Skip to main content

Exploring the Convergence of Observability and Security - Part 1

Pete Goldin
Editor and Publisher
APMdigest

Observability and security — are they a match made in IT heaven, or a culture clash from IT hell? Sorry to be so dramatic, but it's actually a serious question that has gravity. The convergence of observability and security could change IT operations as we know it. And many IT authorities see this as a good thing.

With input from industry experts — both analysts and vendors — this 8-part blog series to be posted over the next two weeks will explore what is driving this convergence, the challenges and advantages, and how it may transform the IT landscape.

Security and observability are really made for each other

"Security and observability are really made for each other," says Mike Loukides, VP of Emerging Tech Content at O'Reilly Media. "Security has always suffered from a lack of information. Logs and metrics just don't give you that much to work with. Add the trace data that a good observability platform can give you, and there's much more to work with. Which means a much greater chance of catching an intruder early, before they've had a chance to do a lot of damage."

Chaim Mazal, Chief Security Officer at Gigamon cites a recent study that found observability delivers a mix of tactical (resolution, continuity, tracking) and strategic (experience, governance, innovation) benefits, with security ranking as the highest benefit — 34% of surveyed IT leaders agreed.

Growing Complexity Makes Convergence a Necessity

The emergence of new technologies — including cloud computing, microservices and containerization — has led to more complex, connected systems, notes Roger Floren, Principal Product Manager at Red Hat. This complexity makes it harder to monitor and secure applications efficiently. So a holistic approach that combines both security and observability is the next natural step.

"Complexity is driving this convergence," Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at Enterprise Management Associates (EMA) agrees. "When troubleshooting performance problems, IT operations teams often find that root cause is actually a security incident. This points to the need for better partnerships between IT/Network operations and security. Much of this complexity is driven by hybrid and multi-cloud architectures, which are causing both IT ops and security teams headaches."

Use the player or download the MP3 below to listen to EMA-APMdigest Podcast Episode 2 — Shamus McGillicuddy talks about Network Observability, the convergence of observability and security, and more.

Click here for a direct MP3 download of Episode 2 - Part 1

Because many organizations are expanding across a mix of cloud, fast development cycles, low-code and no-code platforms, this has significantly expanded the attack surface, according to Gregg Ostrowski, CTO Adviser at Cisco AppDynamics. He says, to identify and address higher volumes of security alerts, organizations must prioritize full visibility across complex IT environments, which can be achieved with observability.

"In today's complex, fast-paced environment, modern organizations are often perpetually overwhelmed and find themselves trapped in a cycle of reactivity," Spiros Xanthos, SVP and General Manager of Observability, Splunk, elaborates. "They're constantly dealing with cybersecurity threats, IT system stressors, and other adverse events; all while trying to keep their systems secure and reliable. To overcome such challenges, these organizations need to be able to detect, investigate and respond more quickly; pivot when the macro-environment demands it; and adapt, so they can respond to future events better."

"Taking a unified approach to security and observability helps address these challenges," he continues, "because it enables SecOps, ITOps and DevOps to work in tandem — not in silos — to proactively maintain business resilience and keep these adverse events at bay without slowing down innovation."

"The convergence is being driven by the general realization that observability and security are really two sides of the same coin," adds Glenn Gray, Director of Product Marketing at Auvik. "Simply put, you cannot properly secure IT infrastructure that you do not fully understand or regularly monitor. If one accepts that notion, then observability becomes a key component of any good IT infrastructure security strategy."

Combining observability and security is no longer an option — it is a necessity, warns Amit Shah, Director of Product Marketing at Dynatrace. "Providing observability context to security data can help organizations find issues that have escaped into runtime and enable teams to focus on what really matters. Additionally, observability-driven security can provide an additional layer of protection to catch threats that perimeter security solutions miss."

Cloud Drives Convergence

More specifically, some experts focus on cloud migration as the driving factor behind the convergence between security and observability.

Amit Shah of Dynatrace says, "Increased digital transformation is happening in hybrid and multicloud environments, which are dynamic, complex, and create an explosion of data. Using traditional approaches, it is difficult for organizations to react quickly to changing cloud environments and evolving security threats."

Shah cites the 2023 Global CISO Report from Dynatrace, which shows that more than two-thirds (68%) of CISOs say vulnerability management is more difficult because the complexity of their software supply chain and cloud ecosystem has increased.

"To address these challenges, leading organizations are turning to AI-driven solutions that converge observability and security capabilities," he continues. "These tools enable increased visibility across complex cloud environments and provide precise information so that organizations can automatically identify and reveal the impact of security vulnerabilities in real-time, freeing them up to focus on delivering faster, more secure innovation."

Chaim Mazal of Gigamon adds, "I believe the two key drivers of this overlap are the swift shift to the cloud coupled with the increasing levels of sophistication of the threat actors across today's continuously evolving threat landscape. It is becoming vitally important that NetOps, SecOps, and even DevOps teams work together to ensure cloud security. And this, in turn, requires increasing levels of visibility across hybrid and multi-cloud infrastructure. Technology organizations will be well served to bring network context to their observability tools to detect threats in real-time and mitigate exposure to risk."

All About the Data

Most experts agree that the observability data is what makes convergence compelling, from the security point of view.

Kirsten Newcomer, Director, Cloud and DevSecOps Strategy at Red Hat says, "The convergence is driven by the reality that both solutions need similar data sets and need to answer similar questions about running systems and are using similar technologies for cloud-native, Kubernetes environments."

"The single biggest driver of this convergence is that the IT teams involved with observability have the data, and they must share it with security teams so they can investigate critical threats," adds Adam Hert, Director of Product at Riverbed. "IT teams are collecting extremely large data volumes while, at the same time, gathering additional data from the APM and network sectors. It does not make sense for organizations to do that twice. Observability teams are winning the race when it comes to data gathering, but they need to share that with security teams to boost efficiencies and combat worsening threats and breaches."

An interesting trend is the need for shared visibility into key enabling apps and IT infrastructure technologies from both an operational and security standpoint, and Kubernetes is a primary example, according to Asaf Yigal, CTO of Logz.io. "No matter what model or teams you support internally, there's a shared interest in the performance and security of technologies like Kubernetes that are so fundamental to modern apps and infrastructure. In some cases this is driving greater convergence from a monitoring and observability standpoint, as in shared responsibility for analysis, investigation and response workflows."

Prashant Prahlad, VP of Cloud Security Products at Datadog says, "The added context from the observability data helps customers detect attacks and identify issues sooner than before. Further, the same observability data helps users identify and remediate security issues more quickly than before. Finally, the individuals responsible for observability (SRE/devops) are the ones most familiar with the applications and can resolve security issues sooner than a centralized security team that operates more broadly."

The Big Data Dilemma

Experts also say that convergence of observability and security efforts can help SecOps teams deal with the deluge of data collected across the enterprise.

"With so many tools, vendors, data sources, and technologies, security teams are flooded with mounds of data to sift through," says Esteban Gutierrez, CISO & VP, Information Security at New Relic.

Buddy Brewer, Chief Product Officer at Mezmo explains, "Organizations have been dealing with the challenge of handling an ever-increasing amount of data moving through their systems for a long time. The explosion of log data from cloud environments, stemming from more applications than ever, has overwhelmed many teams — especially security teams."

Brewer goes on to say that organizations realize they need a unified approach to manage telemetry data, both for security and observability. "Challenges such as too much data, data in the wrong format, and data not available to the right teams and applications are common for development, SRE, and security teams. Organizations must have a unified approach to manage the data and make it actionable to reduce MTTD/MTTR. This approach allows security teams to find attacks early and have the data needed to implement fixes before it becomes unmanageable."

Ajit Sancheti, GM, Falcon LogScale at CrowdStrike, agrees, "With the speed of business becoming increasingly faster and adversaries becoming more sophisticated, combining security and observability tools will allow organizations to efficiently operationalize the massive amounts of data currently being generated to better understand the activity inside their IT environments."

Why Now?

After all this discussion, we start to get an answer to the question: Why is the convergence of observability and security heating up now?

"Why now?" Mike Loukides of O'Reilly Media responds. "I don't think that's the right question. Why not three years ago? Giving the security team more data to work with can only be a good thing, and it's surprising it's taken that long to catch on."

Go to: Exploring the Convergence of Observability and Security - Part 2: Logs, Metrics and Traces

Pete Goldin is Editor and Publisher of APMdigest

The Latest

Businesses that face downtime or outages risk financial and reputational damage, as well as reducing partner, shareholder, and customer trust. One of the major challenges that enterprises face is implementing a robust business continuity plan. What's the solution? The answer may lie in disaster recovery tactics such as truly immutable storage and regular disaster recovery testing ...

IT spending is expected to jump nearly 10% in 2025, and organizations are now facing pressure to manage costs without slowing down critical functions like observability. To meet the challenge, leaders are turning to smarter, more cost effective business strategies. Enter stage right: OpenTelemetry, the missing piece of the puzzle that is no longer just an option but rather a strategic advantage ...

Amidst the threat of cyberhacks and data breaches, companies install several security measures to keep their business safely afloat. These measures aim to protect businesses, employees, and crucial data. Yet, employees perceive them as burdensome. Frustrated with complex logins, slow access, and constant security checks, workers decide to completely bypass all security set-ups ...

Image
Cloudbrink's Personal SASE services provide last-mile acceleration and reduction in latency

In MEAN TIME TO INSIGHT Episode 13, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses hybrid multi-cloud networking strategy ... 

In high-traffic environments, the sheer volume and unpredictable nature of network incidents can quickly overwhelm even the most skilled teams, hindering their ability to react swiftly and effectively, potentially impacting service availability and overall business performance. This is where closed-loop remediation comes into the picture: an IT management concept designed to address the escalating complexity of modern networks ...

In 2025, enterprise workflows are undergoing a seismic shift. Propelled by breakthroughs in generative AI (GenAI), large language models (LLMs), and natural language processing (NLP), a new paradigm is emerging — agentic AI. This technology is not just automating tasks; it's reimagining how organizations make decisions, engage customers, and operate at scale ...

In the early days of the cloud revolution, business leaders perceived cloud services as a means of sidelining IT organizations. IT was too slow, too expensive, or incapable of supporting new technologies. With a team of developers, line of business managers could deploy new applications and services in the cloud. IT has been fighting to retake control ever since. Today, IT is back in the driver's seat, according to new research by Enterprise Management Associates (EMA) ...

In today's fast-paced and increasingly complex network environments, Network Operations Centers (NOCs) are the backbone of ensuring continuous uptime, smooth service delivery, and rapid issue resolution. However, the challenges faced by NOC teams are only growing. In a recent study, 78% state network complexity has grown significantly over the last few years while 84% regularly learn about network issues from users. It is imperative we adopt a new approach to managing today's network experiences ...

Image
Broadcom

From growing reliance on FinOps teams to the increasing attention on artificial intelligence (AI), and software licensing, the Flexera 2025 State of the Cloud Report digs into how organizations are improving cloud spend efficiency, while tackling the complexities of emerging technologies ...

Today, organizations are generating and processing more data than ever before. From training AI models to running complex analytics, massive datasets have become the backbone of innovation. However, as businesses embrace the cloud for its scalability and flexibility, a new challenge arises: managing the soaring costs of storing and processing this data ...

Exploring the Convergence of Observability and Security - Part 1

Pete Goldin
Editor and Publisher
APMdigest

Observability and security — are they a match made in IT heaven, or a culture clash from IT hell? Sorry to be so dramatic, but it's actually a serious question that has gravity. The convergence of observability and security could change IT operations as we know it. And many IT authorities see this as a good thing.

With input from industry experts — both analysts and vendors — this 8-part blog series to be posted over the next two weeks will explore what is driving this convergence, the challenges and advantages, and how it may transform the IT landscape.

Security and observability are really made for each other

"Security and observability are really made for each other," says Mike Loukides, VP of Emerging Tech Content at O'Reilly Media. "Security has always suffered from a lack of information. Logs and metrics just don't give you that much to work with. Add the trace data that a good observability platform can give you, and there's much more to work with. Which means a much greater chance of catching an intruder early, before they've had a chance to do a lot of damage."

Chaim Mazal, Chief Security Officer at Gigamon cites a recent study that found observability delivers a mix of tactical (resolution, continuity, tracking) and strategic (experience, governance, innovation) benefits, with security ranking as the highest benefit — 34% of surveyed IT leaders agreed.

Growing Complexity Makes Convergence a Necessity

The emergence of new technologies — including cloud computing, microservices and containerization — has led to more complex, connected systems, notes Roger Floren, Principal Product Manager at Red Hat. This complexity makes it harder to monitor and secure applications efficiently. So a holistic approach that combines both security and observability is the next natural step.

"Complexity is driving this convergence," Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at Enterprise Management Associates (EMA) agrees. "When troubleshooting performance problems, IT operations teams often find that root cause is actually a security incident. This points to the need for better partnerships between IT/Network operations and security. Much of this complexity is driven by hybrid and multi-cloud architectures, which are causing both IT ops and security teams headaches."

Use the player or download the MP3 below to listen to EMA-APMdigest Podcast Episode 2 — Shamus McGillicuddy talks about Network Observability, the convergence of observability and security, and more.

Click here for a direct MP3 download of Episode 2 - Part 1

Because many organizations are expanding across a mix of cloud, fast development cycles, low-code and no-code platforms, this has significantly expanded the attack surface, according to Gregg Ostrowski, CTO Adviser at Cisco AppDynamics. He says, to identify and address higher volumes of security alerts, organizations must prioritize full visibility across complex IT environments, which can be achieved with observability.

"In today's complex, fast-paced environment, modern organizations are often perpetually overwhelmed and find themselves trapped in a cycle of reactivity," Spiros Xanthos, SVP and General Manager of Observability, Splunk, elaborates. "They're constantly dealing with cybersecurity threats, IT system stressors, and other adverse events; all while trying to keep their systems secure and reliable. To overcome such challenges, these organizations need to be able to detect, investigate and respond more quickly; pivot when the macro-environment demands it; and adapt, so they can respond to future events better."

"Taking a unified approach to security and observability helps address these challenges," he continues, "because it enables SecOps, ITOps and DevOps to work in tandem — not in silos — to proactively maintain business resilience and keep these adverse events at bay without slowing down innovation."

"The convergence is being driven by the general realization that observability and security are really two sides of the same coin," adds Glenn Gray, Director of Product Marketing at Auvik. "Simply put, you cannot properly secure IT infrastructure that you do not fully understand or regularly monitor. If one accepts that notion, then observability becomes a key component of any good IT infrastructure security strategy."

Combining observability and security is no longer an option — it is a necessity, warns Amit Shah, Director of Product Marketing at Dynatrace. "Providing observability context to security data can help organizations find issues that have escaped into runtime and enable teams to focus on what really matters. Additionally, observability-driven security can provide an additional layer of protection to catch threats that perimeter security solutions miss."

Cloud Drives Convergence

More specifically, some experts focus on cloud migration as the driving factor behind the convergence between security and observability.

Amit Shah of Dynatrace says, "Increased digital transformation is happening in hybrid and multicloud environments, which are dynamic, complex, and create an explosion of data. Using traditional approaches, it is difficult for organizations to react quickly to changing cloud environments and evolving security threats."

Shah cites the 2023 Global CISO Report from Dynatrace, which shows that more than two-thirds (68%) of CISOs say vulnerability management is more difficult because the complexity of their software supply chain and cloud ecosystem has increased.

"To address these challenges, leading organizations are turning to AI-driven solutions that converge observability and security capabilities," he continues. "These tools enable increased visibility across complex cloud environments and provide precise information so that organizations can automatically identify and reveal the impact of security vulnerabilities in real-time, freeing them up to focus on delivering faster, more secure innovation."

Chaim Mazal of Gigamon adds, "I believe the two key drivers of this overlap are the swift shift to the cloud coupled with the increasing levels of sophistication of the threat actors across today's continuously evolving threat landscape. It is becoming vitally important that NetOps, SecOps, and even DevOps teams work together to ensure cloud security. And this, in turn, requires increasing levels of visibility across hybrid and multi-cloud infrastructure. Technology organizations will be well served to bring network context to their observability tools to detect threats in real-time and mitigate exposure to risk."

All About the Data

Most experts agree that the observability data is what makes convergence compelling, from the security point of view.

Kirsten Newcomer, Director, Cloud and DevSecOps Strategy at Red Hat says, "The convergence is driven by the reality that both solutions need similar data sets and need to answer similar questions about running systems and are using similar technologies for cloud-native, Kubernetes environments."

"The single biggest driver of this convergence is that the IT teams involved with observability have the data, and they must share it with security teams so they can investigate critical threats," adds Adam Hert, Director of Product at Riverbed. "IT teams are collecting extremely large data volumes while, at the same time, gathering additional data from the APM and network sectors. It does not make sense for organizations to do that twice. Observability teams are winning the race when it comes to data gathering, but they need to share that with security teams to boost efficiencies and combat worsening threats and breaches."

An interesting trend is the need for shared visibility into key enabling apps and IT infrastructure technologies from both an operational and security standpoint, and Kubernetes is a primary example, according to Asaf Yigal, CTO of Logz.io. "No matter what model or teams you support internally, there's a shared interest in the performance and security of technologies like Kubernetes that are so fundamental to modern apps and infrastructure. In some cases this is driving greater convergence from a monitoring and observability standpoint, as in shared responsibility for analysis, investigation and response workflows."

Prashant Prahlad, VP of Cloud Security Products at Datadog says, "The added context from the observability data helps customers detect attacks and identify issues sooner than before. Further, the same observability data helps users identify and remediate security issues more quickly than before. Finally, the individuals responsible for observability (SRE/devops) are the ones most familiar with the applications and can resolve security issues sooner than a centralized security team that operates more broadly."

The Big Data Dilemma

Experts also say that convergence of observability and security efforts can help SecOps teams deal with the deluge of data collected across the enterprise.

"With so many tools, vendors, data sources, and technologies, security teams are flooded with mounds of data to sift through," says Esteban Gutierrez, CISO & VP, Information Security at New Relic.

Buddy Brewer, Chief Product Officer at Mezmo explains, "Organizations have been dealing with the challenge of handling an ever-increasing amount of data moving through their systems for a long time. The explosion of log data from cloud environments, stemming from more applications than ever, has overwhelmed many teams — especially security teams."

Brewer goes on to say that organizations realize they need a unified approach to manage telemetry data, both for security and observability. "Challenges such as too much data, data in the wrong format, and data not available to the right teams and applications are common for development, SRE, and security teams. Organizations must have a unified approach to manage the data and make it actionable to reduce MTTD/MTTR. This approach allows security teams to find attacks early and have the data needed to implement fixes before it becomes unmanageable."

Ajit Sancheti, GM, Falcon LogScale at CrowdStrike, agrees, "With the speed of business becoming increasingly faster and adversaries becoming more sophisticated, combining security and observability tools will allow organizations to efficiently operationalize the massive amounts of data currently being generated to better understand the activity inside their IT environments."

Why Now?

After all this discussion, we start to get an answer to the question: Why is the convergence of observability and security heating up now?

"Why now?" Mike Loukides of O'Reilly Media responds. "I don't think that's the right question. Why not three years ago? Giving the security team more data to work with can only be a good thing, and it's surprising it's taken that long to catch on."

Go to: Exploring the Convergence of Observability and Security - Part 2: Logs, Metrics and Traces

Pete Goldin is Editor and Publisher of APMdigest

The Latest

Businesses that face downtime or outages risk financial and reputational damage, as well as reducing partner, shareholder, and customer trust. One of the major challenges that enterprises face is implementing a robust business continuity plan. What's the solution? The answer may lie in disaster recovery tactics such as truly immutable storage and regular disaster recovery testing ...

IT spending is expected to jump nearly 10% in 2025, and organizations are now facing pressure to manage costs without slowing down critical functions like observability. To meet the challenge, leaders are turning to smarter, more cost effective business strategies. Enter stage right: OpenTelemetry, the missing piece of the puzzle that is no longer just an option but rather a strategic advantage ...

Amidst the threat of cyberhacks and data breaches, companies install several security measures to keep their business safely afloat. These measures aim to protect businesses, employees, and crucial data. Yet, employees perceive them as burdensome. Frustrated with complex logins, slow access, and constant security checks, workers decide to completely bypass all security set-ups ...

Image
Cloudbrink's Personal SASE services provide last-mile acceleration and reduction in latency

In MEAN TIME TO INSIGHT Episode 13, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses hybrid multi-cloud networking strategy ... 

In high-traffic environments, the sheer volume and unpredictable nature of network incidents can quickly overwhelm even the most skilled teams, hindering their ability to react swiftly and effectively, potentially impacting service availability and overall business performance. This is where closed-loop remediation comes into the picture: an IT management concept designed to address the escalating complexity of modern networks ...

In 2025, enterprise workflows are undergoing a seismic shift. Propelled by breakthroughs in generative AI (GenAI), large language models (LLMs), and natural language processing (NLP), a new paradigm is emerging — agentic AI. This technology is not just automating tasks; it's reimagining how organizations make decisions, engage customers, and operate at scale ...

In the early days of the cloud revolution, business leaders perceived cloud services as a means of sidelining IT organizations. IT was too slow, too expensive, or incapable of supporting new technologies. With a team of developers, line of business managers could deploy new applications and services in the cloud. IT has been fighting to retake control ever since. Today, IT is back in the driver's seat, according to new research by Enterprise Management Associates (EMA) ...

In today's fast-paced and increasingly complex network environments, Network Operations Centers (NOCs) are the backbone of ensuring continuous uptime, smooth service delivery, and rapid issue resolution. However, the challenges faced by NOC teams are only growing. In a recent study, 78% state network complexity has grown significantly over the last few years while 84% regularly learn about network issues from users. It is imperative we adopt a new approach to managing today's network experiences ...

Image
Broadcom

From growing reliance on FinOps teams to the increasing attention on artificial intelligence (AI), and software licensing, the Flexera 2025 State of the Cloud Report digs into how organizations are improving cloud spend efficiency, while tackling the complexities of emerging technologies ...

Today, organizations are generating and processing more data than ever before. From training AI models to running complex analytics, massive datasets have become the backbone of innovation. However, as businesses embrace the cloud for its scalability and flexibility, a new challenge arises: managing the soaring costs of storing and processing this data ...