Our seasoned analysts couple their industry-leading B2B research with in-depth buyer intent data for unparalleled insights about critical technology markets.
Clients trust us across their GTMs—from strategy and product development to competitive insights and content creation—because we deliver high-quality, actionable support.
Browse our extensive library of research reports, research-based content, and blogs for actionable data and expert analysis of the latest B2B technology trends, market dynamics, and business opportunities.
Our seasoned analysts couple their industry-leading B2B research with in-depth buyer intent data for unparalleled insights about critical technology markets.
Clients trust us across their GTMs—from strategy and product development to competitive insights and content creation—because we deliver high-quality, actionable support.
Browse our extensive library of research reports, research-based content, and blogs for actionable data and expert analysis of the latest B2B technology trends, market dynamics, and business opportunities.
The core tenet of a zero trust strategy is least-privilege access. Yet, organizations continue to rely on user and machine identities that are susceptible to compromise, abuse/misuse, and theft. Risk is compounded by over-permissive, static access rights that provide little to no visibility into who and what is using access and how. Vaguer is how identities are being/should be monitored and protected. Availability of modern, cloud-managed identity services is widespread. Yet organizations have been slow to pivot their security programs from traditional endpoint, network, and SecOps to an approach that focuses on identity orchestration and experiences, which is dynamic and distributed. Where there are no perimeters, a multitude of identity verification services and managed identity services exist.
In order to gain insights into these trends, ESG surveyed 488 IT and cybersecurity professionals personally responsible for identity and access management programs, projects, processes, solutions/platforms, and services at large midmarket (500 to 999 employees) and enterprise (1,000 or more employees) organizations in North America (US and Canada).
My colleague Rob Stretchay completed research on the challenges organizations face as their applications become more distributed across clouds. In this video, we discuss some of his findings, including how developers are spending their time – including their time remediating security issues. This is interesting to me because we’ve been talking about developer workflows and whether developers can take on some security processes. Developers want to focus on building software, but they care about quality, reliability, and they don’t want to waste time doing rework. Check out the video to hear us discuss the opportunity for security solutions to help.
This week I’m pleased to share my interview with Sharon Goldberg, the cofounder and CEO of BastionZero. She is also a computer science professor at Boston University. Check out our video below.
After graduating with a degree in electrical engineering from the University of Toronto, Sharon started her career as a telecom engineer at a power company building communications systems for its different power stations. After a few months, she was bored so she applied and got accepted to grad school at Princeton University, where she joined a team using lasers to encrypt communications. She took a course in cryptography and got hooked, moving more into computer science and internet security, earning her PhD in applied cryptography and network security.
At the end of her PhD, she says she took the typical route of becoming a professor. Once she had tenure, she had more freedom to work on what she wanted, and realized she wanted to build something that people could use, instead of just doing the research and publishing a paper, and moving on to other research.
So she started BastionZero to help organizations better manage remote access. It’s built around the concept of cryptography, and it was something she worked on along with her cofounder, Ethan Heilman, for the past decade.
“There’s an opportunity to change the way the market actually does remote access…to not have a single route of trust that controls the access but to have multiple routes of trust that control the access…So if there is a compromise, the security of your system doesn’t fall apart.”
While leading her company, Sharon continues to teach cybersecurity. “When you teach, you can’t just stand there and teach stale stuff. When you teach, you teach on a broad set of topics…When you talk to students and see how they are absorbing the material, it’s an incredible privilege.”
She says she’s seen progress with women in tech and cybersecurity. She recalls how when she started out, in the early 2000s, women in tech had to prove themselves and were often underestimated. “You always sort of assumed that no one was going to take you seriously and you were just going to show them…a lot of women who got through that era had that kind of attitude. I’ll just show you, you’re underestimating me. Then you go off and do something really hard…I think women who are starting out now are more surprised when they aren’t taken seriously, which is progress.”
Her advice: if someone underestimates you, don’t take it seriously, it’s their problem. Build a strong network and support system; find people who you click with and who understand your problem area to help you deal with any issues with fear or inadequacy when you start something new.
She also says things happen fast in this industry. She uses social media as a tool to connect with people and learn from how much information is shared in the cybersecurity community.
Check out Sharon’s company BastionZero to learn more. If you’re heading to RSA in a few weeks, you can root for her in the Innovation Sandbox competition where BastionZero is a finalist! You can also follow her on twitter.
Please visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can also find a link to the full audio interview with Sharon, view past episodes, and join us to hear more inspiring stories in future shows.
This week’s featured guest in our Women in Cybersecurity video series is Caroline Wong. Caroline is a book author who is active in the security community, sharing her experiences and learnings from her cybersecurity leadership roles at companies such as eBay and Zynga. She is the Chief Strategy Officer at Cobalt, a company that gives clients access to pen testers through their Pen Testing as a Service (PtaaS) platform. In her interview with ESG Sr. Analyst Melinda Marks, Caroline shares her experiences in her career in cybersecurity, as well as her advice around team culture and diversity in the workplace.
Throughout her career journey, which started with an internship in IT project management for the security engineering team at eBay, Caroline explored roles across different business functions, such as engineering, product management, and management consulting, giving her a broad perspective. In her current role as Chief Strategy Officer at Cobalt, she oversees the security, IT, HR, and talent acquisition teams and plans for the future of the company.
Caroline approaches work with a “get things done” mentality and an eagerness to work with people who she likes and respects and who like and respect her. “The thing about security is that it is a team effort…the only way to get actually good security is to involve a lot of people,” says Caroline. She believes that building diverse teams will bring us closer to solving the challenges we face today in security.
In this interview, Caroline also talks about overcoming toxic work environments, work-life and family balance, resilience, and trusting our future selves to overcome these challenges. She believes, “When folks are valued and accepted, they’re going to do better work. I think that’s a natural outcome.” She enjoys working in a team in which she can bring her whole self to the table and be valued for it.
Caroline shares her expertise with others through LinkedIn Learning courses, a feature on CBS, as well as her books: one on security metrics that she dedicated to her original mentor at eBay and one on PtaaS. She notes, “It’s a passion area for me to take concepts that historically have been explained in complicated ways and just try to make them accessible.”
Please visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can also find a link to the full audio interview with Caroline, view past episodes, and join us to hear more inspiring stories in future shows!
Cloud adoption is ubiquitous, and many organizations have adopted a cloud-first deployment policy. However, organizations continue to use on-premises infrastructure. Thus, the new normal IT infrastructure is hybrid multi-cloud. In such an environment, the perimeter becomes amorphous and dynamic, changing rapidly as organizations spin up new applications.
Unfortunately, one-third of respondents to “The State of Data Privacy and Compliance” research survey said they have lost cloud-resident data. More concerning is that an additional 28% of organizations suspect they have lost cloud-resident data but don’t know for sure because they lack data observability. Read my blog, Data security requires DLP platform convergence, to learn more.
As a top investment priority for security organizations, detection and response programs are entering a significant transition as attack surface expansion and threat complexity drive the need for more comprehensive visibility, detection, and response. The extended detection and response (XDR) movement has spawned a plethora of new solution offerings capable of detecting advanced threats by aggregating, correlating, and analyzing telemetry from endpoints, networks, the cloud, and identities together with a new level of more extensive threat intelligence. What impact – if any – do IT and cybersecurity teams anticipate XDR having on their current endpoint detection and response (EDR) solutions?
As expanding device diversity, zero trust, and extended detection and response initiatives drive organizations to reassess endpoint security solution investments, security teams are looking to replace existing tools with more capable, converged platforms. Significant advances in Microsoft’s native endpoint security prevention, detection, and response capabilities, together with attractive bundling and pricing options, have propelled a meteoric rise in the popularity of Microsoft Defender for Endpoint over the past two years. While many intend to use Defender as a core component within their endpoint security arsenal, many still plan to supplement, potentially spawning a new opportunity for other security providers to deliver specialized add-on solutions.
We’re excited to highlight Elizabeth Gossell for our second Women in Cybersecurity interview. Liz is the Principal Security Analyst for Danaher Corporation, a global science and technology conglomerate with subsidiaries operating across different market segments, including life sciences, diagnostics, and water. The company is no stranger to mergers and acquisitions, as it acquires roughly 10 companies each year. In this video interview, Liz speaks with Enterprise Strategy Group Sr. Analyst Melinda Marks about the evolving security challenges that come with M&A efforts, scaling, and sprawl, such as maintaining security consistency across all the organizations, and working quickly to secure new acquisitions.
Liz also describes her many years of experience in the space, starting with an internship in cybersecurity years ago and working at Lockheed Martin and Tenable, where she originally met Melinda. “I’m a problem solver by nature,” said Liz, who is excited by the breadth and complexity of the challenges across cybersecurity, as well as the opportunity to put both her technical and non-technical skills into action to find a solution.
Elizabeth is passionate about solving problems in new ways, by uniting a diverse group of people with different perspective, ideas, and skill sets. She encourages women to self-advocate, set boundaries, and ask for the opportunities they want to pursue, “Taking the reins of your career development early and being a strong advocate for yourself is absolutely critical.”
Be sure to check out her story, and learn more about Liz and Danaher Corporation:
Please visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can also find a link to the full audio interview with Elizabeth, and join us to hear more inspiring stories in future episodes!
Secure access service edge (SASE) offers opportunities for both networking and security, but in most organizations the security and networking teams still operate independently. This independence means enterprise strategies for pursuing SASE may often be focused either on networking or security. It should be noted, however, that some organizations are starting with a converged approach. Depending on who is leading the SASE initiative, priorities may differ. This brief will focus on the nearly one-third of organizations taking a network-focused approach to SASE implementation.
Secure access service edge (SASE) frameworks are increasingly gaining interest with enterprise customers. The deployment of these services presents an opportunity to switch from perpetual licensing or even subscription licensing to delivering SASE as a managed service. The success of SD-WAN, a major component of a SASE framework, is certainly a driver for consuming SASE as a managed service as well. Organizations need to understand how managed service providers are delivering SASE, especially the ability to manage on-premises and cloud offerings.
Automation of network management, often through artificial intelligence and machine learning, holds great potential for helping businesses keep pace with rapidly expanding and complex distributed networks. But most organizations are reluctant to hand over all responsibility to intelligent systems. Change management to overcome AI skepticism, as well as gaining more experience using AI/ML, will build confidence and help drive adoption.
In our very first interview, we’re proud to spotlight Vandana Verma Sehgal. Vandana is the Chair of the Board of Directors for the OWASP (Open Web Application Security Project) Foundation. The non-profit foundation works to improve application security, organizing projects, tools, documents, forums, and chapters all over the world. Vandana is also passionate about initiatives to bring more diversity to cybersecurity.
Vandana has also been active in bringing more diversity to infosec. She said that she was used to being the only woman; women weren’t usually offered the night shift for her security operations team. Sure, cybersecurity is a niche skill, but she said it’s also a very male-dominated culture. Vendana is passionate about changing that. She started InfosecGirls to create a safe place for girls to learn about cybersecurity, collaborating with colleges to help women gain the technical training and skills to join our field.
Be sure to check out her story as well as some resources she has provided:
Please visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can also find a link to the full audio interview with Vandana.
We’re thrilled to kick off our Women in Cybersecurity series with this interview, and hope you’ll join us to hear more inspiring stories in future episodes!