This Master Survey Results presentation focuses on how alternative device choices, employee requirements and preferences, and a drive to improve businesses’ security posture are all challenging how traditional desktops are delivered to, maintained for, and consumed by end-user employees, including the increased usage of virtual desktop infrastructure (VDI) and desktop-as-a-service (DaaS) technology.
Insight
-
-
ESG conducted a comprehensive online survey of IT and cybersecurity professionals from private- and public-sector organizations in North America (United States and Canada) between June 25, 2019 and July 8, 2019. To qualify for this survey, respondents were required to be IT and information security professionals responsible for the policies, processes, or technical safeguards used for incident readiness and response at their organization.
This Master Survey Results presentation focuses on incident readiness services, including understanding the trigger points influencing service investments for breach preparation and proactive exercises, as well as how decision makers are prioritizing and timing purchase decisions.
-
In this new edition of Data Protection Conversations, I speak to Molly Presley, Founder of the Active Archive Alliance.
-
ESG’s Master Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.
This master survey results set offers new data concerning:
- Organizational dynamics, buying behavior, and the future of email security.
- Email attacks and threat detection and response.
- Issues with sensitive data in email.
- Bolstering email security with complementary technologies and services.
-
No matter how much changes in life and in IT, two things stay the same: 1. Data continues to grow, and 2. Backup remains a problem. Last year when ESG polled storage decision makers on their data storage challenges, the rapid rate of data growth and backup/protection were two of the top three most commonly identified storage challenges.[1] They were also two of the top three storage challenges in ESG’s 2017 storage research, and in 2015, 2012, 2008, and… well, you get the idea. -
Old friend and Cybereason CSO Sam Curry and I got together (virtually) to chat about all things SOAPA. In part 2 of our video, we focus on:
- This newish thing called XDR. My colleague Dave Gruber and I are all over XDR as analysts, so I asked Sam for his thoughts. Sam thinks of XDR as taking EDR to the next level. He even broke down the acronym stating that the X signified telemetry independence. The “D” in XDR is somewhat overstated, Sam is really focused on the importance of the R, response, as security is about blocking (not finding) the bad guys. In the end, XDR should be a force multiplier for the cybersecurity staff.
- What about analytics?
In my eyes, vendors with the best security analytics win. Sam agrees but mentions that analytics must be complemented with what he calls, “judicious automation” that is continuously monitored and improved. - The Cybereason ASOC concept. Cybereason has a vision of what it calls the autonomous SOC, so I asked Sam to provide some detail. Sam describes a “task focused” architecture that widens the security analytics lens, simplifies SOC analyst duties, and automates actions. Sam reinforces the fact that it’s all about the tasks, not the tools.
- The future of SOAPA. I ask all my guests their view on where SOAPA is going. Sam sees SOAPA as a technology platform that facilitates cybersecurity goals and mission. Since cyber-adversaries are always innovating, SOAPA will never commodify and continue to evolve moving forward.
Many thanks to Sam and Cybereason for participating in the SOAPA video series, I always feel like I learned something when the two of us get together. More SOAPA videos soon.
-
When employees were sent home to work due to COVID-19, cybersecurity teams had to adjust their defenses accordingly. This was especially true due to a massive increase in coronavirus-related cyber-threats. In this environment, security awareness training is especially important, but too many training programs are a mere formality, conducted purely to satisfy a corporate governance or regulatory compliance requirement. ESG research illustrates that comprehensive security training is worthwhile as organizations with thorough training programs were more responsive to COVID-19 cyber-threats and had greater employee productivity. As such, CISOs should eschew “checkbox” training and persuade HR and executives to embrace more thorough security awareness training programs with demonstrable benefits and ROI.
-
Large organizations built their security infrastructure organically over time, adding new tools as countermeasures to emerging threats. Unfortunately, this created a messy situation where security must be monitored and managed on a tool-by-tool basis. CISOs have had enough—ESG research indicates that they are consolidating vendors and integrating tools into more cohesive technology architectures. These strategic changes will impact the way security technologies are purchased and sold in the future, which will have a downstream impact on the entire security technology industry.
-
For years, organizations anchored their security technology infrastructure with best-of-breed point tools, but this strategy is no longer adequate. Why? The lack of integration strains resources and leads to operational overhead. ESG research indicates that many organizations are now willing to replace these point tools with integrated cybersecurity technology platforms from a single vendor. This transition will impact enterprise cybersecurity technology purchasing and operations while simultaneously altering the security technology market.
-
Work is no longer a place you go. Tyler and I discuss how businesses are getting creative in the ways they enable remote work and potential back to office solutions. It’s fascinating to see the solutions we have talked about for years plugging directly into the future of work. Please listen in as Tyler and I share some of our observations and insights.
-
Fundamental changes to network architectures, primarily due to the adoption of cloud services and the implementation of mobility, have rendered traditional approaches to defending the perimeter—to the extent that it exists—and brokering secure access to corporate resources insufficient. As such, network security controls are being reevaluated, with organizations increasingly looking to cloud-delivered solutions that provide centralized management and distributed enforcement, integrate with SD-WAN architectures, and enable secure access to cloud services.
-
Too many large organizations still anchor security to an army of disconnected point tools and rely on the cybersecurity staff to piece everything together. This strategy is ineffective, inefficient, and increases cyber-risk. CISOs have had enough as many are actively integrating cybersecurity technologies and consolidating the number of vendors with whom they do business. As this trend progresses, large organizations will buy a lot more of their cybersecurity technologies from a handful of vendors, which will tilt the market toward an emerging breed of enterprise-class cybersecurity vendors offering the right products, services, and partner ecosystems.
No matter how much changes in life and in IT, two things stay the same: 1. Data continues to grow, and 2. Backup remains a problem. Last year when ESG polled storage decision makers on their data storage challenges, the rapid rate of data growth and backup/protection were two of the top three most commonly identified storage challenges.