Research Perspectives
|
|
- Jacob Shields
- 8 years ago
- Views:
Transcription
1 Research Perspectives Paper Network Security Operations and Cloud Computing By Jon Oltsik, Senior Principal Analyst April 2015 This ESG Research Perspectives Paper was commissioned by Tufin and is distributed under license from ESG.
2 2 Contents Executive Summary... 3 Network Security Situational Analysis... 4 The Road Ahead for Network Security... 6 Network Security Adjustments for Cloud Computing... 9 The Bigger Truth All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at
3 3 Executive Summary In March of 2015, the Enterprise Strategy Group (ESG) conducted a research survey of 150 IT and information security professionals with knowledge of and/or responsibility for their organizations network security controls, processes, and operations. Survey respondents were located in North America and came from enterprise organizations ranging in size: 19% of survey respondents worked at organizations with 1,000 to 2,499 employees, 30% of respondents worked at organizations with 2,500 to 4,999 employees, 26% of respondents worked at organizations with 5,000 to 9,999 employees, 8% of respondents worked at organizations with 10,000 to 19,999 employees, and 17% of respondents worked at organizations with 20,000 or more employees. Respondents represented numerous industry segments with the largest participation coming from financial services (19%), manufacturing (18%), health care (12%), retail/wholesale (12%), and business services (12%). The organizations participating in the survey were also required to be using or planning to use/interested in using public cloud services, specifically infrastructure- as- a- service and/or platform- as- a- service. The results of the survey indicate that respondent organizations are actively transforming their IT infrastructure, operations, and application development. For example: 67% of survey respondents indicated that their organization has a private cloud infrastructure running in production, 18% have a private cloud infrastructure running as a proof of concept, and 14% are either developing or planning to develop a private cloud infrastructure in the future. 66% of survey respondents indicated that their organization was using infrastructure- as- a- service (IaaS) and/or platform- as- a- service (PaaS) significantly as part of their IT strategy. An additional 25% were using IaaS and/or PaaS to some extent, while another 9% are planning on using IaaS/PaaS within the next 12 to 24 months or are interested in doing so. It is also worth noting that 91% of organizations will increase their use of IaaS/PaaS in the future. Half of the organizations surveyed have already embraced an agile development and/or DevOps model for application development, while another 49% of firms are in the process of adopting an agile development and/or DevOps model, plan on adopting an agile development and/or DevOps model within the next 12 to 24 months, or are interested in doing so sometime in the future. The enterprise organizations participating in this research project also have a strong commitment to network security. In order to qualify for this survey, organizations were required to have 25 or more firewalls deployed across their network (see Figure 1). Figure 1. Number of Firewalls Deployed Approximately how many firewalls are deployed within your organizaaon s network (i.e., perimeter firewalls, internal network firewalls, data center firewalls, etc.?) (Percent of respondents, N=150) More than 150, 14% Between 25 and 50, 34% Between 51 and 150, 52% Source: Enterprise Strategy Group, 2015.
4 4 This research project was intended to assess cybersecurity risks, challenges, and strategies related to network security controls and operations. Based upon the research results, ESG concludes: Network security operations are getting more difficult. The majority of survey respondents believe that network security operations is harder than it was two years ago. This change is being driven by a wave of new IT initiatives, like cloud and mobile computing, that add new users, devices, traffic, and applications to the network. People, process, and technology problems are common with network security operations. Network security operations are often hampered by a combination of manual processes, an army of standalone point tools, and organizational issues associated with workflow, communication, and collaboration between the information security team and other IT teams. Cloud computing is exacerbating network security operations issues. In spite of heroic efforts by the security team, network security operations issues are fast approaching a breaking point due to the increasing use of cloud computing, agile development, and DevOps. All of these IT initiatives are built on top of software- based automation and orchestration while network security operations remains anchored to time- consuming manual tasks. Network security operations can no longer keep up as organizations increase their use of public/private clouds. Organizations are moving toward network security operations automation. CISOs recognize the mismatch between manual network security operations and burgeoning cloud computing requirements. As a result, cloud computing has become a major factor driving future network security operations strategy. Furthermore, many organizations are adopting specific network security processes and controls for cloud computing and are pushing to adopt the right tools and technologies for network security operations automation. Network Security Situational Analysis IT and information security professionals are fighting an uphill battle. The ESG research reinforces this trend as a majority of survey respondents (57%) say that network security operations is more difficult today than it was two years ago. Why is this happening? Enterprise organizations say that the growing number of devices on the network, an increase in network traffic, additional use of cloud computing, and further application deployment are all contributing to network security operations difficulties (see Figure 2).
5 5 Figure 2. Reasons Why Network Security Operations Has Become More Difficult You indicated that network security operaaons has become more difficult over the past few years. Which of the following are the primary factors making network operaaons more difficult at your organizaaon? (Percent of respondents, N=85) There are more devices on the network than there were 2 years ago making network security operabons more difficult 34% 66% There is more traffic on the network than there was 2 years ago making network security operabons more difficult 29% 56% My organizabon has increased its use of cloud compubng services (i.e., IaaS and PaaS) over the past 2 years making network security operabons more difficult My organizabon has deployed numerous new applicabons over the past 2 years making network security operabons more difficult Network security operabons encompasses more types of networking and security technologies than it did 2 years ago 21% 26% 20% 55% 51% 47% Top factors making network operabons more difficult (three responses accepted) It is more difficult to get network security operabons visibility across the enbre network today than it was 2 years ago 11% 45% My organizabon has bghtened its IT governance requirements making network security operabons more difficult My organizabon is highly regulated and changes in regulatory requirements over the past 2 years has made network security operabons more difficult My organizabon has implemented tools for IT orchestrabon and automabon over the past 2 years but network security operabons sbll depends upon manual processes 15% 15% 13% 44% 41% 38% All factors making network operabons more difficult (mulbple responses accepted) Network security operabons depends upon cooperabon and coordinabon between the security team and other IT groups and this has become more difficult 14% 32% My organizabon ublizes mulb- vendor network security devices over the past 2 years making network security operabons more difficult 7% 29% My organizabon doesn t have the right security skills making network security operabons more difficult over the past 2 years 14% 26% My organizabon doesn t have the right sized security organizabon to keep up making network security operabons more difficult over the past 2 years 6% 15% 0% 10% 20% 30% 40% 50% 60% 70% Source: Enterprise Strategy Group, 2015.
6 6 Network security operations difficulties are also exacerbated by a number of fundamental people, process, and technology issues. To uncover these types of basic network security problems, survey respondents were presented with a number of statements about network security and asked whether they agreed or disagreed with each statement. The research reveals that: 81% of survey respondents strongly agree or agree with the statement: Monitoring and/or implementing network security controls can require the use of many disparate tools. 82% of survey respondents strongly agree or agree with the statement: Network security operations actions require the involvement of different IT teams. 71% of survey respondents strongly agree or agree with the statement: It can be difficult and/or time- consuming to get an accurate account of network security controls for regulatory compliance audits. 67% of survey respondents strongly agree or agree with the statement: Modifying and/or implementing network security controls requires a lot of manual processes. Taken together, the ESG data should be cause for concern. While new initiatives have added devices, traffic, and internal/external cloud computing platforms to the IT mix, security and network operations teams remain dependent upon disconnected point tools and manual processes. These limitations make day- to- day network security operations time- consuming, resource- intensive, and error- prone a recipe for IT risk and security breaches. The Road Ahead for Network Security ESG s concept called the CISO triad describes the three primary responsibilities of every information security executive: 1. Security efficacy. This involves risk management assessments, implementing/managing strong security controls, and maintaining the right processes, skills, and technologies for incident detection and response. 2. Operational efficiency. To keep up with the infosec workload, CISOs must ensure that their organizations workflows, security processes, and decision- making are extremely well organized. 3. Business enablement. CISOs must be accountable to the business and make sure that any business process supported by IT systems is as secure as it can be. The three priorities of the CISO triad align well with many organizations network security operations strategies. For example, 38% of organizations claim that their network security strategy is being driven by cloud computing initiatives that provide business benefits and flexibility. One- third of organizations say that network security strategy is being driven by a desire to increase the efficiency of network security operations tasks. Furthermore, 30% indicate that their network security strategy is driven by the need to design/implement better monitoring of network topology and network security controls. This reflects the desire to further harden network security controls and continuously monitor these controls for changes to their risk profiles (see Figure 3).
7 7 Figure 3. Primary Network Security Operations Drivers Which of the following are the primary drivers of your organizaaon s network security operaaons strategy? (Percent of respondents, N=150, three responses accepted) Support for cloud compubng inibabves (i.e., private cloud, IaaS, PaaS, etc.) 38% Increase the efficiency of our network security operabons tasks Design/implement beher monitoring and reporbng of network topology and network security controls, and of network behavior for incident detecbon and response Improve troubleshoobng, problem isolabon, and remediabon 30% 29% 33% Improve workflow between the security team and other IT groups 26% Regulatory compliance 24% Improve the ability to audit network security quickly and accurately 23% Support for mobile compubng inibabves 23% Implement some type of centralized technologies for network security orchestrabon and automabon 22% Improve our ability to measure risks associated with network security control changes 21% Automabng manual processes 18% 0% 5% 10% 15% 20% 25% 30% 35% 40% Source: Enterprise Strategy Group, It is worth restating that survey respondents identified cloud computing initiatives as the primary driver for network security strategy. This linkage is understandable since 46% of organizations say they will greatly increase their use of IaaS and PaaS over the next two years, while another 45% claim they will increase their use of IaaS and PaaS to some degree over the next two years. The ESG research also sheds some light on the particular network security challenges related to cloud computing (see Figure 4). For example, 32% of organizations that are currently using public cloud services and/or private cloud infrastructure say that it is difficult to coordinate network security operations across diverse public/private cloud platforms, 31% indicate that cloud computing exacerbates communication and collaboration problems, and 24% point to a disconnect between physical network and cloud computing security controls.
8 Figure 4. Problems Enforcing Security Policies on Public/Private Cloud Infrastructure Which of the following challenges, if any, has your organizaaon experienced with regard to enforcing its security policies on public/private cloud infrastructure? (Percent of respondents, N=145, three responses accepted) My organizabon uses several different public and/or private cloud offerings and it is difficult to coordinate network security operabons across all of these areas Cloud compubng exacerbates communicabon and collaborabon problems between the security operabons team and other IT groups The network security controls we apply to physical infrastructure do not always align with cloud infrastructure 24% 32% 31% 8 It is difficult to troubleshoot problems related to network security controls for cloud- based infrastructure Migrabon of workloads and associated network security controls from physical to cloud infrastructure Lack of integrabon between network operabons tools for physical and cloud infrastructure Exisbng security operabons tools were not designed for cloud compubng Network security operabons depends upon manual processes which can t keep up with cloud orchestrabon and automabon Lack of knowledge about cloud compubng technology 22% 21% 21% 20% 19% 19% Lack of visibility into cloud- based network topology and security controls It is difficult to audit network security controls deployed for cloud- based infrastructure 17% 16% Lack of best pracbces for network operabons for cloud compubng 8% We have not experienced any challenges 5% 0% 5% 10% 15% 20% 25% 30% 35% Source: Enterprise Strategy Group, While people, process, and technology challenges are commonplace with regard to network security operations, the ESG data seems to indicate that these issues are further aggravated by nuances associated with cloud computing. Little wonder then why cloud computing is driving network security strategies moving forward.
9 9 Network Security Adjustments for Cloud Computing Beyond network security operations strategy, many organizations are already making adjustments to accommodate cloud computing with: Cloud computing security policies. One- third of organizations that are currently using public cloud services and/or private cloud infrastructure have created formal security policies for their use of public/private cloud infrastructure that must be adhered to at all times. Another 50% have created formal security policies for their use of public/private cloud infrastructure that are recommended but can be modified by business and IT managers if there is a business reason to do so. This demonstrates the need for specific security policies and policy enforcement that works seamlessly with cloud computing. The implementation of specific network security controls. For example, 58% of organizations that are currently using public cloud services and/or private cloud infrastructure require data loss prevention (DLP), 55% require network encryption, 51% require network segmentation using a firewall, and 47% require a web application firewall (WAF) to protect applications residing on public/private clouds. A move toward network security operations automation. When asked how important it is for their organization to automate its network security operations in the future, 29% of survey respondents noted that it is critical and 61% said it is very important. Network security operations automation is clearly an aspirational goal, but there is still plenty of work ahead only 13% of organizations would characterize their existing network security operations as very similar to the fully automated network security operations model described in the survey (see Figure 5). Figure 5. Comparison of Existing Network Security Operations with an Ideal Automated Model Imagine an ideal situaaon where your organizaaon had the tools and processes needed to automate network security operaaons completely (i.e., central command- and- control for workflow, change control, tesang, visibility, audiang, etc.) across physical, virtual, and cloud infrastructure. How would you compare this type of automated model for network security operaaons to your organizaaon s exisang processes and controls? (Percent of respondents, N=150) My organizabon s exisbng network security operabons processes and controls are very similar to the ideal model described, 13% My organizabon s exisbng network security operabons processes and controls are not at all close to the ideal model described, 21% My organizabon s exisbng network security operabons processes and controls are somewhat similar to the ideal model described, 37% My organizabon s exisbng network security operabons processes and controls are not close to the ideal model described, 29% Source: Enterprise Strategy Group, 2015.
10 10 The Bigger Truth The ESG research indicates that network security is growing more difficult and is fraught with people, process, and technology challenges. While many of these issues are not uncommon in IT organizations, cybersecurity professionals have a different set of standards for success and failure than others in IT. Process and technology issues may reflect poorly on the VP of network engineering when application and network performance suffers. Alternatively, when manual processes and communications problems hinder the security team, the results can be more ominous increasing IT risk, network compromises, and data breaches. Enterprises seem to be heading in the right direction with network security operations strategies aimed at addressing historical problems. As they move forward with these plans, CISOs should: Assess network security operations processes on multiple fronts. Existing network security operations processes may be adequate for applications residing on physical servers and networks, but are they just as effective when applied to virtual servers or public/private clouds? Based upon the data presented in this paper, it appears that the answer to this question is no current network security operations may in fact be ineffective for public/private cloud- based workloads. CISOs should dig into the various people, process, and technology bottlenecks to understand where they are most acute. For example, cloud computing application provisioning may require that the entire network security operations workflow be condensed to align with DevOps schedules. By looking at network operations through the lens of multiple use cases, CISOs can discover the big problems and prioritize their corresponding actions. Attain end- to- end visibility. Network security monitoring is often limited by periodic scans, blind spots, and the lack of comprehensive visibility across the entire network. Since cyber- risks are constantly changing, strong network security depends upon end- to- end, continuous monitoring. Armed with a real- time understanding of what s happening on the network, CISOs can fine- tune security controls, detect and respond to attacks, and prioritize their remediation activities. Remember that end- to- end visibility should include any workloads running in the public cloud. Strive for automation. As described previously, IT and information security professionals realize that it is critical to automate network security operations, but most organizations have a long way to go. CISOs should cast a wide net and look for network security orchestration tools that help them automate manual processes and offer integration capabilities for interoperability with software- defined networking (SDN) technologies, cloud computing management systems, and configuration management tools like Chef and Puppet. In this instance, Tufin aligns well with these burgeoning business, IT, and security requirements.
11 20 Asylum Street Milford, MA Tel: Fax: global.com
Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: What do large enterprises need in order to address increasingly
More informationWhite. Paper. Rethinking Endpoint Security. February 2015
White Paper Rethinking Endpoint Security By Jon OItsik, Senior Principal Analyst With Kyle Prigmore, Associate Analyst February 2015 This ESG White Paper was commissioned by RSA Security and is distributed
More informationThreat Intelligence and Its Role Within Enterprise Cybersecurity Practices
Research Report Abstract: Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices By Jon Oltsik, Senior Principal Analyst With Bill Lundell, Senior Research Analyst and Jennifer Gahm,
More informationThis ESG White Paper was commissioned by Blue Coat and is distributed under license from ESG.
White Paper Network Encryption and its Impact on Enterprise Security By Jon Oltsik, Senior Principal Analyst February 2015 This ESG White Paper was commissioned by Blue Coat and is distributed under license
More informationWhite. Paper. Cloud Computing Demands Enterprise- class Password Management and Security. April 2013
White Paper Cloud Computing Demands Enterprise- class Password Management and Security By Jon Oltsik, Senior Principal Analyst April 2013 This ESG White Paper was commissioned by McAfee (a Division of
More informationThe State of Mobile Computing Security
Research Report Abstract: The State of Mobile Computing Security By Jon Oltsik, Senior Principal Analyst and Bill Lundell, Senior Research Analyst With Jennifer Gahm, Senior Project Manager February 2014
More informationEnterprise Strategy Group Getting to the bigger truth. Cisco: ACL Survey. Final Results. Jon Oltsik, Senior Principal Analyst
TM Enterprise Strategy Group Getting to the bigger truth. Cisco: ACL Survey Final Results Jon Oltsik, Senior Principal Analyst Summary of Key Findings 2 Project Overview 154 completed online surveys
More informationHow To Understand The Needs Of The Network
White Paper The Modern Network Monitoring Mandate By Bob Laliberte, Senior Analyst April 2014 This ESG White Paper was commissioned by Emulex and is distributed under license from ESG. White Paper: The
More informationVirtual Patch Management Offers Automation, Availability, and Cost Benefits Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Virtual Patch Management Offers Automation, Availability, and Cost Benefits Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: Timely patch management is a security best practice,
More informationMarket Research. Study. Database Security and Compliance Risks. December, 2009. By Jon Oltsik
Market Research Study Database Security and Compliance Risks By Jon Oltsik December, 2009 An ESG Market Research Study Sponsored by Application Security, Inc. 2009, Enterprise Strategy Group, Inc. All
More informationGetting on the Road to SDN. Attacking DMZ Security Issues with Advanced Networking Solutions
White Paper Getting on the Road to SDN Attacking DMZ Security Issues with Advanced Networking Solutions By Bob Laliberte, Senior Analyst March 2014 This ESG White Paper was commissioned by NEC and is distributed
More informationEnterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security
More informationThe ESG Cybersecurity Maturity Model
ESG Brief The ESG Cybersecurity Maturity Model Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: As part of its research, ESG regularly uses a scoring system to divide survey populations
More informationWhite. Paper. The Big Data Security Analytics Era Is Here. January 2013
White Paper The Big Data Security Analytics Era Is Here By Jon Oltsik, Senior Principal Analyst January 2013 This ESG White Paper was commissioned by RSA Security and is distributed under license from
More informationThe Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: ESG data indicates that many enterprise organizations
More informationData- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst
ESG Solution Showcase Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst Abstract: Information security practices are in the midst
More informationIBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: Many enterprise organizations claim that they already
More informationVMware and the Need for Cyber Supply Chain Security Assurance
White Paper VMware and the Need for Cyber Supply Chain Security Assurance By Jon Oltsik, Senior Principal Analyst September 2015 This ESG White Paper was commissioned by VMware and is distributed under
More informationIs your organization developing its own custom applications specifically for mobile devices? (Percent of respondents, N=242)
Solution Brief Check Point Capsule for Mobile Computing Security, Operations Efficiency, and Business Enablement Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst; Kyle Prigmore, Research
More informationResearch Report. Abstract: The Evolution of Server Virtualization. November 2010
Research Report Abstract: The Evolution of Server Virtualization By Mark Bowker and Jon Oltsik With Bill Lundell, John McKnight, and Jenn Gahm November 2010 2010 Enterprise Strategy Group, Inc. All Rights
More informationTrends in Private Cloud Infrastructure
Research Report Abstract: Trends in Private Cloud Infrastructure By Mark Bowker, Senior Analyst and Bill Lundell, Senior Research Analyst With Jennifer Gahm, Senior Project Manager April 2014 Introduction
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationESG Brief. Overview. 2014 by The Enterprise Strategy Group, Inc. All Rights Reserved.
ESG Brief Webroot Delivers Enterprise-Class Threat Intelligence to Security Technology Providers and Large Organizations Date: September 2014 Author: Jon Oltsik, Senior Principal Analyst; Kyle Prigmore,
More informationInformation-driven Security and RSA Security Analytics and RSA ECAT
White Paper Information-driven Security and RSA Security Analytics and RSA ECAT By Jon Oltsik, Senior Principal Analyst September 2014 This ESG White Paper was commissioned by RSA, The Security Division
More informationCybersecurity Skills Shortage: A State of Emergency
Enterprise Strategy Group Getting to the bigger truth. ESG Brief Cybersecurity Skills Shortage: A State of Emergency Date: February 2016 Author: Jon Oltsik, Principal Analyst, Doug Cahill, Senior Analyst,
More informationWhite. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013
White Paper Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS By Jon Oltsik, Senior Principal Analyst January 2013 This ESG White Paper was commissioned by McAfee. and is distributed
More informationPlatform-as-a-service Usage and Satisfaction Study
Research Report Abstract: Platform-as-a-service Usage and Satisfaction Study By Stephen D. Hendrick, Principal Analyst with Bill Lundell, Senior Research Analyst and Jennifer Gahm, Senior Project Manager
More informationAdvanced Cyber Threats Demand a New Privileged Account Security Model Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Advanced Cyber Threats Demand a New Privileged Account Security Model Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: In spite of marginal progress, privileged accounts
More informationResearch Report. Abstract: The Impact of Cloud Computing on the Channel. September 2011. By Jeff Hine and Bill Lundell
Research Report Abstract: The Impact of Cloud Computing on the Channel By Jeff Hine and Bill Lundell September 2011 2011 Enterprise Strategy Group, Inc. All Rights Reserved. Introduction Research Objectives
More informationReducing the Critical Time from Incident Detection to Containment
White Paper Reducing the Critical Time from Incident Detection to Containment By Jon Oltsik, Senior Principal Analyst May 2014 This ESG White Paper was commissioned by Bradford Networks and is distributed
More informationWeb Application Security Testing Tools and Services
Research Report Abstract: Web Application Security Testing Tools and Services By Jon Oltsik, Senior Principal Analyst, and Jane Wright, Senior Research Analyst With Jennifer Gahm April 2013 Introduction
More informationResearch Report. Abstract: Solid-state Storage Market Trends. November 2011. By Bill Lundell and Mark Peters With Jennifer Gahm and John McKnight
Research Report Abstract: Solid-state Storage Market Trends By Bill Lundell and Mark Peters With Jennifer Gahm and John McKnight November 2011 2011 Enterprise Strategy Group, Inc. All Rights Reserved.
More informationResearch Report. Abstract: 2014 Public Cloud Computing Trends. March 2014
Research Report Abstract: 2014 Public Cloud Computing Trends By Wayne Pauley, Senior Analyst and Bill Lundell, Senior Research Analyst With Jenn Gahm, Senior Project Manager March 2014 Introduction Research
More informationThis ESG White Paper was commissioned by DH2i and is distributed under license from ESG.
White Paper Application Virtualization: An Opportunity for IT to do More with Much Less By Mark Bowker, Senior Analyst November 2012 This ESG White Paper was commissioned by DH2i and is distributed under
More informationEnterprise Strategy Group Getting to the bigger truth. Radware ADC Survey. Final Results. Jon Oltsik, Senior Principal Analyst
TM Enterprise Strategy Group Getting to the bigger truth. Radware ADC Survey Final Results Jon Oltsik, Senior Principal Analyst Project Overview 243 completed online surveys with IT professionals responsible
More informationWhite. Paper. Building Next Generation Data Centers. Implications for I/O Strategies. August 2014
White Paper Building Next Generation Data Centers Implications for I/O Strategies By Bob Laliberte, Senior Analyst August 2014 This ESG White Paper was commissioned by Emulex and is distributed under license
More informationOnline File Sharing and Collaboration: Deployment Model Trends
Research Report Abstract: Online File Sharing and Collaboration: Deployment Model Trends By Terri McClure, Senior Analyst and Bill Lundell, Senior Research Analyst With Jennifer Gahm, Senior Project Manager
More informationResearch Report. Abstract: Social Enterprise Adoption Trends. June 2012
Research Report Abstract: Social Enterprise Adoption Trends By Tom Petrocelli, Senior Analyst With Bill Lundell, Senior Research Analyst, and Jenn Gahm, Senior Project Manager June 2012 2012 Enterprise
More informationThe Shift Toward Data Protection Appliances
Research Report Abstract: The Shift Toward Data Protection Appliances By Jason Buffington, Senior Analyst and Bill Lundell, Senior Research Analyst With Jennifer Gahm, Senior Project Manager March 2015
More informationESG Threat Intelligence Research Project
TM Enterprise Strategy Group Getting to the bigger truth. ESG Threat Intelligence Research Project May 2015 Jon Oltsik, Senior Principal Analyst Project Overview 304 completed online surveys with IT professionals
More informationIT Infrastructure Development and Its Future
White Paper Transforming the Enterprise with a Dynamic IT Infrastructure By Mark Bowker, Senior Analyst January 2015 This ESG White Paper was commissioned by HP and is distributed under license from ESG.
More informationWhite. Paper. Big Data Advisory Service. September, 2011
White Paper Big Data Advisory Service By Julie Lockner& Tom Kornegay September, 2011 This ESG White Paper was commissioned by EMC Corporation and is distributed under license from ESG. 2011, Enterprise
More informationSecurity Intelligence: A Key Component of Big Data Security Analytics Date: December 2012 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Security Intelligence: A Key Component of Big Data Security Analytics Date: December 2012 Author: Jon Oltsik, Senior Principal Analyst Abstract: The intersection of big data and security analytics
More informationCompensating Security Controls for Windows Server 2003 Security
ESG Solution Showcase Compensating Security Controls for Windows Server 2003 Security Date: May 2015 Author: Jon Oltsik, Senior Principal Analyst Abstract: It is common knowledge by now that Microsoft
More informationSaaS with a Face: User Satisfaction in Cloud- based E- mail Management with Mimecast
White Paper SaaS with a Face: User Satisfaction in Cloud- based E- mail Management with Mimecast By Bill Lundell, Senior Research Analyst January 2013 This ESG White Paper was commissioned by Mimecast
More informationEnterprise Big Data, Business Intelligence, and Analytics Trends
Research Report Abstract: Enterprise Big Data, Business Intelligence, and Analytics Trends By Nik Rouda, Senior Analyst With Bill Lundell, Senior Research Analyst, and Jennifer Gahm, Senior Project Manager
More informationRSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst
ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents
More informationBy Jason Buffington, Senior Analyst, and Monya Keane, Research Analyst
White Paper How to Accelerate IT Resiliency Through Virtualization By Jason Buffington, Senior Analyst, and Monya Keane, Research Analyst August 2015 This ESG White Paper was commissioned by Axcient and
More informationIntegrated Network Security Architecture: Threat-focused Nextgeneration
White Paper Integrated Network Security Architecture: Threat-focused Nextgeneration Firewall By Jon Oltsik, Senior Principal Analyst September 2014 This ESG White Paper was commissioned by Cisco Systems
More informationIntegrated Computing Platforms: Infrastructure Builds for Tomorrow s Data Center
White Paper Integrated Computing Platforms: Infrastructure Builds for Tomorrow s Data Center By Mark Bowker, Senior Analyst, and Perry Laberis, Senior Research Associate March 2013 This ESG White Paper
More informationThis ESG White Paper was commissioned by Extreme Networks and is distributed under license from ESG.
White Paper Network Solutions for Modern Data Centers By Bob Laliberte, Senior Analyst October 2013 This ESG White Paper was commissioned by Extreme Networks and is distributed under license from ESG.
More informationProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst
ESG Lab Spotlight ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst Abstract: This ESG Lab Spotlight examines the
More informationA Storage Network Architecture for Highly Dynamic Virtualized and Cloud Computing Environments
White Paper A Storage Network Architecture for Highly Dynamic Virtualized and Cloud Computing Environments Juniper s QFabric Solution for EMC Storage Environments By Bob Laliberte, Senior Analyst May 2013
More informationRESEARCH REPORT. Abstract. Storage Resource Management Market on the Launch Pad. By Mary Turner and Bob Laliberte With John McKnight and Jennifer Gahm
RESEARCH REPORT Abstract Storage Resource Management Market on the Launch Pad By Mary Turner and Bob Laliberte With John McKnight and Jennifer Gahm October 2007 Introduction Research Objectives The term
More informationResearch Report. Abstract: Trends for Protecting Highly Virtualized and Private Cloud Environments. June 2013
Research Report Abstract: Trends for Protecting Highly Virtualized and Private Cloud Environments By Jason Buffington, Senior Analyst and Bill Lundell, Senior Research Analyst June 2013 Introduction Research
More informationNetwork Security Requirements and Solutions
Critical Criteria For (Cloud) Workload Security Steve Armendariz Enterprise Sales Director CloudPassage October 3, 2015 @NTXISSA #NTXISSACSC3 Does anyone remember when server security was EASY? NTX ISSA
More informationCisco Systems and the Migration from Network Access Control (NAC) to Endpoint Visualization, Access, and Security (EVAS)
White Paper Cisco Systems and the Migration from Network Access Control (NAC) to Endpoint Visualization, Access, and Security (EVAS) By Jon Oltsik, Senior Principal Analyst October 2014 This ESG White
More informationResearch Report. Remote Office/Branch Office Technology Trends. July 2011
Research Report Remote Office/Branch Office Technology Trends By Bill Lundell, Jon Oltsik, and Lauren Whitehouse With John McKnight and Jenn Gahm July 2011 2011 Enterprise Strategy Group, Inc. All Rights
More informationEnterprise Database Trends in a Big Data World
Research Report Abstract: Enterprise Database Trends in a Big Data World By Nik Rouda, Senior Analyst With Bill Lundell, Senior Research Analyst and Jennifer Gahm, Senior Project Manager July 2014 Introduction
More informationResearch Report. Abstract: E-Mail Archiving Market Trends. May 2010. By Brian Babineau With Bill Lundell and John McKnight
Research Report Abstract: E-Mail Archiving Market Trends By Brian Babineau With Bill Lundell and John McKnight May 2010 2010 Enterprise Strategy Group, Inc. All Rights Reserved. Introduction: Research
More informationThis ESG White Paper was commissioned by Zettaset and is distributed under license from ESG.
White Paper Closing the Big Data Management and Security Gap By Nik Rouda, Senior Analyst October 2014 This ESG White Paper was commissioned by Zettaset and is distributed under license from ESG. 2 Contents
More informationThe Network Application Security Architecture Requirement
White Paper The Network Application Security Architecture Requirement By Jon Oltsik March, 2011 This ESG White Paper was commissioned by Juniper Networks and is distributed under license from ESG. 2011,
More informationCorporate Online File Sharing and Collaboration Market Trends
Research Report Abstract: Corporate Online File Sharing and Collaboration Market Trends By Kristine Kao, Market Research Analyst, Terri McClure, Senior Analyst, and Jane Wright, Senior Production Analyst
More informationNext-generation Security Architecture for the Enterprise
White Paper Next-generation Security Architecture for the Enterprise By Jon Oltsik, Senior Principal Analyst October 2014 This ESG White Paper was commissioned by Palo Alto Networks and is distributed
More informationWhite. Paper. The Rise of Network Functions Virtualization. Implications for I/O Strategies in Service Provider Environments.
White Paper The Rise of Network Functions Virtualization Implications for I/O Strategies in Service Provider Environments By Bob Laliberte, Senior Analyst August 2014 This ESG White Paper was commissioned
More informationTOP 5 REASONS WHY FINANCIAL SERVICES FIRMS SHOULD CONSIDER SDN NOW
TOP 5 REASONS WHY FINANCIAL SERVICES FIRMS SHOULD CONSIDER SDN NOW Abstract Software-defined networking, or SDN, is a relatively new technology that is already having a major impact on companies in the
More informationWhite. Paper. Evaluating Sync and Share Solutions. Balancing Security, Control, and Productivity. September, 2014
White Paper Evaluating Sync and Share Solutions Balancing Security, Control, and Productivity By Terri McClure, Senior Analyst September, 2014 This ESG White Paper was commissioned by Code42 and is distributed
More informationResearch Report. Abstract: 2013 Public Cloud Computing Trends. March 2013
Research Report Abstract: 2013 Public Cloud Computing Trends By Wayne Pauley, Senior Analyst and Bill Lundell, Senior Research Analyst With Jenn Gahm, Senior Project Manager March 2013 Introduction Research
More informationPrevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management
Prevent cyber attacks. SEE what you are missing. See Your Network MAP. Prevent Cyber Attacks. Driven by the need to support evolving business objectives, enterprise IT infrastructures have grown increasingly
More informationWhite. Paper. Information Security, Virtualization, and the Journey to the Cloud. August, 2010
White Paper Information Security, Virtualization, and the Journey to the Cloud By Jon Oltsik August, 2010 This ESG White Paper was commissioned by Trend Micro and is distributed under license from ESG.
More informationThe Challenge. ESG Case Study
ESG Case Study Primatics Financial Delivers SaaS-based Solution Excellence Using EMC s XtremIO Date: March 2015 Authors: Mark Peters, Senior Analyst; Adam DeMattia, Market Research Analyst; and Monya Keane,
More informationSECURITY POLICY MANAGEMENT ACROSS THE NEXT GENERATION DATA CENTER
SECURITY POLICY MANAGEMENT ACROSS THE NEXT GENERATION DATA CENTER An AlgoSec Whitepaper MANAGE SECURITY AT THE SPEED OF BUSINESS AlgoSec Whitepaper Introduction Corporate networks today must deliver hundreds
More informationResearch Report. Abstract: The Impact of Big Data on Data Analytics. September 2011
Research Report Abstract: The Impact of Big Data on Data Analytics By Julie Lockner and Bill Lundell With Jennifer Gahm and John McKnight September 2011 2011 Enterprise Strategy Group, Inc. All Rights
More informationWhite. Paper. The Converged Network. November, 2009. By Bob Laliberte. 2009, Enterprise Strategy Group, Inc. All Rights Reserved
White Paper The Converged Network By Bob Laliberte November, 2009 2009, Enterprise Strategy Group, Inc. All Rights Reserved White Paper: The Converged Network 2 Contents Introduction... 3 What s Needed...
More information2015 Data Storage Market Trends
Research Report Abstract: 2015 Data Storage Market Trends By Mark Peters, Senior Analyst and Bill Lundell, Senior Research Analyst With Scott Sinclair, Analyst and Jenn Gahm, Senior Project Manager October
More informationCloud Computing Adoption Trends:
Research Report Abstract: Cloud Computing Adoption Trends: Software- and Infrastructure-as-a-Service Usage Among Enterprise and Midmarket Organizations By Bill Lundell With John McKnight and Jennifer Gahm
More informationResearch Report. Abstract: Trends in Data Protection Modernization. August 2012
Research Report Abstract: Trends in Data Protection Modernization By Jason Buffington, Senior Analyst, and Bill Lundell, Senior Research Analyst August 2012 Introduction Research Objectives Research Report:
More informationESG Brief. Modern Data Centers: Massive Scale and Complexity. Data Center Networking Discontinuity
ESG Brief IBM and NEC Bring SDN/OpenFlow to Enterprise Data Center Networks Date: January, 2012 Author: Jon Oltsik, Senior Principal Analyst, and Bob Laliberte, Senior Analyst Abstract: Enterprise data
More informationEnterprise Strategy Group Getting to the bigger truth. By Bill Lundell, Senior Research Analyst and John McKnight, VP Research and Analysts
Enterprise Strategy Group Getting to the bigger truth. By Bill Lundell, Senior Research Analyst and John McKnight, VP Research and Analysts March 2015 4 Cloud Computing: Not a Question of If, but Rather
More informationVaronis: Secure Enterprise Collaboration and File Sharing Date: June 2015 Author: Terri McClure, Senior Analyst; and Leah Matuson, Research Analyst
ESG Brief Varonis: Secure Enterprise Collaboration and File Sharing Date: June 2015 Author: Terri McClure, Senior Analyst; and Leah Matuson, Research Analyst Abstract: With the burgeoning workplace mobility
More informationFIVE PRACTICAL STEPS
WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND
More informationData Protection Services Should Be About Services, as Well as Data Protection Date: February 2013 Author: Jason Buffington, Senior Analyst
Company Brief Data Protection Services Should Be About Services, as Well as Data Protection Date: February 2013 Author: Jason Buffington, Senior Analyst Abstract: Organizations trying to modernize or fix
More informationWhite. Paper. Understanding and Addressing APTs. September 2012
White Paper Understanding and Addressing APTs By Jon Oltsik, Senior Principal Analyst September 2012 This ESG White Paper was commissioned by Trend Micro and is distributed under license from ESG. 2012,
More informationPlatform-as-a-service Language Use Study
Research Report Abstract: Platform-as-a-service Language Use Study By Stephen D. Hendrick, Principal Analyst with Bill Lundell, Senior Research Analyst & Jennifer Gahm, Senior Project Manager February
More informationPrevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management
Prevent cyber attacks. SEE what you are missing. See Your Network MAPS. Prevent cyber attacks. [RedSeal] is meeting our expectations and is playing an integral role as it feeds right into our overall risk
More informationWhite. Paper. EMC Isilon: A Scalable Storage Platform for Big Data. April 2014
White Paper EMC Isilon: A Scalable Storage Platform for Big Data By Nik Rouda, Senior Analyst and Terri McClure, Senior Analyst April 2014 This ESG White Paper was commissioned by EMC Isilon and is distributed
More informationThe Convergence of Big Data Processing and Integrated Infrastructure
Research Report Abstract: The Convergence of Big Data Processing and Integrated Infrastructure By Evan Quinn, Senior Principal Analyst and Bill Lundell, Senior Research Analyst With Brian Babineau, Vice
More informationBackup and Archiving Convergence Trends
Research Report Abstract: Backup and Archiving Convergence Trends By Jason Buffington, Senior Analyst and Bill Lundell, Senior Research Analyst With Jennifer Gahm, Senior Project Manager April 2014 Introduction
More informationHow To Integrate Identity And Security With A Network-Based Business Process
INFORMATION SECURITY BRIEF Business Enablement Demands Tight Identity and Security Integration Date: April 2009 Author: Jon Oltsik, Principal Analyst Abstract: Identity management and security were once
More informationCloud and Regulations: A match made in heaven, or the worst blind date ever?
Cloud and Regulations: A match made in heaven, or the worst blind date ever? Vinod S Chavan Director Industry Cloud Solutions, IBM Cloud October 28, 2015 Customers are faced with challenge of balancing
More informationTufin Orchestration Suite
Tufin Orchestration Suite Security Policy Orchestration across Physical Networks & Hybrid Cloud Environments The Network Security Challenge In today s world, enterprises face considerably more network
More informationEMC s Enterprise Hadoop Solution. By Julie Lockner, Senior Analyst, and Terri McClure, Senior Analyst
White Paper EMC s Enterprise Hadoop Solution Isilon Scale-out NAS and Greenplum HD By Julie Lockner, Senior Analyst, and Terri McClure, Senior Analyst February 2012 This ESG White Paper was commissioned
More informationWhite. Paper. Endpoint Security Demands Defense-indepth and Advanced Analytics. November 2013
White Paper Endpoint Security Demands Defense-indepth and Advanced Analytics By Jon Oltsik, Senior Principal Analyst November 2013 This ESG White Paper was commissioned by Bit9 and is distributed under
More informationNASCIO 2015 State IT Recognition Awards
NASCIO 2015 State IT Recognition Awards Title: State of Georgia Private Security Cloud Implementation Category: Cybersecurity Contact: Mr. Calvin Rhodes CIO, State of Georgia Executive Director, GTA calvin.rhodes@gta.ga.gov
More informationAn Application-Centric Infrastructure Will Enable Business Agility
An Application-Centric Infrastructure Will Enable Business Agility March 2014 Prepared by: Zeus Kerravala An Application-Centric Infrastructure Will Enable Business Agility by Zeus Kerravala March 2014
More informationCloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES
Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES Meeting the 7 Challenges in Testing and Performance Management Introduction With advent of the cloud paradigm, organizations are transitioning
More informationResearch Report. Abstract: The Impact of Server Virtualization on Data Protection. September 2010
Research Report Abstract: The Impact of Server Virtualization on Data Protection By Lauren Whitehouse and Bill Lundell With Jennifer Gahm September 2010 2010 Enterprise Strategy Group, Inc. All Rights
More informationThe State of Application Delivery in 2015
The State of Application Delivery in 2015 a report by F5 f5.com/soad 1 Introduction F5 surveyed customers from more than 300 organizations (of all sizes) across a broad spectrum of vertical markets such
More informationThe Challenge of Securing and Managing Data While Meeting Compliance
ESG Brief Commvault: Integrating Enterprise File Sync and Share Capabilities with Data Protection and Backup Date: September 2015 Author: Terri McClure, Senior Analyst, and Leah Matuson, Research Analyst
More informationThe Continuing Evolution of Virtualization, Cloud Computing, and Information Security
White Paper The Continuing Evolution of Virtualization, Cloud Computing, and Information Security By Jon Oltsik April, 2012 This ESG White Paper was commissioned by Trend Micro and is distributed under
More information