Developers are increasingly using infrastructure as code (IaC), such as Terraform and CloudFormation, to provision their own cloud infrastructure for faster development cycles. As IaC brings unprecedented ease and speed for self-service infrastructure provisioning, there is a high chance for mistakes and misconfigurations as development teams grow.
Cybersecurity & Networking
-
-
ESG conducted a comprehensive online survey of IT and cybersecurity professionals from private- and public-sector organizations in North America (United States and Canada) between August 3, 2021 and August 14, 2021. To qualify for this survey, respondents were required to be IT and cybersecurity professionals responsible for evaluating, purchasing, and utilizing products and services for security hygiene and posture management (i.e., vulnerability management, asset management, attack surface management, security testing tools, etc.).
This Complete Survey Results presentation focuses on security posture management strategies today, including how organizations are addressing challenges and improving programs, how security and IT operations teams cooperate on all security posture management activities, and priorities associated with security posture management in the coming 12-18 months.
-
Security posture management challenges are driven by the growing attack surface. Organizations have accelerated cloud computing initiatives and have been forced to support a growing population of remote users because of the pandemic. Firms are also deploying new types of devices as part of digital transformation initiatives, further exacerbating the growing attack surface, which leads to management challenges, vulnerabilities, and potential system compromises. Meanwhile, security teams are also concerned about recent cybersecurity issues including MS Exchange vulnerabilities, the SolarWinds hack, and the recent Log4j zero-day flaw. As a result, organizations are further assessing security posture management processes, examining vendor risk management requirements, and testing security more frequently.
Already an Enterprise Strategy Group client? Log in to read the full report.
If you are not yet a Subscription Client but would like to learn more about accessing this report, please contact us.
-
When April Fool’s Day comes around each year, it’s human nature to be a little more on-edge than usual. Your guard is up, and you can’t completely trust anyone (even your closest friends and family). So, for the whole day, you take extra precautions, carefully opening the present your friend just “wanted to drop by,” and not believing there’s “cake in the break room” until it’s fact checked. While it’s fun to dedicate one day per year to April Fool’s Day, organizations of all industries must take these precautions… every day of the year. Cyber criminals are looking for a way to break through security defenses 24/7/365, so organizations must also remain on the clock, working to protect their most critical assets. But when it comes to cyberattacks and protecting your data, the stakes are much higher than whether the cake in the break room is real or not.It’s easy to want to trust those around you – and the majority of people (I believe) do have good intentions for the most part! But, unfortunately, the increasing complexity of enterprise environments, coupled with the evolution of the threat landscape means that organizations must be much more judicious in how they assess trust. For this reason, many have begun to implement principles in support of a zero trust security strategy. Zero trust is exactly as it sounds – organizations should not inherently trust any user, device, or entity. Instead, they should function as if cyber criminals already have access to the corporate network and resources. While in the past, security may have been focused on establishing a defined perimeter inside which trust was inherently assumed, zero trust today requires an all-encompassing approach to continually evaluate, authorize, and authenticate every network transaction based on the risk it poses.
ESG research revealed that 36% of survey respondents’ organizations experienced probing ransomware attacks on at least a monthly basis over the past 12 months.[1] Many organizations experience these daily. So what are organizations doing about this? 82% of surveyed organizations planned to increase spending on technologies, services, and personnel supporting zero trust in the next 12-18 months, and for those who had already adopted zero trust strategies, 84% believed them to be successful.[2] This is clearly an area of an investment for organizations, and it seems to be paying off for the earlier adopters.
While it may be difficult to trust others when it comes to cybersecurity and cyber-attacks, the objective of ESG Validation reports is to provide an independent, trustworthy perspective of solutions so that IT decision makers can make better business decisions and find the best solutions for their needs. Check out these recent zero trust-related validation report: Google BeyondCorp Enterprise.
Enterprise Strategy Group (ESG) is an IT analyst, research, validation, and strategy firm that gives the global IT community access to market intelligence and actionable insight. The Validation Team creates assets such as Validation reports, videos, webinars, and more, that help to communicate the technological and economic value of IT products and solutions.
[1] Complete Survey Results: 2022 Technology Spending Intentions Survey Nov 24, 2021
[2] Research Report: The State of Zero-trust Security Strategies Apr 12, 2021
-
Interest in secure access service edge (SASE) architectures has exploded as IT organizations struggle using traditional solutions to support distributed enterprise environments.
Learn more about this important transition with this Enterprise Strategy Group Infographic, 2021 SASE Trends.
For more information or to discuss these findings with an analyst, please contact us.
-
To better secure their growing attack surface, IT and security teams are thinking differently about endpoint security platforms.
Learn more about this shifting market with the Enterprise Strategy Group Infographic, Endpoint Security Trends.
For more information or to discuss these findings with an analyst, please contact us.
-
The amount of interest in secure access service edge (SASE) architectures has exploded over the last 18 months. Organizations struggle using traditional, on-premises-based network and security solutions to support distributed, cloud-centric enterprise environments. While this has been an increasing challenge over the last few years, the pandemic and resulting spike in newly remote workers pushed many organizations to a tipping point. At the same time, the broad applicability of SASE leads to some confusion about where to begin and which technologies are required, exacerbated by legacy organizational dynamics.
-
2021 is headed for the history books, and we now turn our attention towards the new year. The last year—well to be more precise, the last two years—have brought about significant changes in network environments as digital transformation initiatives, cloud computing adoption, edge computing and hybrid work models impact how networks are acquired, deployed, and managed. The rate of change has only been matched by the pace of innovation as network technologies rapidly evolve to deliver enhanced functionality and secure experiences. As a result, there are a number of key technologies and architectures to follow in 2022.
For more information or to discuss these findings with an analyst, please contact us.
-
This brief looks at some the key trends and events that will shape network security technologies, suppliers, and customers in 2022.
For more information or to discuss these findings with an analyst, please contact us.
-
Cybersecurity megatrends, including zero trust, XDR, a pandemic-induced increase in remote workers, and the move to public cloud, are influencing the way organizations think about endpoint security. These megatrends add new requirements for endpoint security, while necessitating new levels of integration with other core security controls. Additionally, mobile and IoT are driving massive growth in the number and diversity of devices that must be protected. To better secure their growing attack surface, IT and security teams are thinking differently about endpoint security platforms, what they must include, and how they fit into the broader security stack.
-
ESG conducted a comprehensive online survey of cybersecurity and IT/information security professionals from private- and public-sector organizations in North America (United States and Canada) between June 2, 2021 and June 21, 2021. To qualify for this survey, respondents were required to be cybersecurity and IT/information security professionals familiar with their organization’s network security tools and processes and responsible for evaluating, purchasing, and/or operating corporate network security controls across public cloud infrastructure and on-premises data centers/private cloud.
This Complete Survey Results presentation focuses on network security tools and strategies used to protect both public cloud environments and on-premises data centers, as more organizations look to take a more hybrid approach to IT.
-
Attackers increasingly use encrypted traffic to mask their activity. While most agree that better visibility into this traffic would improve their organization’s security posture, many continue to forgo decryption for a variety of reasons. While tools that can detect threats in encrypted traffic remain fairly new, they represent an attractive approach to improve visibility into encrypted threats without sacrificing privacy or performance.
When April Fool’s Day comes around each year, it’s human nature to be a little more on-edge than usual. Your guard is up, and you can’t completely trust anyone (even your closest friends and family). So, for the whole day, you take extra precautions, carefully opening the present your friend just “wanted to drop by,” and not believing there’s “cake in the break room” until it’s fact checked. While it’s fun to dedicate one day per year to April Fool’s Day, organizations of all industries must take these precautions… every day of the year. Cyber criminals are looking for a way to break through security defenses 24/7/365, so organizations must also remain on the clock, working to protect their most critical assets. But when it comes to cyberattacks and protecting your data, the stakes are much higher than whether the cake in the break room is real or not.