The report explores the thinking of 750 global cloud decision-makers and users about the public, private and multi-cloud market. It shares their current and future cloud strategies, often showing year-over-year (YoY) changes to help identify trends. And it offers perspective on how some trends have changed over the years. The survey began in the first quarter of 2020 during the early days of the COVID-19 outbreak spreading outside of China.

This tenth annual Flexera 2021 State of the Cloud Report (previously known as the RightScale State of the Cloud Report) delves into the details of what respondents had to say to reveal what’s happening with all things cloud—from spend allocation to cost management to strategies. Leveraging this data can help IT professionals plan the next steps of their cloud journey. The report explores the thinking of 750 global cloud decision-makers and users about the public, private and multi-cloud market. It shares their current and future cloud strategies, often showing year-over-year (YoY) changes to help identify trends.

In our third State of the Cybersecurity Attack Surface report, we continue to see enterprises struggle with many of the same issues they’ve been grappling with—they are blind to IT assets missing endpoint protection, patch management, and, as we now include in this report, vulnerability management. “Stale” IT assets continue to proliferate across corporate networks. Organizations are unnecessarily paying for unused licenses while facing budget cuts and economic challenges.

For the report, Marsh McLennan paired its extensive proprietary dataset of cyber claims with the results from Marsh Cybersecurity Self-Assessment (CSA) questionnaires, which are composed of hundreds of questions and responses from individual organizations. When combined, the two datasets allow for deep insights into which cybersecurity controls have the greatest effect on the likelihood of an organization experiencing a cyber event. Such innovative use of data and analytics can help companies identify which controls to prioritize. In turn, this can help position an insured favorably during cyber insurance underwriting.

The goal of this report is to offer a view on the state of compliance in today’s typical organization, including: the rate of noncompliance among a typical organization’s assets, the compliance standards that are hardest for organizations to adhere to, how well compliance tracks against the overall risk surface and the most common security controls causing non-compliance.

In 2021, the industry saw a transition into threat actor separation of duties, with an increase in groups focused on obtaining and selling access to victims (Initial Access Brokers). In observing this trend, Deepwatch has taken note of the proliferation of Initial Access Brokers and how it correlates with a shift in focus, away from specific industries and towards attacks of opportunity. As this trend continues, more emphasis must be placed on risk management of organizations’ internet exposure.

The goal of this survey was to understand the current state of SaaS security and misconfigurations. The survey was conducted online by CSA from January to February 2022 and received 340 responses from IT and security professionals from various organization sizes and locations. CSA’s research team performed the data analysis and interpretation for this report.

This study examines trends in application development security. It looks as the extent to which security teams understand modern development practices, what influences application security investments, and the dynamic between development teams and cybersecurity teams.

This report covers findings from a survey conducted by Dimensional Research in July 2020. A total of 310 qualified individuals completed the survey.

A survey of 400 public sector IT decision makers and influencers to determine challenges faced by public sector IT professionals, security threats, and cybersecurity capabilities.

The 2020 edition of this annual survey based report on cloud adoption, migration, and security trends. Drawn from a pool of 750 global respondents with roles in evaluatng, purchasing, and managing cybersecurity products and with a high level of familiarity of their organizaiton’s public cloud use.

This is the fifth annual report from the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board. HCSEC is a facility in Banbury, Oxfordshire, belonging to Huawei Technologies (UK) Co Ltd (Huawei UK), whose parent company, Huawei Technologies Co Ltd, is a Chinese headquartered company which is now one of the world’s largest telecommunications providers.

From the report, “The Prioritization to Prediction series is an ongoing research initiative between Kenna Security and the Cyentia Institute. The first volume proposed a model for predicting which of the numerous hardware and software vulnerabilities published each month were most likely to be exploited, and thus deserving of priority remediation. The second volume sought to apply and test that theoretical model using empirical data collected on billions of observed vulnerabilities. We ended the last report by analyzing vulnerability remediation timeframes across a sample of 12 firms. This third volume picks up where we left off and expands the analysis to roughly 300 organizations of different types and sizes. We leverage a technique called survival analysis to draw out important lessons about remediation velocity and capacity, concepts we explore and define during the course of this report. Overall, our goal is to understand what it means to survive—nay thrive—in the race of vulnerability remediation.” Read on to find out more.

MuleSoft commissioned independent market research company Vanson Bourne to survey 650 IT leaders from global enterprises to discover: › What is the state of today’s digital transformation initiatives? › How is the role of IT evolving in the customer-centric era? › What are the top challenges IT organizations face? › Which strategies are enterprises adopting to get ahead of the market?

From the report, “This technical whitepaper presents and discusses the concept of “Connectivity as Code”, a complementary concept to “Infrastructure as Code” (IaC), and we will explain how it can be incorporated into the DevOps lifecycle for a more agile application delivery. We will also describe how empowering the developer to define the application’s connectivity requirements will bridge the gap between developers and network security, and help to automate the application delivery process end-to-end. The solution presented in this whitepaper seamlessly weaves network connectivity into the DevOps methodology, while ensuring continuous compliance, so that automation does not compromise security.”

From the report, “For the past six years, Puppet has produced the annual State of DevOps Report1 and collected more than 27,000 responses from technical professionals around the world, making it the longest-running and most comprehensive study on the topic of DevOps today. One of the most common requests we’ve gotten over the years is for segmentation of the data by region, industry and company size. In this special report, we’ve segmented the 2017 State of DevOps survey data to dive deeper into trends and patterns we’re seeing in each of these segments.”

From the report, “The Puppet 2018 State of DevOps Report took a new tack this year, seeking prescriptive guidance for teams to follow. We designed our survey to learn how organizations progress through their DevOps journeys, and after analyzing the data, we found that the successful ones go through specific stages. Our research also revealed a set of core practices — we call them “foundational practices” — that are critical to success throughout the entire DevOps evolution. In this paper, we’ll take you through an in-depth description of these foundational practices, and offer you our advice for how to begin instituting them in the way that makes most sense for your organization, based on our findings.”

From the report, “This year we designed our DevOps survey to reveal what successful organizations actually do as they progress on their DevOps journeys. We discovered that they experience five distinct stages of DevOps evolution, which we have shared in full detail in our 2018 State of DevOps Report. This CIO guide digests our research into a report that’s just for you. We want to help you quickly understand what successful organizations do at each stage of DevOps evolution; which practices must be established at each stage (we call these the defining practices); and how you can best support your team throughout its DevOps journey to assure continuing progress and success.”

From the report, “IT security leaders know their companies’ endpoints, PCs, and servers are continuously targeted by hackers. They also agree following best practices in endpoint security hygiene is instrumental in reducing cyber incidents. However, our 2017 survey of IT security leaders points to a situation where most are concerned about their actual practices in endpoint security hygiene. Fortunately, most also acknowledge they need to improve. When it comes to identifying their top priorities, IT security leaders are clear: they want to reduce the frequency and severity of data breaches; streamline regulatory compliance; and maintain business continuity. When it comes to identifying and executing upon the security hygiene best practices required to deliver on these priorities, things begin to get murky. Our 2017 survey of IT security leaders reveals a situation in which most respondents express concern about their security hygiene practices and waning confidence in the ability of existing tools to help them improve. Read on for more about what we learned, plus five recommended action items you can take today to address these issues.”

This paper seeks to provide a new approach to cyber security that enables IT operations and incident response teams to move faster and act smarter.

Many federal agencies have begun adoption of modern, agile approaches to software delivery, with the goal of building higher quality services faster and more cheaply. While there are significant barriers to the adoption of this paradigm in the federal government, this paper offers specific principles and practices that have already achieved success.