With input from industry experts — both analysts and vendors — this is the final installment of the 8-part blog series exploring the convergence of observability and security.
Start with: Exploring the Convergence of Observability and Security - Part 1
Start with: Exploring the Convergence of Observability and Security - Part 2: Logs, Metrics and Traces
Start with: Exploring the Convergence of Observability and Security - Part 3: Tools
Start with: Exploring the Convergence of Observability and Security - Part 4: Dashboards
Start with: Exploring the Convergence of Observability and Security - Part 5: Teams
Start with: Exploring the Convergence of Observability and Security - Part 6: Challenges
Start with: Exploring the Convergence of Observability and Security - Part 7: Advantages
So, has this blog series exploring the convergence of observability and security encouraged you to move your IT department in this direction? If this is the case, the experts offer a few tips:
Set the agenda from the top
Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at Enterprise Management Associates (EMA): "CIOs and CISOs have to set the agenda. They need to make it clear from the top that these groups need to converge or collaborate. Most technical personnel believe that their leaders are only doing a so-so job on this. It starts by mandating that teams adopt formalized best practices and policies for how they're going to work together."
Use the player or download the MP3 below to listen to EMA-APMdigest Podcast Episode 2 — Shamus McGillicuddy talks about Network Observability, the convergence of observability and security, and more.
Click here for a direct MP3 download of Episode 2 - Part 1
Communicate
Asaf Yigal, CTO of Logz.io: "At the end of the day, it is all about communication. If you are employing a shared platform for observability and security, where and how do you take the available information and turn that into meaningful actions? The new channels that need to be established to communicate something like Kubernetes security across Dev, Sec and Ops, are a good place to start."
Yigal adds: "When a security issue is found, who is able to mitigate that risk? Who understands the impact of the related service on critical business ops? And who can or should prioritize response? These are the questions that need to be considered and refined as we move forward. It's always an iterative process and ideally an agile approach. The success of this is always going to revolve around clear lines of communication."
Collaborate
Gregg Ostrowski, CTO Adviser at Cisco AppDynamics: "Successfully merging security and observability will require technologists to shift their culture. Security, developer and ITOps teams may be used to operating in silos, but they will need to collaborate as one team when combining security and observability strategies."
Kirsten Newcomer, Director, Cloud and DevSecOps Strategy at Red Hat: "The best advice I can offer is that it's important to work to collaborate across teams during evaluation of such solutions. Especially if those teams have traditionally been silo'd."
Esteban Gutierrez, CISO & VP, Information Security at New Relic: "My effectiveness as a cybersecurity leader is wholly dependent on the effectiveness of my team. With that in mind I coach my teams to hold as a key principle that their first job is relationship management. The investments we make in cybersecurity controls, policies, procedures can have a profound impact on the ability for all employees in a company to do their work, deliver on business commitment, and corporate goals. When we partner with them as collaborators for how we spend our investments, we see much greater buy-in and much greater value from those investments because that collaboration allows us to truly meet the needs of the business with greater trust and security."
Foster a culture of shared responsibility
Roger Floren, Principal Product Manager at Red Hat: "Aim for a culture of shared responsibility for both security and performance and have training- and knowledge-sharing days."
Build a culture of continuous transformation
Colin Fallwell, Field CTO of Sumo Logic: "Build communities of practice and build a culture that embraces continuous transformation. Find variability and stomp it out by mapping the value streams, consistently measuring the processes that enable them and continuously improving them."
Reorganize Middle Management
Shamus McGillicuddy from EMA: "It may also require some reorganization or convergence of groups. More likely it may require some reorganization of middle management, since middle managers are going to resist these changes (They want to protect their power)."
Develop Security Talent within DevOps
Prashant Prahlad, VP of Cloud Security Products at Datadog: "For companies that want to converge security and operations, they should start by developing security talent within DevOps teams through training — it is a career growth opportunity and will help with retention."
Prahlad adds: "Teams should also ensure that the security bar is as high (if not higher) with teams converged as it was when the security function was centralized. Finally, the DevOps team members who become security experts should represent the team for any and all security-related matters. This will allow them to evangelize the approach externally."
Shift Left
Colin Fallwell of Sumo Logic: "Shift left security into the assembly line of developing, building, testing, and shipping software."
Buddy Brewer, Chief Product Officer at Mezmo: "To move forward, organizations need to start by incorporating security processes into their software development lifecycle. They should establish new processes with security, developer, and ITOps teams working together with the same data."
Amit Shah, Director of Product Marketing at Dynatrace: Organizations are struggling to achieve the mindset shift required to maximize the impact of DevSecOps approaches. It's not enough to simply make developers responsible for security in pre-production. They must also be empowered to ensure their applications continue to run securely in production. To achieve this, organizations need technologies that can connect development and runtime security to eliminate blind spots and improve governance throughout the software delivery lifecycle.
Provide Support and Resources
Joe Byrne, VP of Technology Strategy and CTO Adviser at Cisco AppDynamics: "Organizations should be certain their technologists are prepared for the cultural shift by offering them the support and resources needed to expand their skillset and operate effectively as an integrated team."
Find Tools that integrate
Adam Hert, Director of Product at Riverbed: "IT teams don't have to find a single solution that does all this in once — you simply won't find a strong SecOps and observability tool all in one package. When you shop around for tools separately, make sure the tools integrate properly. And, most importantly, make sure all teams can get the data they need from the observability tool."
Use a Single Platform
Ajit Sancheti, GM, Falcon LogScale at CrowdStrike: "For organizations looking to pursue an observability and security approach, we highly recommend that they consider a single platform to meet their security and observability needs. Also, during the process of selecting a single vendor for observability and security, they should make sure the vendor addresses their performance, scale, latency and budget requirements. Most importantly, organizations should ensure that their roadmap and vision aligns to the needs of the various teams that will be using the product, including DevOps, ITOps and SecOps."
Avoid Vendor lock-in
Colin Fallwell of Sumo Logic: "Invest in vendors that you can opt into, and don't lock you in with proprietary methods of telemetry collection."
Use an Enterprise Telemetry Pipeline
Buddy Brewer of Mezmo: "Organizations should consider tools such as enterprise telemetry pipelines that bring all data together, transform data, and route it to the right teams to break down the silos and create a true single source of truth for all teams."
Use AI and Automation
Amit Shah of Dynatrace: "Enlist trusted AI and extensive automation to minimize the manual effort of vulnerability management and free developers to focus on the tasks that are core to their role, unlocking the true potential of DevSecOps."
Share budgets
Shamus McGillicuddy from EMA: "IT leaders need to make it clear that these groups can and should share budgets on investments that help them work together (converged tools, better data collection engines, etc.)."
Don't be Frupid
Take the 2023 SRE Survey
Leo Vasiliou, Director of Product Marketing at Catchpoint: "Don't be frupid (portmanteau of frugal and stupid) when evaluating capabilities. They are the gateway to positive business outcomes, which are more valuable than dollar cost on a piece of paper will indicate."
Conclusion
After exploring the convergence of observability and security, my final question to the experts was: What is the timeframe for convergence?
"Talking about timeframes is a very easy way to be wrong," Mike Loukides, VP of Emerging Tech Content at O'Reilly Media answered. "I'm sure complete convergence has already happened for some organizations on the leading edge. And some organizations will never make it. Lately, I've been quoting Eben Hewitt (CIO, Hyatt) a lot: 'No technology has succeeded until it's become a cargo cult.' On the trailing edge, we'll see a lot of companies that claim convergence between operations and security, but have only renamed their old processes. That will be dangerous."
"The great news is that as I speak to IT leaders, they are already converging on the notion of bringing their NetOps, SecOps and even DevOps teams together," says Chaim Mazal, Chief Security Officer at Gigamon. "Many clearly see the immediate advantages of gaining deep observability across their hybrid and multi-cloud infrastructure and understand the critical importance of delivering defense in depth. I fully expect this trend will accelerate in the coming year, faster than any of us might anticipate."
"The combination of security and observability is quickly gaining momentum, and as organizations continue to expand, it will become a standard in no time," says Gregg Ostrowski from Cisco AppDynamics.
Amit Shah of Dynatrace cites research showing 88% of CIOs say the convergence of observability and security practices will be critical to building a DevSecOps culture, and 90% say increasing the use of AIOps will be key to scaling up these practices. The convergence of observability and security is already an essential practice, however, the proliferation of the cloud will only increase its necessity.
On the other hand, Adam Hert of Riverbed warns that convergence is going to take a long time. "It is happening now but will take several years to achieve complete convergence. We have been talking about this for the past 15-20 years and the industry is still working through it."
Buddy Brewer from Mezmo responds, "It may take years as they are likely sitting on mountains of data, hundreds of data sources and observability and security platforms, and dozens of cross-functional use cases to have a unified approach. On the other hand, SMBs where many times the CIO and CISO are the same person, can transition much faster as they are more agile and can adjust quickly to the convergence."
"As for the timeframe, it's already happening," Fallwell of Sumo Logic reiterates. "As data convergence continues to accelerate, schemas will continue to standardize, and Artificial Intelligence, Machine Learning, and Machine Reasoning will continue to accelerate. As with just about every technology, there is always the promise of a better tomorrow."
