Coming off an unprecedented year, the majority of organizations are increasing their IT budgets. While slightly more than one-third of these organizations will increase their network spending in 2021, the majority expect to hold steady compared to last year’s investment levels. This year, organizations also state that they are looking to take advantage of cloud-based network management solutions to drive optimization. The research further demonstrates how organizations with mature digital transformation efforts differ from their counterparts with less mature environments.
Cybersecurity & Networking
-
-
Now that we are within a month of the RSA conference, the security diaspora must prepare itself for a cacophony of hyperbole around three industry initiatives: Secure Access Service Edge (SASE), eXtended Detection and Response (XDR), and zero trust.Yup, all three areas are innovative and extremely promising, but a bit overwhelming as well. Look for more from me on SASE and zero trust in the coming weeks. For now, we’ll focus on XDR. (more…)
-
We all understand that zero trust is a complex initiative. There’s a wide array of use cases, supporting technologies, starting points, and strategy options. On the bright side, one of the keys to succeeding with zero trust remains something companies arguably have the most control over – collaboration across the organization. The less encouraging news? These cross-functional relationships could be better.Recent Enterprise Strategy Group research has found that many organizations have paused or abandoned a zero-trust project at some point in the past. This includes those who are currently engaged in successful projects. The single biggest reason given was organizational issues in implementing the initiative, which was cited by half of respondents.
Among all of the organizations ESG surveyed (including those who had not paused or abandoned projects, some of the specific collaborative issues faced with regards to zero trust include:
- Communications issues related to collaborative tasks (32%). Simply opening the lines of communication across often siloed teams within and outside of the IT organization remains a challenge. Having executives buy in and craft an overarching strategy is something we often discuss. But without the day-to-day operational collaboration required to ensure that the entire business is moving in the same direction, zero trust becomes an uphill battle.
- Security teams slow to incorporate feedback (32%). There is still an “us versus them” dynamic at play to an extent as well. Non-security practitioners may feel that the security organization slows them down and ignores their concerns. Often times the reality is that security teams are redlined with keeping the wheels on, and zero trust can be described as changing the tires while the car is still moving.
- Lack of clarity about areas of responsibility (29%). Again, the executive role looms large here. Without specificity as to which teams are responsible for what parts of the process, the strategy can break down.
- Non-security teams move too quickly (29%). This is the other side of the “us versus them” coin, where security teams believe their non-security counterparts do not properly weigh cyber considerations and move on a whim. Again, the reality is often more complicated, and this can be at least partially attributed to….
- Different groups measured and compensated on conflicting goals (29%). Non-security teams are likely to be more directly responsible for business outcomes than their security counterparts. This is certainly starting to shift but remains early days. When the KPIs and goals these teams are judged on vary, priorities can deviate.
With these challenges in mind, what are organizations planning to do about it? First, the most common action organizations plan to take over the next 12-18 months to implement or optimize zero-trust strategies is improve collaboration across security operations, IT operations, and the lines of business, cited by nearly half (46%) of respondents. This held true even among those organizations who are further down the path of zero-trust adoption and rate themselves as successful in the implementation. In other words, even those who are seeing zero-trust benefits realize collaboration is critical to success, and there is always room for improvement.
Second, there is momentum towards formalizing these cross-functional working groups through zero-trust centers of excellence (CoE). While still very early, and only formally implemented by a handful of organizations to date, many are actively working towards a CoE, or have plans or interest in implanting one. We’ve seen this model work before with regards to cloud, and the broad applicability across different teams certainly rings true for zero trust as it did with cloud adoption.
Regardless of where organizations are on the zero-trust journey, the focus should be on collaboration. We’re seeing similar trends with regards to SASE, application security, risk management, and other areas. Before getting bogged down in the technology weeds, planning for how the teams involved will successfully work together should be the focus.
-
Zero-trust approaches are arguably more relevant than ever due to the increasingly distributed nature of the modern enterprise. Whether implementing least-privilege tenets for user access or securing the connections to and between the disparate aspects of today’s hybrid multi-cloud deployments, zero trust can provide a framework to secure even the most complex environments. The sudden shift to work-from-home models has only highlighted the importance of a zero-trust approach. Yet for many organizations, confusion remains as to exactly what a zero-trust initiative should entail, where to begin, and how best to overcome the organizational obstacles that result from such a cross-functional undertaking.
In order to gain insight into these trends, ESG surveyed 421 IT and cybersecurity professionals at organizations in North America (US and Canada) personally responsible for driving zero-trust security strategies and evaluating, purchasing, and managing security technology products and services in support of these initiatives.
-
As the old security adage goes, “A well-managed network/system is a secure network/system, and this notion of network and system management is a cybersecurity foundation. Pick any framework (i.e., NIST Cybersecurity framework), international standard (i.e., ISO 27000), best practice (i.e., CIS 20 Critical Controls) or professional certification (i.e. CISSP), and much of the guidelines presented will be about security hygiene and posture management.
-
The topic of network and security convergence has been front and center in the industry over the last year. The line between networking and security continues to blur, with collaboration increasing across traditionally siloed IT functions and technologies used by these teams continuing to inch closer together. One of the more notable initiatives is secure access service edge (SASE), and both enterprises and vendors alike are now embarking on their SASE journey.
-
This week Cisco held its annual customer event, Cisco Live, for its global audience. With over 100,000 attendees from over 200 countries, this may be one of the best attended Cisco Live events. Despite most organizations having to work from home over the past year, it certainly hasn’t slowed down the innovation and productivity from the Cisco engineers. The theme of this year’s event was Turn IT Up, something that organizations across the globe have been doing since the pandemic hit and Cisco was quick to call out the IT heroes that worked tirelessly to transition to work-from-home environments and enable businesses to continue operations.
To help those organizations thrive in this new environment, Cisco launched an impressive number of announcements presented by a highly talented and diverse group of Cisco executives. The major announcements included providing its customers choice in how they want to consume Cisco solutions with an as-a-Service program called Cisco Plus, bringing out an expanded SASE architecture to cover endpoints to the cloud, delivering greater visibility into distributed cloud environments by integrating AppDynamics and Thousand Eyes, enhancing Webex, improving security with passwordless authentication using Cisco Secure (Duo), and deliver an inclusive internet of the future with its silicon and optics.
Let’s take a closer look at some of these announcements:
Cisco Plus. Described as everything you already love about Cisco, Plus or It’s Cisco, Plus so much more. Increasingly organizations are looking to shift on-premises infrastructure, software, and services purchases from traditional perpetual licenses to as-a-service consumption-based models. ESG research highlights that almost half (48%) of respondents to this year’s Technology Spending Intentions survey would prefer a consumption-based model, and those numbers only increase if respondents are currently using cloud services or have a cloud-first strategy. The decision to create this was an easy one. Cisco needs to provide customers choice in how they consume on-premises solutions. The goal is to deliver all Cisco application, compute, network, observability, security, and storage offerings as a service with unified subscriptions that simplify consumption and use. Obviously, creating network-as-a-service will be a top priority, especially to support distributed cloud environments (on-prem, multiple public clouds, and edge locations). Expect NaaS-based SASE solutions later this year, but users in North America and select European countries can take advantage of the first offer, Cisco Plus Hybrid Cloud. Cisco also stated these services will be available via the CX cloud later this year as well. Cisco Gold Partners will play a key role in delivering these as-a-service offerings.
SASE. The secure access service edge framework has been gaining a lot of momentum and certainly a tremendous amount of buzz in the news lately. Given the highly distributed nature of modern business applications and workforces, it is well warranted. Cisco’s goal is to help simplify these complex, distributed environments by bundling core Cisco network and security offerings that cover the endpoint to the cloud into a single offer. This starter kit would include networking, remote access, cloud security, ZTNA, and observability solutions. Over time, Cisco will expand the functionality to provide DLP, RBI, and malware detection with Umbrella as well as simplify SD-WAN integration with major cloud providers and interconnects like Alibaba, AWS, Azure, GCP, and Megaport. Plus Cisco is planning on integrating ThousandEyes into their offering – delivering visibility into the internet itself for end-to-end visibility. Duo will be leveraged to deliver zero-trust network access. The bottom line here is that SASE is a rapidly evolving space, with plenty of confusion surrounding what is part of the framework. Cisco has done a nice job articulating what is included in their initial SASE architecture and has provided a clear roadmap to guide users on their SASE journey.
ThousandEyes, AppDynamics, & Cisco Switch Integration. With applications becoming distributed across on-premises data centers, multiple public clouds and edge locations, the ability to observe the connections to these applications is becoming increasingly important. The internet is now an integral part of the corporate network and organizations need to be able to quickly and efficiently determine what is causing an application performance problem that negatively impacts customer experience. By integrating ThousandEyes with App Dynamics, Cisco has extended the application path visibility from application (wherever it is) to the user device (wherever it is) to ensure positive customer experiences and simplify problem detection and resolution. The ThousandEyes Internet and Cloud Intelligence will be integrated with AppDynamics Dash Studio and Catalyst 9300 and 9400 series. This capability provides organizations with the ability to effectively manage applications in a distributed cloud environment and deliver optimized experiences.
These were just a few of the significant announcements made by Cisco to enable organizations to accelerate their digital transformations, enable the future of work (hint: it will be hybrid), and power an internet that will be inclusive for all. Not surprisingly, in addition to the technology innovation, Cisco remains committed to diversity and helping the community, and has been long before it was popular to do so. Chuck Robbins reported on their pledge to help one billion people globally by 2025 and he was able to report 527,000,000 people have already been helped. I wasn’t a math major, but that certainly sounds like they are ahead of schedule!
Moving forward, Cisco is focused on six pillars to enable organizations to thrive. They include:
- Delivering secure, agile networks
- Optimizing application experiences
- Enabling the future of work (hybrid)
- Building the internet for the future
- Enhancing capabilities at the edge
- Providing end-to-end security solutions
Many of the announcements this week mark the start of a journey, especially in regard to SASE, the inclusive internet, and delivering Cisco solutions as-a-service. I look forward to tracking their progress over the rest of this year. The programs are big and ambitious, something we have come to expect from an organization committed to imparting positive changes – for both technology and our community. To learn more about these announcements and many more, check out www.ciscolive.com.
-
Secure access service edge (SASE) has continued to garner significant interest in the market due to the need to ensure that security and networking strategies and technologies are aligned to better address the increasingly distributed nature of the modern enterprise. In this video, Bob Laliberte and I discuss some of the different vendor approaches to SASE, the balance between platforms and best-of-breed approaches, and the organizational issues users must consider with regards to SASE.
-
In my last blog post, I described how the market for eXtended Detection and Response (XDR) is evolving and how CISOs should approach this new and promising technology. It was good and useful information, if I do say so myself, but it didn’t directly address the question of why security professionals should care about XDR in the first place.The answer: Because XDR has the potential to accelerate threat detection/response while streamlining security operations.
-
ESG’s Master Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.
This Master Survey Results presentation focuses on identifying the role of cybersecurity within the overall corporate mission and understanding the existing processes and communications between security managers, business executives, and corporate boards.
-
Threat detection and response is a core component of modern security programs, driving investment in tools to improve visibility, efficacy, and efficiency. As organizations commit to and extend EDR, NDR, or other security analytics solutions in support of broad threat detection and response programs, new opportunities arise for XDR. Organizations can increase business agility when threats are better understood and controlled. Rapidly and effectively correlating alerts across multiple threat vectors leads to increased threat visibility, more rapid and automated response and mitigation, and a reduced dependence on highly skilled security analysts.
-
In my continuing video blog series on Modern Email Security, I have had the opportunity to talk with many of the leading innovators tackling some of the toughest challenges in email security. The email threat landscape has been quite volatile over the past year, with so many criminals leveraging the human fear associated with the pandemic to fool unsuspecting users into handing over credentials and sensitive data.With the almost overnight migration from on-prem email solutions to cloud-delivered email, many of the early-stage email security companies have been focused on the opportunity to strengthen the native email security controls offered by the CSPs. These same companies are tackling some of the more sophisticated, multi-stage email attacks involving phishing and other impersonation techniques.
However, while a majority of organizations are now depending on cloud-delivered email as their preferred email solution, we can’t take our eye off of on-prem email deployments. The recent Microsoft Exchange Server attack highlights the number of organizations still depending on on-prem email solutions. In my most recent ESG email security research, 60% of organizations reported the use of both cloud-delivered and on-prem email, so while most are depending on cloud-delivered email as their primary email application, pockets of on-prem Exchange usage continue to have a long tail. This means that email security teams need to not only maintain both environments, but also need to ensure that both are capable of defending against the highly dynamic, email threat landscape.
I’ve been impressed with the progress that many of the email security vendors have been making in stopping attacks involving phishing, often leading to more sophisticated and targeted threats. However, I worry that the long tail Exchange users may be getting left behind. And given that socially engineered attacks often leverage phishing across multiple communication mechanisms (SMS, collaboration tools, social media apps, and more), email security is only part of the larger defense platform required. Maybe we need to consider on-prem email as simply another communication channel that needs to get figured into the broader solution?
Check out my modern email security video series to learn more about how the innovators are tackling this and many other important email security issues.
Now that we are within a month of the RSA conference, the security diaspora must prepare itself for a cacophony of hyperbole around three industry initiatives: Secure Access Service Edge (
We all understand that zero trust is a complex initiative. There’s a wide array of use cases, supporting technologies, starting points, and strategy options. On the bright side, one of the keys to succeeding with zero trust remains something companies arguably have the most control over – collaboration across the organization. The less encouraging news? These cross-functional relationships could be better.
As the old security adage goes, “A well-managed network/system is a secure network/system, and this notion of network and system management is a cybersecurity foundation. Pick any framework (i.e., NIST Cybersecurity framework), international standard (i.e., ISO 27000), best practice (i.e., CIS 20 Critical Controls) or professional certification (i.e. CISSP), and much of the guidelines presented will be about security hygiene and posture management.
The topic of network and security convergence has been front and center in the industry over the last year. The line between networking and security continues to blur, with collaboration increasing across traditionally siloed IT functions and technologies used by these teams continuing to inch closer together. One of the more notable initiatives is secure access service edge (SASE), and both enterprises and vendors alike are now embarking on their SASE journey.
In my last 
In my continuing video blog series on