Our seasoned analysts couple their industry-leading B2B research with in-depth buyer intent data for unparalleled insights about critical technology markets.
Clients trust us across their GTMs—from strategy and product development to competitive insights and content creation—because we deliver high-quality, actionable support.
Browse our extensive library of research reports, research-based content, and blogs for actionable data and expert analysis of the latest B2B technology trends, market dynamics, and business opportunities.
Our seasoned analysts couple their industry-leading B2B research with in-depth buyer intent data for unparalleled insights about critical technology markets.
Clients trust us across their GTMs—from strategy and product development to competitive insights and content creation—because we deliver high-quality, actionable support.
Browse our extensive library of research reports, research-based content, and blogs for actionable data and expert analysis of the latest B2B technology trends, market dynamics, and business opportunities.
In late 2021 and early 2022, Enterprise Strategy Group, in partnership with the Information Systems Security Association (ISSA), conducted a survey of 280 cybersecurity professionals focused on security processes and technologies at organizations of all sizes in industries such as technology, government, financial services, and business services, among others, spanning countries in North/Central/South America, Europe, Asia, and Africa.
Based upon the research collected for this project, Enterprise Strategy Group and ISSA reached the following conclusions:
Security professionals want more industry cooperation and technology standards.
Organizations are actively consolidating security vendors and integrating technologies.
ESG’s Complete Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.
This Complete Survey Results presentation focuses on how modern application environments and API usage have impacted security strategies, including the inflection point organizations have reached with traditional web application firewalls, as well as preferences for converged web application and API protection solutions.
Security hygiene and posture management is still one of the least mature areas of cybersecurity, and the external attack surface continues to be vulnerable and prone to exploitation at many organizations. While diligent efforts, such as improved asset management and security testing, can help, security hygiene and posture management remains a challenge. Organizations that are addressing their security hygiene and posture management proactively are currently making the most progress. This brief looks at the research data and reports on some of the things these organizations are doing to get ahead.
Organizations continue to rely on user and machine identities that are susceptible to compromise, misuse, and theft. Modern, cloud-managed identity services are available, but organizations have been slow to pivot their security programs to an approach that focuses on identity orchestration and experiences. Enterprise Strategy Group surveyed IT and cybersecurity professionals responsible for identity and access management programs and solutions to gain insights into these trends.
CiscoLive returned to being an in-person event this year and customers responded positively, with 16 thousand showing up to the Mandalay Bay Resort to partake in keynotes, sessions, training, and festivities.
It was great to be in person and able to interact with members of the Cisco executive, technical, and analyst teams, as well as meet with their customers. It also provided me with an opportunity to connect with fellow ESG analysts Rob Strechay and Paul Nashawaty, who were also attending the event.
There were a number of significant networking announcements made during the event, so I will try to encapsulate them in this blog and provide my insights. They included:
The Merakification of Catalyst switches – Part One. With Todd Nightingale in charge of enterprise networking, we are now seeing the introduction of cloud-based management for Catalyst switches (and eventually APs) leveraging the Meraki cloud-based management solution – hands down recognized as the pioneer in cloud-based network management and well known for its operational simplicity. Now, before Catalyst users leveraging DNA Center get too concerned, this is not a forced transition to cloud-based management. Rather, organizations should be thinking about this as an augmentation – the ability to leverage unified cloud-based monitoring of Meraki and Catalyst environments – which is especially helpful to those with highly distributed environments and those with hybrid environments consisting of Catalyst switches with Meraki APs. Even when using this “monitoring” mode, organizations can still use DNA Center to manage the Catalyst environment. Over time, this cloud-based capability will include the ability to manage Catalyst environments leveraging a simplified interface. Given that ESG research highlights that 40% currently have unified wired and wireless network management and another 48% plan to unify, the cloud-based offering is very timely.
Nexus will also offer cloud-based management and new switches. Using the InterSight platform, data center networking teams now have the option to leverage a cloud-based management solution for their data center networking environments. Again, this is about providing choice and management options for data center networking environments. Cisco also rolled out a new family of 400G switches to accommodate the steady growth of data. All switches are 800G-ready to ensure investment protection.
ThousandEyes integration continues with “Predictive Networking” – a great example of how organizations can leverage cloud-based intelligence to deliver better experiences. Essentially, ThousandEyes will analyze the network traffic and provide recommendations to improve performance and experience. Even more important, this technology is completely network-operator-driven, as the solution will demonstrate how much better the experience could be by allowing the operator the options to select a different route and then simply push a button to accept the recommendation and make the change. While this is fairly impressive on its own, the more intriguing part of this announcement was the comment that this intelligence engine could be ported to other areas of the network. Given that ThousandEyes is already connected to much of the Cisco portfolio, this technology could provide additional operational efficiencies for an organization’s end-to-end network environment.
All of these cloud-based announcements are key, as they serve to be a key enabler for greater levels of intelligence (AI/ML) and automation. Given that Cisco has such a massive installed based, the ability to anonymously collect and process all that data in the cloud will drive enormous operational efficiencies and deliver enhanced experiences for organizations. But Cisco customers need to embrace the cloud! I am looking forward to hearing about adoption rates and expect that those campus and branch environments will be more willing to shift – so many are already Meraki customers. I expect that change will be harder for those in the data center, but the transition needs to occur – these networking environments are becoming far too complicated to manage manually. Organizations need to embrace the intelligence that is enabled by cloud-based management. This doesn’t mean you have to switch everything over immediately, but you need to start using the technology to become comfortable with it. I think of this as the “time to comfort” with these advanced technologies – you need to trust that it will do what you would have done, and witness this repeatedly, before you make any advanced intelligence technology live in your environment. It will be critical to have a feedback loop between the network operators and the vendors to ensure algorithms are as efficient as possible.
Other notable announcements included a Cisco + Secure Connect that is a secure access service edge (SASE) offering that can be consumed as a service, leveraging Cisco SD-WAN and security capabilities to protect highly distributed environments. Zero trust for hybrid work was also discussed. For those who are not aware, Cisco has comprehensive security offerings, so zero trust isn’t a product SKU but rather a framework from which organizations can leverage Cisco security solutions to enable zero trust for hybrid work.
We were able to participate in a number of roundtable discussions and engage in one-on-one meetings as well. I had a great conversation with Matt MacPherson on the future of wireless, discussing WFI6/6E/7 and 5G. It was also great to meet with Lawrence Huang to discuss cloud-based network management..
Wrapping up, Cisco took a big step forward by expanding its use of cloud-based network management. It is a good first step and I look forward to tracking their progress by both adoption and capabilities. In particular, it would be great to get a holistic vision on the Cisco cloud strategy and how the Nexus cloud will integrate with the Meraki/Catalyst cloud as well as Viptela and ThousandEyes. Cisco has stated that this will be a journey and given the size of the Cisco portfolio and installed based, it is completely understandable that this journey will take some time.
Last week’s RSA Conference was an orgy of security innovation and industry hyperbole. While this will only make things more confusing for security professionals, they seem to be moving ahead with strategies for security technology consolidation, integration, and a migration to multi-product security platforms.
This week I flew to Nashville, TN to participate in ExtremeConnect 22 customer event. Despite Covid flare ups here and there, this event was very well attended – in fact it was sold out.
This was my second in-person event of 2022 and it is great to be back, as everyone gets so much more out of these events when together, and not just the ability to attend keynotes to feel the energy in the room, but the ability to attend training sessions, the opportunity for impromptu hallway meetings, getting access to executives and engineering talent, and the ability to interact socially with your peers.
ESG conducted a comprehensive online survey of IT professionals from private- and public-sector organizations in North America (United States and Canada), Western Europe, Central/South America, Africa, Asia, and Australia between December 20, 2021 and December 31, 2021. To qualify for this survey, respondents were required to be information security managers, chief information officers, IT senior executives, IT managers/directors, or general IT staff responsible for information security and other comparable titles.
This Complete Survey Results presentation focuses on cybersecurity technology purchase trends, including the current threat landscape’s impact on strategies and subsequent buying decisions, efforts to consolidate vendors and products, the appetite for cybersecurity platforms, and cybersecurity process integration with DevOps practices.
Forgive me for the blatant cheesiness of the title, but in this case, using the term hacking is sort of relevant…bear with me…
No doubt that working in cybersecurity is really THE thing to do right now. The opportunities seem endless. But exactly what paths can you pursue when entering a field that is constantly evolving?
I had the opportunity to discuss one path with Gisela Hinojosa, a pentester at Cobalt. For those not in the know – like me – I thought…huh? Pentesting? Perhaps a simple, albeit naïve, way of understanding what is pentesting (or penetration testing) could be hacking. As a pentester, you attempt to expose potential security vulnerabilities. Basically, you are hacking for legitimate reasons.
As you will hear during our conversation, Gisela worked in software testing before she uncovered this specific path. As she was exploring different options, her husband asked what she always wanted to do. She replied that she wanted to hack, but who would pay her to do that? Turns out that companies do to bolster their security posture before any bad actors have the chance.
What exactly does it take to find a pentesting position? Watch this video and find out what worked for Gisela.
Please visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can also find a link to the full audio interview with Gisela, view past episodes, and join us to hear more inspiring stories in future shows.
This episode of Women in Cybersecurity showcases Brittany Greenfield, the founder and CEO of Wabbi. While Brittany started her career with a degree in biotechnology, working in business process and marketing roles, she turned her focus to cybersecurity, knowing how critical it is in the fabric of technology. Today she leads a company integrating security into software development. Check out our video below.
Growing up in Washington D.C., Brittany had an impression of cybersecurity as how agencies protected the country against foreign enemies. She went to Duke University earning a self-designed interdisciplinary degree in biotechnology, spanning economics, entrepreneurship, public policy, and medical sciences. From there, she spent the first part of her career in the ERP space, and later earned an MBA from MIT Sloane School of Management.
She turned to cybersecurity when she took a role at Cisco helping them build their Internet of Things (IoT) platform.
You can’t talk IoT and not talk cyber. I realized cyber is such a fundamental piece of the digital fabric that powers our lives today, I need to get into it.
She got into the endpoint space, and became frustrated that too many solutions focused on perimeter security, when she felt that the problems need to be solved within. From there, she decided to found Wabbi to help developers efficiently incorporate security into their processes, getting the right security information to developers at the right time.
Tune in to the video, and don’t miss the full podcast, as we discuss key issues, including why women make good leaders. Also, since Wabbi is in my coverage area of cloud and application security, we discuss some of the challenges for organizations trying to scale their security programs with the speed of modern software development.
Learn more about her company Wabbi, and if you’re heading to RSA next week, visit their booth and get a demo! You can also follow her on twitter.
Please visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can also find a link to the full audio interview with Brittany, view past episodes, and join us to hear more inspiring stories in future shows.
ESG conducted a comprehensive online survey of IT and cybersecurity professionals from private- and public-sector organizations in North America (United States and Canada) between December 14, 2021 and December 28, 2021. To qualify for this survey, respondents were required to be IT and cybersecurity professionals focusing on identity and access management programs, projects, processes, solutions/platforms, and services.
This Complete Survey Results presentation focuses how organizations are currently monitoring and protecting identities in terms of the breadth of identity products, platforms, and technologies supporting current business operations, as well as how that is expected to evolve over time.
Enterprise Strategy Group’s annual technology spending intentions report for 2022 surveyed 706 senior IT decision-makers at midmarket (i.e., 100 to 999 employees) and enterprise (i.e., 1,000 or more employees) organizations across North America, Western Europe and Asia Pacific. From an overall perspective, the good news is that 62% of organizations plan to increase overall IT spending. As part of that research, respondents with purchasing influence or authority for networking products and services were asked about their organization’s spending plans in this area over the next 12 months. The data indicates that 52% are expected to maintain the prior year’s budget levels and 43% will increase spending. Only 5% will shrink their networking budget.
Given that modern IT environments are highly distributed and complex, ESG also asked respondents to identify the areas where their organization would make the most significant investments in its network infrastructure over the next 12 to 18 months.
More than one-third (38%) of organizations will provide additional training to their networking staff on modern IT operations best practices; 36% will deploy cloud-based network management solutions; and 35% will deploy AI/ML for network self-healing and optimization capabilities. The responses largely confirm the demand for technologies highlighted in a 2021 ESG research report on network modernization.
As organizations modernize their IT and application environments, they recognize that doing so requires training network staff to ensure the network can support these new IT operations and best practices. The faster growth of closely related IT priorities — many driven by post-COVID-19 hybrid work environments — including cybersecurity and distributing applications to the cloud or edge, suggests that network infrastructure will continue to play a vital role in enabling these environments.
Last week’s RSA Conference was an orgy of security innovation and industry hyperbole. While this will only make things more confusing for security professionals, they seem to be moving ahead with strategies for security technology consolidation, integration, and a migration to multi-product security platforms.
This week I flew to Nashville, TN to participate in ExtremeConnect 22 customer event. Despite Covid flare ups here and there, this event was very well attended – in fact it was sold out.
Given that modern IT environments are highly distributed and complex, ESG also asked respondents to identify the areas where their organization would make the most significant investments in its network infrastructure over the next 12 to 18 months.