Opening the Gates to the Digital War Room - What is it Now, and What is it Likely to Become?

Dennis Drogseth

EMA has just completed research titled, Unifying IT for Digital War Room Performance. The research was partly inspired by current debates about the role of the "War Room" and how it is or is not evolving. Some seem lost in fantasy — "the war room will absolutely disappear." Whereas for others, basic incident handling is just emerging and having a more defined and effective war room team remains a hope for the distant future.

The Industry Debate

As with so much in our industry, a lot of this debate depends on meaning and definition — or in this case how you do or don't define "war room." War rooms are often defined as disastrous assemblages of finger-pointing adults caught up with siloed versions of "the truth" — all at least as interested in proving that their teams are not guilty, as they are in actually solving the problem at hand.

Our goal was to find out how teams are being formed and optimized to handle major incidents and problems that require cross-domain insights

However, for our research we took a much more open-ended approach. Our goal was to find out how teams are being formed and optimized to handle major incidents and problems that require cross-domain insights. This included, by the way, proactive cross-domain teams for managing issues before they become the IT equivalent of life-threatening. Our war rooms could be either physical or virtual. Highly automated or not. Made up of consistent, well-defined teams, or not. But what made them war rooms was the need for collaborative decision making across silos, and the need for urgency in taking effective action.

War Room Processes

Throughout the research, EMA examined the most critical processes logically relevant to war room performance. These included:

Initial awareness — alerting the relevant stakeholders that something is, or about to be, a problem

Response team engagement — making sure relevant stakeholders have an informed context for working together to resolve the problem

Triage and diagnostics — finding out what's really wrong in clear service-impact context

Remediation — actually fixing problem, ideally with inbuilt levels of automation to support the fix

Validation — ensuring that the "fix" really is a fix

Ideally, also, a history has been kept so that IT can move to prevent the problem in the future, or at least bring it to ever speedier resolution. We asked respondents about this in the context of auditing war room performance.

The War Room's Multiple Dimensions

We also looked at cloud to see if public and private cloud initiatives were making things easier or harder in the war room and why. (What we saw is a little bit of both.)

And then there's DevOps and agile. One of the industry hallucinations seems to be that DevOps and agile are making the war room disappear. What we found is just the opposite in the vast majority of cases (well over 80%). We looked, as well, at how development is working as an integrated part of the digital war room phenomenon, and the impact of in-house applications on war room processes.

And then of course there's security. Or maybe security should come first. In fact, security incident and event management (SIEM) was right at the top of digital war room technology priorities along with advanced IT analytics. The growing need to handshake between operations, security and ITSM teams in the digital war room was evident throughout our data.

Looking at all of the above, you might say that incidents and problems are increasingly non-denominational in how they occur. In other words, digital war rooms are no longer (if they ever were) just about operations in a vacuum.

Technologies, Metrics and Success

As mentioned above, analytics and security were the big winners when we looked at digital war room technology priorities. In fact, the top-ranking five were:

1. Advanced IT analytics or AIOps

2. SIEM

3. Security threat intelligence analysis

4. Endpoint instrumentation and analytics

5. IT process automation

The top two technical metrics were performance latencies and end user experience management.

And the top three obstacles to digital war room success were security-related issues, inconsistent data, and data fragmentation.

In Summary

Overall, we saw that the digital war room is becoming more not less important, growing in size, becoming more proactive and fundamentally more strategic.

To get a lot more insight, please watch my on-demand EMA webinar.

Read my next blog, Organization and Process (Or Lack Thereof) in the Digital War Room

Related Links

Hot Topics

The Latest

MEAN TIME TO INSIGHT Podcast - Episode 24: Network Observability Tool Sprawl

In MEAN TIME TO INSIGHT Episode 24, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses network observability tool sprawl ... 

Capacity Isn't a Guess: Observability-Driven Sizing for On-Prem Databases

In cloud-native systems, scaling is often as simple as moving a slider. For on-premise databases, the stakes are different. Over-provisioning hardware is expensive. Under-provisioning leads to performance bottlenecks that are difficult to fix once the equipment is in the rack ...

5 Security Principles Every Entrepreneur Should Apply to Leadership

When most people think about cybersecurity, they picture firewalls, encryption, and access controls — technical tools designed to protect systems and data. But beneath the technology lies a deeper set of principles about trust, decision-making, and resilience ... The best leaders don't eliminate risk. They manage it intelligently. And in many ways, cybersecurity offers a surprisingly useful playbook for doing exactly that ...

Signs It May Be Time to Reassess Your IT Infrastructure Strategy

Many organizations assumed their infrastructure strategy was settled. It had been implemented, optimized and built into long-term plans. Recent changes in technology and vendor consolidation are forcing a second look. Cloud outages and licensing changes have exposed how much dependency exists on a small number of platforms. As a result, organizations are reevaluating whether those decisions still hold up under current conditions ...

Enterprise Edge AI Reaches Inflection Point

Edge AI is strategically embedded in core IT and infrastructure spending across industries, according to the 2026 Edge AI Survey from ZEDEDA. The research shows that 83% of C-suite and IT executive respondents say edge AI is important to their core business strategy ...

AI Is Hitting Operational Limits

As AI adoption accelerates, operational complexity — not model intelligence — is becoming the primary barrier to reliable AI at scale, according to the State of AI Engineering 2026 from Datadog ... The report highlights a compounding complexity challenge as AI systems scale ... Around 5% of AI model requests fail in production, with nearly 60% of those failures caused by capacity limits ...

Alert Fatigue Is No Longer a Morale Problem, It's a Reliability Risk and a System Failure

For years, production operations teams have treated alert fatigue as a quality-of-life problem: something that makes on-call rotations miserable but isn't considered a direct contributor to outages. That framing doesn't capture how these systems fail, and we now have data to show why. More importantly, it's now clear alert fatigue is a symptom of a deeper issue: production systems have outgrown the current operational approaches ...

Most Enterprises Think They Can Switch AI Vendors in a Month ... Most Who've Tried Couldn't

I was on a customer call last fall when an enterprise architect said something I haven't been able to shake. Her team had just spent four months trying to swap one AI vendor for another. The original plan said three weeks. "We didn't switch vendors," she told me. "We rebuilt half our integrations and discovered what we'd actually been depending on." Most enterprise leaders don't expect that to be the experience ...

Your Observability Stack Has a Telemetry Pipeline Problem

Ask any senior SRE or platform engineer what keeps them up at night, and the answer probably isn't the monitoring tool — it's the data feeding it. The proliferation of APM, observability, and AIOps platforms has created a telemetry sprawl problem that most teams manage reactively rather than architect proactively. Metrics are going to one platform. Traces routed somewhere else. Logs duplicated across multiple backends because nobody wants to be caught without them when something breaks. Every redundant stream costs money ...

Operator to Orchestrator: 80% of IT Pros See Shift in Role as AI Permeates Workflows

80% of respondents agree that the IT role is shifting from operators to orchestrators, according to the 2026 IT Trends Report: The Human Side of Autonomous IT from SolarWinds ...

Opening the Gates to the Digital War Room - What is it Now, and What is it Likely to Become?

Dennis Drogseth

EMA has just completed research titled, Unifying IT for Digital War Room Performance. The research was partly inspired by current debates about the role of the "War Room" and how it is or is not evolving. Some seem lost in fantasy — "the war room will absolutely disappear." Whereas for others, basic incident handling is just emerging and having a more defined and effective war room team remains a hope for the distant future.

The Industry Debate

As with so much in our industry, a lot of this debate depends on meaning and definition — or in this case how you do or don't define "war room." War rooms are often defined as disastrous assemblages of finger-pointing adults caught up with siloed versions of "the truth" — all at least as interested in proving that their teams are not guilty, as they are in actually solving the problem at hand.

Our goal was to find out how teams are being formed and optimized to handle major incidents and problems that require cross-domain insights

However, for our research we took a much more open-ended approach. Our goal was to find out how teams are being formed and optimized to handle major incidents and problems that require cross-domain insights. This included, by the way, proactive cross-domain teams for managing issues before they become the IT equivalent of life-threatening. Our war rooms could be either physical or virtual. Highly automated or not. Made up of consistent, well-defined teams, or not. But what made them war rooms was the need for collaborative decision making across silos, and the need for urgency in taking effective action.

War Room Processes

Throughout the research, EMA examined the most critical processes logically relevant to war room performance. These included:

Initial awareness — alerting the relevant stakeholders that something is, or about to be, a problem

Response team engagement — making sure relevant stakeholders have an informed context for working together to resolve the problem

Triage and diagnostics — finding out what's really wrong in clear service-impact context

Remediation — actually fixing problem, ideally with inbuilt levels of automation to support the fix

Validation — ensuring that the "fix" really is a fix

Ideally, also, a history has been kept so that IT can move to prevent the problem in the future, or at least bring it to ever speedier resolution. We asked respondents about this in the context of auditing war room performance.

The War Room's Multiple Dimensions

We also looked at cloud to see if public and private cloud initiatives were making things easier or harder in the war room and why. (What we saw is a little bit of both.)

And then there's DevOps and agile. One of the industry hallucinations seems to be that DevOps and agile are making the war room disappear. What we found is just the opposite in the vast majority of cases (well over 80%). We looked, as well, at how development is working as an integrated part of the digital war room phenomenon, and the impact of in-house applications on war room processes.

And then of course there's security. Or maybe security should come first. In fact, security incident and event management (SIEM) was right at the top of digital war room technology priorities along with advanced IT analytics. The growing need to handshake between operations, security and ITSM teams in the digital war room was evident throughout our data.

Looking at all of the above, you might say that incidents and problems are increasingly non-denominational in how they occur. In other words, digital war rooms are no longer (if they ever were) just about operations in a vacuum.

Technologies, Metrics and Success

As mentioned above, analytics and security were the big winners when we looked at digital war room technology priorities. In fact, the top-ranking five were:

1. Advanced IT analytics or AIOps

2. SIEM

3. Security threat intelligence analysis

4. Endpoint instrumentation and analytics

5. IT process automation

The top two technical metrics were performance latencies and end user experience management.

And the top three obstacles to digital war room success were security-related issues, inconsistent data, and data fragmentation.

In Summary

Overall, we saw that the digital war room is becoming more not less important, growing in size, becoming more proactive and fundamentally more strategic.

To get a lot more insight, please watch my on-demand EMA webinar.

Read my next blog, Organization and Process (Or Lack Thereof) in the Digital War Room

Related Links

Hot Topics

The Latest

MEAN TIME TO INSIGHT Podcast - Episode 24: Network Observability Tool Sprawl

In MEAN TIME TO INSIGHT Episode 24, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses network observability tool sprawl ... 

Capacity Isn't a Guess: Observability-Driven Sizing for On-Prem Databases

In cloud-native systems, scaling is often as simple as moving a slider. For on-premise databases, the stakes are different. Over-provisioning hardware is expensive. Under-provisioning leads to performance bottlenecks that are difficult to fix once the equipment is in the rack ...

5 Security Principles Every Entrepreneur Should Apply to Leadership

When most people think about cybersecurity, they picture firewalls, encryption, and access controls — technical tools designed to protect systems and data. But beneath the technology lies a deeper set of principles about trust, decision-making, and resilience ... The best leaders don't eliminate risk. They manage it intelligently. And in many ways, cybersecurity offers a surprisingly useful playbook for doing exactly that ...

Signs It May Be Time to Reassess Your IT Infrastructure Strategy

Many organizations assumed their infrastructure strategy was settled. It had been implemented, optimized and built into long-term plans. Recent changes in technology and vendor consolidation are forcing a second look. Cloud outages and licensing changes have exposed how much dependency exists on a small number of platforms. As a result, organizations are reevaluating whether those decisions still hold up under current conditions ...

Enterprise Edge AI Reaches Inflection Point

Edge AI is strategically embedded in core IT and infrastructure spending across industries, according to the 2026 Edge AI Survey from ZEDEDA. The research shows that 83% of C-suite and IT executive respondents say edge AI is important to their core business strategy ...

AI Is Hitting Operational Limits

As AI adoption accelerates, operational complexity — not model intelligence — is becoming the primary barrier to reliable AI at scale, according to the State of AI Engineering 2026 from Datadog ... The report highlights a compounding complexity challenge as AI systems scale ... Around 5% of AI model requests fail in production, with nearly 60% of those failures caused by capacity limits ...

Alert Fatigue Is No Longer a Morale Problem, It's a Reliability Risk and a System Failure

For years, production operations teams have treated alert fatigue as a quality-of-life problem: something that makes on-call rotations miserable but isn't considered a direct contributor to outages. That framing doesn't capture how these systems fail, and we now have data to show why. More importantly, it's now clear alert fatigue is a symptom of a deeper issue: production systems have outgrown the current operational approaches ...

Most Enterprises Think They Can Switch AI Vendors in a Month ... Most Who've Tried Couldn't

I was on a customer call last fall when an enterprise architect said something I haven't been able to shake. Her team had just spent four months trying to swap one AI vendor for another. The original plan said three weeks. "We didn't switch vendors," she told me. "We rebuilt half our integrations and discovered what we'd actually been depending on." Most enterprise leaders don't expect that to be the experience ...

Your Observability Stack Has a Telemetry Pipeline Problem

Ask any senior SRE or platform engineer what keeps them up at night, and the answer probably isn't the monitoring tool — it's the data feeding it. The proliferation of APM, observability, and AIOps platforms has created a telemetry sprawl problem that most teams manage reactively rather than architect proactively. Metrics are going to one platform. Traces routed somewhere else. Logs duplicated across multiple backends because nobody wants to be caught without them when something breaks. Every redundant stream costs money ...

Operator to Orchestrator: 80% of IT Pros See Shift in Role as AI Permeates Workflows

80% of respondents agree that the IT role is shifting from operators to orchestrators, according to the 2026 IT Trends Report: The Human Side of Autonomous IT from SolarWinds ...