Markets

Our seasoned analysts couple their industry-leading B2B research with in-depth buyer intent data for unparalleled insights about critical technology markets.

Overview

Business Applications

Cybersecurity

Data Management, Analytics & AI

Infrastructure, Cloud & DevOps

Services

Clients trust us across their GTMs—from strategy and product development to competitive insights and content creation—because we deliver high-quality, actionable support.

Overview

Insights

Browse our extensive library of research reports, research-based content, and blogs for actionable data and expert analysis of the latest B2B technology trends, market dynamics, and business opportunities.

Insights
Contact Us

Cybersecurity & Networking

  • Trends in Cloud Security: The Use Cases of Directory-as-a-Service (DaaS) (Video)

    ·

    Doug Cahill

    Operationalizing the IT requirements for a remote workforce for many businesses means accelerating digital transformation initiatives, which leverage a range of cloud services. As a result, an organization’s cloud footprint increasingly includes a mix of third-party SaaS applications as well as internally developed cloud-native apps to support critical back, middle, and front office operations. But different organizations are in different stages of cloud adoption from born-in-the-cloud companies fully indexed on the cloud to enterprises who operate in a hybrid, multi-cloud world.

     A challenge shared by all companies, however, is unifying security policies across disparate environments. Maintaining consistency across data centers and public cloud environments where cloud-native applications are deployed was cited by 43% of respondents who participated in ESG’s annual Secure DevOps study as the biggest challenge securing those applications. In this second of a two-part video series, Greg Keller, JumpCloud’s CTO, and I discuss how the use cases of a directory-as-a-service (DaaS) offerings meet the needs of businesses at different stages of their cloud journey.

  • Trends in Email Security

    ·

    Dave Gruber

    With most organizations standardizing on cloud-delivered email in an effort to shift costs from CapEx to OpEx, many have assumed that email service providers would automatically include comprehensive security controls. Many of these same organizations found it necessary to add third-party controls either during their migration or at a later date. Many have suffered from phishing-related attacks that led to credential theft and BEC, while others faced the loss of sensitive data through both unintentional and intentional actions.

    In order to gain insight into these trends, ESG surveyed 403 IT and cybersecurity professionals at organizations in North America (US and Canada) responsible for evaluating, purchasing, and managing email security products, processes, and services.

    (more…)

  • Fastly’s Acquisition of Signal Sciences Highlights the Growing Importance of Converged Application Protection

    ·

    John Grady

    GettyImages-1130216943The application security market is in a state of transition as legacy approaches to web application firewall, API protection, bot mitigation, and DDoS prevention have struggled to meet the needs of modern applications. The decentralization of application development and shift to agile methodologies, significant shortage of security skills with regards to applications, and evolution towards sophisticated, multi-vector attacks have forced organizations to rethink their approaches to application security. The evolution towards WAAP, or web application and API protection has been a direct result but remains a work in progress, with many providers just starting to loosely couple the required pieces.

    (more…)

  • Trends in Cloud Security: Remote Work and the Identity Perimeter (Video)

    ·

    Doug Cahill

    The IT implications of the pandemic-induced surge in remote work are headlined by an increased reliance on cloud applications and services. Supporting and securing direct-to-cloud access has necessitated a focus on identity and access management (IAM) initiatives including:

    • Extending single sign-on (SSO) to additional SaaS applications
    • Implementing MFA (finally!) to secure access to an organization’s most critical and sensitive apps and data
    • Rethinking privilege access management (PAM) in a cloud context
    • Monitoring user activity to detect both insider threats and stolen credentials
    • And, because new devices are being used by remote employees, extending trust-based authentication to device profiles

    Updating these aspects and others of an IAM program to secure a remote workforce starts with a focus on policies. However, developing and adjusting policies to support the increase in the work-from-home population is the top security challenge associated with remote work as reported by a third of the respondents in a recent ESG study. In this first of a two-part video series, Greg Keller, JumpCloud’s CTO, and I discuss the challenges and solves for the strategic imperative to secure the identity perimeter expanded by remote work. Click here to watch Part 2 »

  • A Zero-trust Discussion with John Grady and Mark Peters (Video)

    ·

    John Grady

    Zero-trust has seen an explosion in interest over the last few years. As the perimeter has become increasingly porous due to cloud usage and distributed network architectures, a fresh look at some of the foundational cybersecurity concepts was sorely needed. This has only been exacerbated by the pandemic, with many organizations not only supporting a primarily remote workforce, but also trying to complete their digital transformation journey in a matter of months, rather than the years they originally planned.

    Despite the clear applicability, there remains some confusion in the market regarding exactly what implementing zero-trust entails, where to start, and how to ensure the initiative is successful. The recent finalization of the NIST guidelines on zero-trust architectures may help provide some clarity, but much work remains.

    With all that in mind, Mark Peters posed several questions to me on the topic of zero-trust as a part of Enterprise Strategy Group’s recent virtual breakfast at Black Hat 2020. In the following video, Mark and I touch upon:

    • Zero-trust interest and adoption. By now, nearly everyone even tangentially involved with cybersecurity has some awareness of zero-trust. In fact, Enterprise Strategy Group research has found that 88% of respondents are very or somewhat familiar with the concept. However, when we consider adoption, the data simply doesn’t match up with real-world scenarios, pointing to the aforementioned confusion.
    • Data security as a component of zero-trust. The short answer is that it is a part of a complete zero-trust strategy. However, it should not be the starting point.
    • How to incorporate zero-trust. We don’t provide an exhaustive list, but do touch on some of the high-level keys to success with these projects, including starting small while maintaining a long-term vision and how to think about vendor partnerships.

  • Incident Readiness Trends

    ·

    Jon Oltsik

    ESG conducted a comprehensive online survey of IT and cybersecurity professionals from private- and public-sector organizations in North America (United States and Canada) between June 25, 2019 and July 8, 2019. To qualify for this survey, respondents were required to be IT and information security professionals responsible for the policies, processes, or technical safeguards used for incident readiness and response at their organization.

    This Master Survey Results presentation focuses on incident readiness services, including understanding the trigger points influencing service investments for breach preparation and proactive exercises, as well as how decision makers are prioritizing and timing purchase decisions.

    (more…)

  • Trends in Email Security

    ·

    Dave Gruber

    ESG’s Master Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.

    This master survey results set offers new data concerning:

    • Organizational dynamics, buying behavior, and the future of email security.
    • Email attacks and threat detection and response.
    • Issues with sensitive data in email.
    • Bolstering email security with complementary technologies and services.

    (more…)

  • SOAPA Interview With Sam Curry of Cybereason, Part 2 (Video)

    ·

    Jon Oltsik

    Old friend and Cybereason CSO Sam Curry and I got together (virtually) to chat about all things SOAPA. In part 2 of our video, we focus on:

    • This newish thing called XDR. My colleague Dave Gruber and I are all over XDR as analysts, so I asked Sam for his thoughts. Sam thinks of XDR as taking EDR to the next level. He even broke down the acronym stating that the X signified telemetry independence. The “D” in XDR is somewhat overstated, Sam is really focused on the importance of the R, response, as security is about blocking (not finding) the bad guys. In the end, XDR should be a force multiplier for the cybersecurity staff.
    • What about analytics? In my eyes, vendors with the best security analytics win. Sam agrees but mentions that analytics must be complemented with what he calls, “judicious automation” that is continuously monitored and improved.
    • The Cybereason ASOC concept. Cybereason has a vision of what it calls the autonomous SOC, so I asked Sam to provide some detail. Sam describes a “task focused” architecture that widens the security analytics lens, simplifies SOC analyst duties, and automates actions. Sam reinforces the fact that it’s all about the tasks, not the tools.
    • The future of SOAPA. I ask all my guests their view on where SOAPA is going. Sam sees SOAPA as a technology platform that facilitates cybersecurity goals and mission. Since cyber-adversaries are always innovating, SOAPA will never commodify and continue to evolve moving forward.

    Many thanks to Sam and Cybereason for participating in the SOAPA video series, I always feel like I learned something when the two of us get together. More SOAPA videos soon.

  • COVID-19 Readiness: The Cyber-awareness and Employee Productivity Connection

    ·

    Jon Oltsik

    When employees were sent home to work due to COVID-19, cybersecurity teams had to adjust their defenses accordingly. This was especially true due to a massive increase in coronavirus-related cyber-threats. In this environment, security awareness training is especially important, but too many training programs are a mere formality, conducted purely to satisfy a corporate governance or regulatory compliance requirement. ESG research illustrates that comprehensive security training is worthwhile as organizations with thorough training programs were more responsive to COVID-19 cyber-threats and had greater employee productivity. As such, CISOs should eschew “checkbox” training and persuade HR and executives to embrace more thorough security awareness training programs with demonstrable benefits and ROI.

    (more…)

  • Security Infrastructure and Market Changes in Progress

    ·

    Jon Oltsik

    Large organizations built their security infrastructure organically over time, adding new tools as countermeasures to emerging threats. Unfortunately, this created a messy situation where security must be monitored and managed on a tool-by-tool basis. CISOs have had enough—ESG research indicates that they are consolidating vendors and integrating tools into more cohesive technology architectures. These strategic changes will impact the way security technologies are purchased and sold in the future, which will have a downstream impact on the entire security technology industry.

    (more…)

  • Toward Cybersecurity Platforms

    ·

    Jon Oltsik

    For years, organizations anchored their security technology infrastructure with best-of-breed point tools, but this strategy is no longer adequate. Why? The lack of integration strains resources and leads to operational overhead. ESG research indicates that many organizations are now willing to replace these point tools with integrated cybersecurity technology platforms from a single vendor. This transition will impact enterprise cybersecurity technology purchasing and operations while simultaneously altering the security technology market.

    (more…)

  • Transitioning Network Security Controls to the Cloud

    ·

    John Grady

    Fundamental changes to network architectures, primarily due to the adoption of cloud services and the implementation of mobility, have rendered traditional approaches to defending the perimeter—to the extent that it exists—and brokering secure access to corporate resources insufficient. As such, network security controls are being reevaluated, with organizations increasingly looking to cloud-delivered solutions that provide centralized management and distributed enforcement, integrate with SD-WAN architectures, and enable secure access to cloud services.

    (more…)