1、 2020 by The Enterprise Strategy Group,Inc.All Rights Reserved.By Jon Oltsik,ESG Senior Principal Analyst and Fellow February 2020 This ESG Research Insights Paper was commissioned by Cisco and is distributed under license from ESG.Toward Enterprise-class Cybersecurity Vendors and Integrated Product

2、 Platforms ESG RESEARCH INSIGHTS PAPER Enterprise Strategy Group|Getting to the bigger truth.Research Insights Paper:Toward Enterprise-class Cybersecurity Vendors and Integrated Product Platforms 2 2020 by The Enterprise Strategy Group,Inc.All Rights Reserved.Contents Executive Summary.3 Security Po

3、int Tools Pitfalls.3 Organizations are Changing Security Product Purchasing Behavior.5 Cybersecurity Vendor Consolidation.7 Toward Enterprise-class Cybersecurity Vendors.9 The Rise of Cybersecurity Technology Platforms.11 Cisco SecureX.13 The Bigger Truth.13 Research Insights Paper:Toward Enterprise

4、-class Cybersecurity Vendors and Integrated Product Platforms 3 2020 by The Enterprise Strategy Group,Inc.All Rights Reserved.Executive Summary Famed physicist,Albert Einstein,is attributed with this famous quote:“The definition of insanity is doing the same thing over and over again and expecting d

5、ifferent results.”Based upon ESG research,Einstein could have been talking about enterprise cybersecurity.Many organizations continue to address cybersecurity challenges with finite tactical changes,like adding a new network security control or force-fitting some type of backend analytics tool.In th

6、is scenario,any improvement in security efficacy is often offset by technical complexity and operational overhead.This can also lead to increasing cyber-risk,security incidents,and costly data breaches.Fortunately,organizations are digging deeper,looking for the roots of their problems,and then expl

7、oring new types of cybersecurity solutions.This ESG Research Insights paper concludes:Security point tools represent a foundational problem.Security point tools represent a foundational problem.Cybersecurity professionals have long held a cultural belief in the benefits of best-of-breed security pro

8、ducts.Unfortunately,this has led to silos of best-of-breed security tools everywherestrong individual products and a disconnected collective security infrastructure.Scarce security professionals are forced to monitor and manage security on a product-by-product basis and use their knowledge,skills,an

9、d intuition to piece together a holistic security picturean operationally challenging situation.CISOs cant hire their way out of this predicament due to the global cybersecurity skills shortage.Given the scale,scope,and sophistication of cyber-threats,a point tools-based piecemeal approach has becom

10、e a liability.Organizations are consolidating vendors and integrating technologies.Organizations are consolidating vendors and integrating technologies.To address this situation,organizations are actively consolidating security vendors and integrating security products.The goals?Improve threat preve

11、ntion/detection,streamline operations,encourage faster time to resolution,and receive greater support from vendors.The research points to a clear directionenterprise organizations will spend more money with fewer vendors.This change is already happening and will become even more significant moving f

12、orward.Leading vendors are responding to demandLeading vendors are responding to demand-side requirements.side requirements.To address customer requirements,leading vendors are integrating products,opening interfaces,driving industry standards,and creating partner ecosystems.ESG believes a few leade

13、rs will separate themselves from the pack to become enterprise-class cybersecurity vendors,offering technology platforms for threat prevention,detection,and response across areas like application,endpoint,network,and cloud security.The best platforms will also feature advanced analytics,world-class

14、threat intelligence,security operations process automation,and a common UI/UX.Cybersecurity technology platform competition will be fierce.Leaders in this space will have solid offerings,strong future roadmaps,and services capabilities to help customers succeed.Cybersecurity technology platforms hav

15、e the potential to simplify and automate security operations,giving time back to overwhelmed security teams.In this way,CISOs can focus on enabling secure business processes rather than just blocking cyber-attacks.Security Point Tools Pitfalls According to recent ESG research,76%of organizations cla

16、im that threat detection and response is more difficult today than 2 years ago.1 This increasing difficultly is driven by external and internal changes.Externally,security professionals must address a dynamic and sophisticated threat landscape while monitoring and maintaining security over a growing

17、 attack surface(i.e.,cloud,IoT,mobile,SaaS,etc.)driven by new IT initiatives like digital transformation.These conditions 1 Source:ESG Master Survey Results,The Threat Detection and Response Landscape,April 2019.Research Insights Paper:Toward Enterprise-class Cybersecurity Vendors and Integrated Pro

18、duct Platforms 4 2020 by The Enterprise Strategy Group,Inc.All Rights Reserved.are outside the control(i.e.,external)of the security team.Internally,many CISOs are addressing cybersecurity challenges with a reliance on manual informal processes,an understaffed cybersecurity team,and an army of dispa

19、rate point tools from an assortment of vendors.This last point is illustrated by recent ESG research:31%of organizations use more than 50 different security products while 60%use more than 252.Managing a wide assortment of security tools creates numerous challenges like(see Figure 1):Monitoring and

20、securing different infrastructure.Monitoring and securing different infrastructure.40%of those surveyed said that they need different(security)infrastructure environments which are then managed by separate teams,creating operational inefficiencies.For example,SOC personnel may monitor application,en

21、dpoint,network,and cloud security using different teams and tools,making it difficult to compare data or coordinate actions across different IT infrastructure environments.These security silos can get in the way of efficient operations across a modern hybrid cloud IT infrastructure.Purchasing comple

22、xity.Purchasing complexity.Security teams are hired to prevent,detect,and respond to security incidentsnot manage vendors and service contracts.Unfortunately,40%of security professionals say that purchasing from a multitude of security vendors adds cost and purchasing complexity to their organizatio

23、n.Since CISOs arent measured on purchasing proficiency,this is overhead they dont need.IntricateIntricate and timeand time-consuming security operations.consuming security operations.In another recent ESG research report,75%of organizations claim that the global cybersecurity skills shortage has imp

24、acted their security operations.3 Regrettably,the impact of the cybersecurity skills shortage is exacerbated when too few staffers are confronted with too many security point tools.As the research indicates,35%say that managing an assortment of security products leads to complex and time-consuming s

25、ecurity operations.In other words,threat detection and response take far longer than optimal,resulting in higher levels of cyber-risk,security incidents,and data breaches.Assessing the big picture through a series of little pictures.Assessing the big picture through a series of little pictures.35%of

26、 respondents say that managing an assortment of security products makes it difficult to get a complete picture of their security status.Again,this makes it problematic to understand cyber-risk or track an attack across the kill chain when a compromised system scans the network to steal administrator

27、 passwords,downloads malware payloads,or reaches out to a command-and-control(C2)server for instructions.Understanding the totality of this type of malicious activity would require time and effort by highly trained SOC analysts piecing together analysis from several different security technologies.2

28、 Source:ESG Master Survey Results,Enterprise-class Cybersecurity Vendor Sentiment Survey,February 2020.All ESG research references and charts in this research insights paper have been taken from this master survey results set,unless otherwise noted.3 Source;ESG/ISSA Research Report,The Life and Time

29、s of Cybersecurity Professionals 2018,May 2019.Research Insights Paper:Toward Enterprise-class Cybersecurity Vendors and Integrated Product Platforms 5 2020 by The Enterprise Strategy Group,Inc.All Rights Reserved.Figure 1.Challenges Associated with Managing an Assortment of Security Products Source

30、:Enterprise Strategy Group Organizations are Changing Security Product Purchasing Behavior Over the last few years,many CISOs recognized that a point tools-based security infrastructure is unsustainablethe problems associated with a lack of integration and operational overhead outweigh any benefits

31、accompanying individual tools.As a result,organizations have changed their approach to buying,deploying,and operating security products.While purchasing,deployment,and operations strategies are evolving,security professionals still demand excellence from individual security products.This attitude is

32、 clearly evidenced in Figure 2.When asked to identify the most important security product considerations,41%of survey respondents opted for a products ability to prevent/detect threats.Thus,a security technology architecture must be anchored by a foundation of best-of-breed threat prevention and det

33、ection tools.25%33%34%35%35%40%40%My organization doesnt have enough staff or skills to manage our security technologies appropriatelyEach security technology demands its own managementand operations straining my organizations resourcesAll our security products generate high volumes of securityalert

34、s making it difficult to prioritize and investigatesecurity incidentsIt is difficult to get a complete picture of our security statususing many disparate security technologiesThe number of security technologies used at myorganization makes security operations complex and timeconsumingPurchasing from

35、 a multitude of security vendors adds costand purchasing complexity to my organizationWe need different solutions for different infrastructureenvironments which are then managed by separate teamscreating operational inefficienciesWhich of the following represent the biggest challenges associated wit

36、h managing an assortment of security products from different vendors?(Percent of respondents,N=247,three responses accepted)Research Insights Paper:Toward Enterprise-class Cybersecurity Vendors and Integrated Product Platforms 6 2020 by The Enterprise Strategy Group,Inc.All Rights Reserved.Figure 2.

37、Important Cybersecurity Technology Considerations Source:Enterprise Strategy Group Beyond best-of-breed threat prevention/detection,however,security professionals want to move beyond silos of disconnected point tools toward an integrated security technology architecture.This desire is clearly illust

38、rated in Figure 364%of survey respondents say that it is critical that security products integrate with other security technologies while another 33%say it is important that best-of-breed products integrate with other security technologies.Clearly,CISOs want it alla best-of-breed security tools foun

39、dation AND interoperability across technologies.6%6%7%7%9%11%12%41%Vendor reputationExisting relationship with vendorAdd-on professional/managed servicesEase of installationEase-of-use and operationsProduct integration capabilitiesCostAbility to prevent/detect threatsWhich of the following product c

40、onsiderations are most important to your organization when purchasing cybersecurity technologies?(Percent of respondents,N=247,percent ranked#1 displayed)Research Insights Paper:Toward Enterprise-class Cybersecurity Vendors and Integrated Product Platforms 7 2020 by The Enterprise Strategy Group,Inc

41、.All Rights Reserved.Figure 3.Importance of Integration Across Security Products and Technologies Source:Enterprise Strategy Group Cybersecurity Vendor Consolidation Given the trend toward product integration,it is not surprising then that companies may be inclined to buy more products and technolog

42、ies from fewer vendors.Why?Enterprise-class cybersecurity technology vendors can do a lot of the grunt work by tightly integrating their best-of-breed products into scalable and interoperable technology architectures.Based on this industry trend,many organizations are taking an active approach to ve

43、ndor consolidation.ESG research indicates that 39%of organizations are actively consolidating the number of cybersecurity vendors they do business with on a large-scale basis while another 38%are actively consolidating the number of cybersecurity vendors they do business with on a limited basis(see

44、Figure 4).Critical we only buy best-of-breed products if they are designed for broader technology integration,64%Important,33%Somewhat important,2%How important is the ability of these best-of-breed products to integrate with other security technologies?(Percent of respondents,N=168)Research Insight

45、s Paper:Toward Enterprise-class Cybersecurity Vendors and Integrated Product Platforms 8 2020 by The Enterprise Strategy Group,Inc.All Rights Reserved.Figure 4.Cybersecurity Vendor Consolidation Trends Source:Enterprise Strategy Group The research also indicates that cybersecurity professionals have

46、 clear expectations about the value of buying more security technologies from fewer vendors.For example(see Figure 5):58%point to improved threat prevention/detection efficacy.58%point to improved threat prevention/detection efficacy.The thought here is that individual tools will interoperate,sharin

47、g data,alerts,and pertinent threat intelligence.In this way,an integrated security platform can improve alert fidelity while enriching and contextualizing security telemetry.This can help SOC teams minimize the dead-end work of chasing false positives while streamlining security operations tasks ass

48、ociated with forensic investigations.51%say they expect operational efficiencies realized by their security and IT teams.51%say they expect operational efficiencies realized by their security and IT teams.Strong cybersecurity practices depend upon effective communications and collaborations between

49、SOC and IT/network operations teams.Survey respondents believe that security/IT operations coordination can be improved if both teams are working off aggregated data,enriched alerts,and common administration tools.46%claim that they expect faster time to problem resolution via a single support conta

50、ct.46%claim that they expect faster time to problem resolution via a single support contact.Nearly half(46%)of survey respondents believe that SOC analysts jobs will become easier when they have a single vendor to work with for platform support.This makes senserather than tuning multiple individual

51、products,SOC teams can customize rule sets and centralize configuration settings.Leading vendors can benefit here as well by dedicating trained field personnel measured on making their customers as successful as possible.We are actively consolidating the number of cybersecurity vendors with whom we

52、conduct business on a large-scale basis,39%We are actively consolidating the number of cybersecurity vendors with whom we conduct business on a limited basis,38%We are considering consolidating the number of cybersecurity vendors with whom we conduct business,14%We have no plans to consolidate the n

53、umber of cybersecurity vendors with whom we conduct business,9%Which of the following statements regarding the consolidation of cybersecurity vendors with whom your organization conducts business is most accurate?(Percent of respondents,N=247)Research Insights Paper:Toward Enterprise-class Cybersecu

54、rity Vendors and Integrated Product Platforms 9 2020 by The Enterprise Strategy Group,Inc.All Rights Reserved.Figure 5.The Value Associated with Cybersecurity Vendor Consolidation Source:Enterprise Strategy Group Toward Enterprise-class Cybersecurity Vendors Today,the industry is made up of thousand

55、s of individual vendors,many offering a single point tool.As large organizations integrate security technologies and consolidate vendors,the industry will change accordingly and lead to the rise of a handful of enterprise-class cybersecurity vendors.ESG defines the term enterprise-class cybersecurit

56、y vendor as those cybersecurity vendors offering a breadth of cybersecurity products and/or services designed for scale,integration,and support for the business process requirements of a large organization.Based upon this general definition,ESG asked cybersecurity professionals to identify the most

57、important attributes of an enterprise-class cybersecurity vendor(see Figure 6).These include:IndustryIndustry-specific cybersecurity expertisespecific cybersecurity expertise.Digital transformation applications,IoT device proliferation,and increasing regulations are changing cybersecurity technologi

58、es from horizontal services to vertical industry applications.This transition is reflected in the ESG data,as 35%of respondents believe that industry-centric cybersecurity expertise is one of the most important attributes for enterprise-class cybersecurity vendors.WorldWorld-class threat research an

59、d intelligence.class threat research and intelligence.Security operations teams need real-time intelligence about the threat landscape for forensic investigations and threat hunting.Thus,world-class security threat research and intelligence is a top attribute for enterprise-class cybersecurity vendo

60、rs.A broad portfolio of cybersecurity productsA broad portfolio of cybersecurity products.As previously stated,CISOs want to buy more products from fewer vendors.Enterprise-class cybersecurity vendors can meet this requirement by offering a broad product portfolio to 32%36%38%39%46%51%58%Vendor mana

61、gement and procurement efficienciesOpportunity to take advantage of vendors R&D and innovationDeep relationship in which the vendor better understandsour business,computing environment,and strategicinitiativesTighter integration between previously disparate securitycontrolsFast time to problem resol

62、ution via a single supportcontactOperational efficiencies realized by our security and ITteamsImproved threat prevention/detection efficacyWhich of the following best represents your organizations perspective on the value of procuring cybersecurity solutions from fewer enterprise-class cybersecurity

63、 companies?(Percent of respondents,N=247,multiple responses accepted)Research Insights Paper:Toward Enterprise-class Cybersecurity Vendors and Integrated Product Platforms 10 2020 by The Enterprise Strategy Group,Inc.All Rights Reserved.customers.Little wonder then why 28%of survey respondents consi

64、der this an important enterprise-class cybersecurity vendor attribute.A proven execution track record.A proven execution track record.More than one-quarter(26%)believe that enterprise-class cybersecurity vendors must have the ability to execute on their product roadmaps and strategies.In other words

65、,CISOs want to work with vendors seen as“safe bets”for the long term.Figure 6.Most Important Attributes of an Enterprise-class Cybersecurity Vendor Source:Enterprise Strategy Group 7%11%11%11%11%12%12%17%20%23%25%26%28%31%35%Extensive partner alliance programBroad managed/professional services portf

66、olioWorks with VARs that understand my organizations industry and businessProvides an open platform that I can build upon and easilyintegrate with the rest of my security stackGlobal presence and coverageCommitment to reducing operational complexity loweringour cost of ownershipHigh-touch,consultati

67、ve field sales modelProvides products designed for enterprise-scale,integration,and business process requirementsCommitment toward integrating all individual productsinto a common architectureOffers a variety of cybersecurity services to help us betterutilize and optimize productsIs a major IT brand

68、 in addition to offering a broad portfolioof cybersecurity productsA proven track record of executing its cybersecurityproduct roadmap and strategyBroad product portfolio of cybersecurity productsWorld-class security threat research and threat intelligenceCybersecurity expertise specific to my indus

69、tryIn your view,which of the following attributes would you consider to be the most important for an enterprise-class cybersecurity vendor?(Percent of respondents,N=247,three responses accepted)Research Insights Paper:Toward Enterprise-class Cybersecurity Vendors and Integrated Product Platforms 11

70、2020 by The Enterprise Strategy Group,Inc.All Rights Reserved.Enterprise-class cybersecurity technology vendors with these attributes are highly attractive to enterprise organizations.Indeed,80%of organizations indicated that they would consider buying a significant amount of their security technolo

71、gies from a single enterprise-class cybersecurity vendor.The Rise of Cybersecurity Technology Platforms In 2020,enterprise-class cybersecurity vendors will compete for business by offering cybersecurity technology platforms.ESG defines this term as:A tightly integrated suite of products offered by a

72、 single vendor with third-party product integration capabilities through APIs,industry standards,and partner ecosystems.The much-anticipated cybersecurity“platform wars”will lead to ferocious competition,industry hyperbole,and user confusion.Nevertheless,cybersecurity professionals have a clear idea

73、 of what they want from a cybersecurity platform.The top five platform attributes include:1.Security coverage across major Security coverage across major threat vectorsthreat vectors and access pointsand access points.Most cyber-attacks still rely on two primary threat vectors:email and the web.Ther

74、efore,cybersecurity platforms must include monitoring and controls designed to block and/or alert on suspicious/malicious activities across these common channels.2.Analytics.Analytics.Cybersecurity platforms must be back-ended by advanced analytics for behavioral analysis,file analysis,and risk scor

75、ing.The goal?Eliminate false positives and provide high fidelity and actionable alerts.3.Threat intelligence integration.Threat intelligence integration.As previously mentioned,SOC analysts want real-time threat intelligence so they can compare anomalous activities with whats going on“in the wild.”4

76、.Wide coverage.Wide coverage.Rather than purchase disparate tools,CISOs want cybersecurity platforms that span applications,endpoints,networks,and clouds.5.Prevention,detection,and response.Prevention,detection,and response.Platforms must be able to reduce the attack surface and easily block known t

77、hreats.Leading platforms will provide advanced analytics for threat detection,and a security operations workbench,runbooks,and automation capabilities for incident response.Research Insights Paper:Toward Enterprise-class Cybersecurity Vendors and Integrated Product Platforms 12 2020 by The Enterpris

78、e Strategy Group,Inc.All Rights Reserved.Figure 7.Most Important Attributes of a Cybersecurity Technology Platform Source:Enterprise Strategy Group The transition to cybersecurity platforms isnt some distant vision.In truth,todays cybersecurity requirements demand action,so the move to cybersecurity

79、 platforms is already underway.For example,38%of organizations have already purchased multiple products from a single vendor rather than best-of-breed products from multiple vendors,34%have used open source software as an integration layer between independent products,and 34%have pushed several cybe

80、rsecurity technology product vendors to work together on product integration.CISOs will continue to push vendors on product consolidation and encourage them to pursue standards,heterogeneous product integration,and industry cooperation.Enterprise-class cybersecurity vendors must anticipate these dem

81、ands and take a leadership position toward facilitation.Industry leaders will offer comprehensive open cybersecurity technology platforms that can help organizations improve security efficacy while streamlining operations.19%22%22%23%25%28%28%29%38%39%Is offered in multiple deployment optionsInclude

82、s features and functionality for security operationsCentral management and reporting across all products andservicesPlatform made up of tightly coupled plug-and-playproducts and managed services that can be addedtogether over timeExtensible and open architectureProvides threat prevention,detection,a

83、nd responsecapabilitiesCoverage across the entire attack surfaceIncludes integration with threat intelligence for threatdetection and remediation purposesSecurity analyticsSecurity coverage that includes major threat vectors likeemail security,web security,etc.What are the most important attributes

84、of a cybersecurity“platform?”(Percent of respondents,N=247,three responses accepted)Research Insights Paper:Toward Enterprise-class Cybersecurity Vendors and Integrated Product Platforms 13 2020 by The Enterprise Strategy Group,Inc.All Rights Reserved.Cisco SecureX Cisco recently announced a cyberse

85、curity platform called SecureX.Cisco SecureX connects the breadth of Ciscos integrated security portfolio and customers security infrastructure.This integration is intended to help customers gain more value from Cisco products and existing security infrastructure by coordinating defenses(i.e.,endpoi

86、nt,network,cloud,etc.),centralizing visibility and analytics,and enabling automation for threat prevention,detection,and response.SecureX is also built with a consistent UI/UX that follows the user across Cisco Security to share context between products and teams.This should help security teams rall

87、y around common reports and dashboards,eliminating the need to pivot between multiple solutions.Overall,Cisco SecureX provides many of the important platform attributes highlighted in the ESG research.Cisco also has an aggressive roadmap for SecureX moving forward.CISOs should evaluate SecureX acros

88、s current and future capabilities.Think of SecureX as a journey rather than a destination.It is also worth noting that Cisco is not charging extra for SecureX or asking customers to replace or layer on new technology.Rather,SecureX is delivered as a built-in experience across the Cisco Security port

89、folio.The Bigger Truth Given the state of cybersecurity today,most CISOs realize that they cant protect their organizations by relying on disconnected point tools,informal/manual processes,and a shortage of cybersecurity skills.One way out of this mess is through technology integration that allows i

90、ndependent tools to share data,correlate alerts,and enable common workflows for security operations.Cybersecurity technology platforms can address integration complexity with turnkey interoperable product suites.Those from leading enterprise-class cybersecurity vendors will enhance cybersecurity tec

91、hnology platforms with world-class threat intelligence,industry feature/functionality,and enterprise quality scalability,manageability,and support.Furthermore,cybersecurity technology platforms functionality can have an immediate impact on organizational maturity.Simply stated,the cybersecurity team

92、 can be more productive and focused on protecting business-critical assets and processes.To avoid confusion as they evaluate cybersecurity technology platforms,CISOs should:Assess current challenges across people,process,and technology.Assess current challenges across people,process,and technology.L

93、eading platforms should go beyond technology alone,helping organizations increase staff productivity while streamlining operations.CISOs should look for current bottlenecks impacting areas like employee training,MTTD/MTTR,and process automation.This assessment should help produce a list of platform

94、requirements beyond technology integration alone.IncluInclude IT and network operations in RFIs and product evaluations.de IT and network operations in RFIs and product evaluations.Remember that security is a collective activity,dependent upon strong communications and collaboration between security

95、 and IT/network operations teams.Smart CISOs will work with IT peers to uncover current challenges and then seek solutions in RFIs,product evaluations,and testing/piloting that can be used effectively by both groups.Plan for the longPlan for the long-term.term.Cybersecurity technology platforms will

96、 likely grow organically,integrating more product categories and capabilities over time.Therefore,platform research should go beyond whats available today.CISOs should press vendors for a 24 to 36-month roadmap.Leading vendors should have comprehensive plans but also be willing to work with customer

97、s as new requirements arise.On the enterprise side,CISOs should create metrics so they Research Insights Paper:Toward Enterprise-class Cybersecurity Vendors and Integrated Product Platforms 14 2020 by The Enterprise Strategy Group,Inc.All Rights Reserved.can assess progress and create programs for c

98、ontinual improvement as they deploy cybersecurity technology platforms more broadly through phases.Reach ouReach out to the community.t to the community.Note to CISOs:You are not alonejust about every other enterprise organization is going through a similar transition.CISOs should seek out guidance

99、from other industry organizations of a similar size.In this way,organizations may be able to work together to press vendors on some industry-specific nuances that can be added to cybersecurity technology platforms over time.2020 by The Enterprise Strategy Group,Inc.All Rights Reserved.All trademark

100、names are property of their respective companies.Information contained in this publication has been obtained by sources The Enterprise Strategy Group(ESG)considers to be reliable but is not warranted by ESG.This publication may contain opinions of ESG,which are subject to change.This publication is

101、copyrighted by The Enterprise Strategy Group,Inc.Any reproduction or redistribution of this publication,in whole or in part,whether in hard-copy format,electronically,or otherwise to persons not authorized to receive it,without the express consent of The Enterprise Strategy Group,Inc.,is in violatio

102、n of U.S.copyright law and will be subject to an action for civil damages and,if applicable,criminal prosecution.Should you have any questions,please contact ESG Client Relations at 508.482.0188.Enterprise Strategy Group is an IT analyst,research,validation,and strategy firm that provides market intelligence and actionable insight to the global IT community.www.esg- contactesg- 508.482.0188