities they require, assessing the different types of tools available, and meeting the diverse needs of a broad set of stakeholders.

    Download Now
    For more information or to discuss these findings with an analyst, please contact us.

  • More Assets, More Security Hygiene and Posture Management Problems

    ·

    Jon Oltsik

    As organizations add more IT assets, their attack surfaces also grow, and so does the organization’s need for better security hygiene and posture management. Security hygiene and posture management rely on a broad range of tools such as vulnerability management, asset management, attack surface management and security testing to monitor all IT assets in an organization.

    (more…)

  • Trends in Modern Application Protection

    ·

    John Grady

    Research Objectives:

    Securing applications has become more difficult than ever. Increasingly heterogeneous application environments coupled with distributed responsibility for application security has resulted in security complexity and tool sprawl. Further, attackers understand this challenge and use it to their advantage. While exploits against known application vulnerabilities remain common, advanced campaigns use bots to amplify denial of service and credential attacks that target web applications as well as the APIs they rely upon. Converged application protection platforms have emerged to address many of these issues, but organizations can struggle with prioritizing the capabilities they require, assessing the different types of tools available, and meeting the diverse needs of a broad set of stakeholders.

    In order to gain insight into these trends, ESG surveyed 366 IT, cybersecurity, and application development professionals personally involved with web application protection technology and processes at North American organizations.

    This study sought to answer the following questions:

    • How many public-facing web applications and websites do organizations support? What percentage run on public cloud infrastructure today, and how is this expected to change over the next 24 months?
    • What percentage of organizations’ public-facing web applications are based on microservices today, and how is this expected to change over the next 24 months? To what extent do organizations plan to incorporate security processes and controls via DevOps processes?
    • How do organizations view web application protection? What challenges do organizations face with protecting their public-facing web applications?
    • What kind of web applications and API attacks have organizations experienced in the last year? What impacts do organizations experience from the attacks?
    • Is ensuring secure and available applications among the top cybersecurity priorities for organizations? Will organizations increase spending on web application and API protection technologies, services, and personnel? What are the critical drivers of spending?
    • Which discrete tools and capabilities do organizations use to protect web applications? Why do organizations use multiple web application protection tools? What challenges do organizations face with the tools they use to protect applications?
    • What proportion of organizations’ public-facing web applications and websites use APIs today, and how is this expected to change over the next 24 months? What are the biggest challenges with protecting APIs?
    • What are organizations’ plans regarding WAAP? To what extent have they deployed WAAP? What types of applications and APIs do organizations anticipate would use a WAAP platform? Which tools are the most important in a WAAP platform? How would organizations prefer to deploy a WAAP platform?

    Survey participants represented a wide range of industries including manufacturing, technology, financial services, and retail/wholesale. For more details, please see the Research Methodology and Respondent Demographics sections of this report.

    Already an Enterprise Strategy Group client? Log in to read the full report.
    If you are not yet a Subscription Client but would like to learn more about accessing this report, please contact us.

  • Network Security Trends in Hybrid Cloud Environments

    ·

    John Grady

    Research Objectives:

    In order to gain insight into how public cloud computing services are impacting network security strategies, ESG surveyed 255 cybersecurity and IT/information security professionals at organizations in North America (US and Canada) familiar with their organization’s network security tools and processes and responsible for evaluating, purchasing, and/or operating corporate network security controls across public cloud infrastructure and on-premises data centers/private cloud.

    This study sought to answer the following questions:

    • How difficult is operating public cloud infrastructure compared to two years ago? What are the greatest challenges organizations face when it comes to public cloud security?
    • What tools do organizations currently use to protect their public cloud infrastructure environment?
    • What are the biggest reasons organizations use security groups or network firewalls from cloud security providers?
    • How difficult is on-premises data center/private cloud security compared to two years ago? What are the greatest challenges organizations face when it comes to public cloud infrastructure security?
    • What are the most important attributes when it comes to on-premises data center/private cloud network security tools?
    • How do organizations view hybrid cloud models?
    • What are the biggest challenges with respect to supporting applications spanning public cloud infrastructure and on-premises data center infrastructure?
    • How often do organizations evaluate their network security tools for public cloud and on-premises data center/private cloud infrastructure?
    • Do organizations spend more on public cloud infrastructure or on on-premises data center/private cloud security? How will security spending change in the next 24 months?
    • What groups are responsible for the security processes, policies, and technologies associated with protecting the organization’s public cloud infrastructure and on-premises data center/private cloud? How is their day-to-day collaboration characterized? How willing are they to invest in and support public cloud security initiatives?
    • Do organizations use microsegmentation today? How will this change 24 months from now? How will organizations employ microsegmentation? Why would organizations not use microsegmentation more widely?
    • How often are security incidents a result of encrypted traffic? What is the most attractive method of encrypted traffic visibility?

    Survey participants represented a wide range of industries including manufacturing, financial services, retail, healthcare, and technology. For more details, please see the Research Methodology and Respondent Demographics sections of this report.

    (more…)

  • Women in Cybersecurity: Arti Raman

    ·

    Melinda Marks

    This episode of Women in Cybersecurity features Arti Raman, the founder and CEO of Titaniam, an innovative data security company that helps organization protect their data even if they have been infiltrated.

    Arti didn’t start out in cybersecurity; her education was in economics and math, but when she worked at Agiliance in the area of Governance, Risk, and Compliance (GRC) 12 years ago, she was drawn to solving security problems and decided to put her analytical background to use to solve challenging security problems. She then worked at Symantec, where she tackled enterprise cybersecurity challenges, such as data center security and isolating workloads. Today, she leads her own company, drawing from her past experience of running another successful startup before she got into cybersecurity. Don’t miss her video below.

    Arti went from receiving an undergraduate degree in economics and math straight into a PhD program, but halfway through the program, she decided to put her skills and her experience into commercial applications to use. Starting out as a consultant at American Management Systems (AMS), a high-tech management and consulting firm, she consulted on projects, including customer relationship management (CRM) and data warehousing. Arti was in her early 20s when she founded her first startup, Liquid Engine. After five years, she sold the tax management company to Thomson Reuters.

    Later, she moved to Agiliance, working in GRC, and then she transitioned into cybersecurity when she moved to Symantec. After running competitive intelligence and market intelligence, Arti found a gap in information protection, so she started her own security company, Titaniam.

    “Security is such a rich domain, and if you’ve got any analytical or mathematics background, you can find those inclinations in your brain well exercised in the security domain,” she said. 

    With experience under her belt from her first startup, she discussed the importance of working hard on her product and its value proposition, investing her time in solving customer problems, benchmarking its effectiveness in the lab, and working closely with enterprise customers so she could build the best product and bring it to market.

    The company is focused on solving the challenge with encryption, which typically works “at rest,” meaning it works only when it is not being accessed. Arti decided to apply her knowledge of math, systems, and cryptography to create “encryption in use” to solve the problem of protecting data with encryption while it is in use. This helps enterprises protect valuable data, even if the company is infiltrated or if data is being accessed by a malicious person who got in with valid credentials.

    Arti shared her favorite resources for women in cybersecurity:

     

    Learn more about Arti’s company, Titaniam, and follow her on LinkedIn

    Be sure to visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can also find a link to the full audio interview with Arti where we discuss this and much more. You can also view past episodes and connect with us to hear more inspiring stories in future shows.

  • Technology Perspectives from Cybersecurity Professionals

    ·

    Jon Oltsik

    In late 2021 and early 2022, Enterprise Strategy Group, in partnership with the Information Systems Security Association (ISSA), conducted a survey of 280 cybersecurity professionals focused on security processes and technologies at organizations of all sizes in industries such as technology, government, financial services, and business services, among others, spanning countries in North/Central/South America, Europe, Asia, and Africa.

    Based upon the research collected for this project, Enterprise Strategy Group and ISSA reached the following conclusions:

    • Security professionals want more industry cooperation and technology standards.
    • Organizations are actively consolidating security vendors and integrating technologies.
    • and more…
    Download Now

  •  Trends in Modern Application Protection

    ·

    Enterprise Strategy Group

    ESG’s Complete Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.

    This Complete Survey Results presentation focuses on how modern application environments and API usage have impacted security strategies, including the inflection point organizations have reached with traditional web application firewalls, as well as preferences for converged web application and API protection solutions.

    (more…)

  • What Do Security Hygiene and Posture Management Leaders Do?

    ·

    Jon Oltsik

    Security hygiene and posture management is still one of the least mature areas of cybersecurity, and the external attack surface continues to be vulnerable and prone to exploitation at many organizations. While diligent efforts, such as improved asset management and security testing, can help, security hygiene and posture management remains a challenge. Organizations that are addressing their security hygiene and posture management proactively are currently making the most progress. This brief looks at the research data and reports on some of the things these organizations are doing to get ahead.

    (more…)

  • Securing the Identity Perimeter with Defense in Depth

    ·

    Jack Poller

    Organizations continue to rely on user and machine identities that are susceptible to compromise, misuse, and theft. Modern, cloud-managed identity services are available, but organizations have been slow to pivot their security programs to an approach that focuses on identity orchestration and experiences. Enterprise Strategy Group surveyed IT and cybersecurity professionals responsible for identity and access management programs and solutions to gain insights into these trends.

    Download Now
    For more information or to discuss these findings with an analyst, please contact us.

  • CiscoLive is Back!

    ·

    Bob Laliberte

    CiscoLive returned to being an in-person event this year and customers responded positively, with 16 thousand showing up to the Mandalay Bay Resort to partake in keynotes, sessions, training, and festivities.

    It was great to be in person and able to interact with members of the Cisco executive, technical, and analyst teams, as well as meet with their customers. It also provided me with an opportunity to connect with fellow ESG analysts Rob Strechay and Paul Nashawaty, who were also attending the event.

    There were a number of significant networking announcements made during the event, so I will try to encapsulate them in this blog and provide my insights. They included:

    • The Merakification of Catalyst switches – Part One. With Todd Nightingale in charge of enterprise networking, we are now seeing the introduction of cloud-based management for Catalyst switches (and eventually APs) leveraging the Meraki cloud-based management solution – hands down recognized as the pioneer in cloud-based network management and well known for its operational simplicity. Now, before Catalyst users leveraging DNA Center get too concerned, this is not a forced transition to cloud-based management. Rather, organizations should be thinking about this as an augmentation – the ability to leverage unified cloud-based monitoring of Meraki and Catalyst environments – which is especially helpful to those with highly distributed environments and those with hybrid environments consisting of Catalyst switches with Meraki APs. Even when using this “monitoring” mode, organizations can still use DNA Center to manage the Catalyst environment. Over time, this cloud-based capability will include the ability to manage Catalyst environments leveraging a simplified interface. Given that ESG research highlights that 40% currently have unified wired and wireless network management and another 48% plan to unify, the cloud-based offering is very timely.
    • Nexus will also offer cloud-based management and new switches. Using the InterSight platform, data center networking teams now have the option to leverage a cloud-based management solution for their data center networking environments. Again, this is about providing choice and management options for data center networking environments. Cisco also rolled out a new family of 400G switches to accommodate the steady growth of data. All switches are 800G-ready to ensure investment protection.
    • ThousandEyes integration continues with “Predictive Networking” – a great example of how organizations can leverage cloud-based intelligence to deliver better experiences. Essentially, ThousandEyes will analyze the network traffic and provide recommendations to improve performance and experience. Even more important, this technology is completely network-operator-driven, as the solution will demonstrate how much better the experience could be by allowing the operator the options to select a different route and then simply push a button to accept the recommendation and make the change. While this is fairly impressive on its own, the more intriguing part of this announcement was the comment that this intelligence engine could be ported to other areas of the network. Given that ThousandEyes is already connected to much of the Cisco portfolio, this technology could provide additional operational efficiencies for an organization’s end-to-end network environment.

    All of these cloud-based announcements are key, as they serve to be a key enabler for greater levels of intelligence (AI/ML) and automation. Given that Cisco has such a massive installed based, the ability to anonymously collect and process all that data in the cloud will drive enormous operational efficiencies and deliver enhanced experiences for organizations. But Cisco customers need to embrace the cloud! I am looking forward to hearing about adoption rates and expect that those campus and branch environments will be more willing to shift – so many are already Meraki customers. I expect that change will be harder for those in the data center, but the transition needs to occur – these networking environments are becoming far too complicated to manage manually. Organizations need to embrace the intelligence that is enabled by cloud-based management. This doesn’t mean you have to switch everything over immediately, but you need to start using the technology to become comfortable with it. I think of this as the “time to comfort” with these advanced technologies – you need to trust that it will do what you would have done, and witness this repeatedly, before you make any advanced intelligence technology live in your environment. It will be critical to have a feedback loop between the network operators and the vendors to ensure algorithms are as efficient as possible.

    Other notable announcements included a Cisco + Secure Connect that is a secure access service edge (SASE) offering that can be consumed as a service, leveraging Cisco SD-WAN and security capabilities to protect highly distributed environments. Zero trust for hybrid work was also discussed. For those who are not aware, Cisco has comprehensive security offerings, so zero trust isn’t a product SKU but rather a framework from which organizations can leverage Cisco security solutions to enable zero trust for hybrid work.

    We were able to participate in a number of roundtable discussions and engage in one-on-one meetings as well. I had a great conversation with Matt MacPherson on the future of wireless, discussing WFI6/6E/7 and 5G. It was also great to meet with Lawrence Huang to discuss cloud-based network management..

    Wrapping up, Cisco took a big step forward by expanding its use of cloud-based network management. It is a good first step and I look forward to tracking their progress by both adoption and capabilities. In particular, it would be great to get a holistic vision on the Cisco cloud strategy and how the Nexus cloud will integrate with the Meraki/Catalyst cloud as well as Viptela and ThousandEyes. Cisco has stated that this will be a journey and given the size of the Cisco portfolio and installed based, it is completely understandable that this journey will take some time.