The Rising Role of Security in Advanced IT Analytics

Dennis Drogseth

In two prior blogs I provided some highlights from EMA's Advanced IT Analytics (AIA) research earlier this year, and explained how AIA goes beyond being just a market. (I haven't changed my opinion there, by the way. Right now I'm using the term "landscape of innovation" for AIA, which many in the industry still call "IT Operations Analytics.") In that second blog, I also explained that AIA isn't just about operations, but rather it's a unifying investment that may well span all of IT and even support a growing number of business stakeholders.

As a quick refresher, the research was done in Q1 of this year, and we spoke to 250 respondents — 150 in North America and 100 in Europe (England, France and Germany). We targeted companies over 500 employees with fairly good spread between those over 20,000 employees and smaller businesses. Our leading verticals were finance and banking, high tech software, manufacturing and retail in that order. We tried not to legislate what our respondents thought AIA was or should be, although we did require high-volume, cross-domain (network, systems, applications, etc.) data collection from many different sources, as well as the application of some level of advanced heuristics. The goal was to find out what actual IT priorities were, not to prematurely force them into a box.

In this blog I'd like to highlight one very critical area of AIA that came out in my research: the growing role of security as an integrated requirement for performance, change and capacity management. The truth is, our EMA research did not approach security as a separate use case, but did include security options in questions regarding data source, triage, and other parameters. In fact only 6% of those participating indicated that security was their job description. This contrasted with 21% in operations planning and design and 10% in IT performance engineering.

Here's a look at some of our respondents' priorities. (Remember that we didn't require security roles or use case to do this research, but instead were focusing on performance, change and capacity management.)

Security led the charge for triage and diagnostics: Security came in first followed by what I'd expected to win — isolating whether the problem was in the application, server, network or database. Isolating infrastructure issues in the network came in third followed by isolating problems in provisioning applications. Security's high ranking surprised me, but when I checked earlier research from 2014, I saw that security (or security information and event management or SIEM) was already tied for first place with triage across the application infrastructure.

Security Information and Event Management also led as a data source: Once again security came in first place, this time followed by Internet of Things (IoT). This was an even bigger surprise given past history, as in 2014 the lead data source was, believe it or not, Excel spreadsheets. In fact, the trend in 2016 indicates much more sophisticated attention to data sources, with business process impacts and application transaction data (for technical and business performance) also topping the charts.

Security tied for first place in domain role support: Security tied, in fact, with systems management followed by application development, database and cloud architecture.

Security led in three of the four top AIA use cases directed at supporting the move to cloud: To be specific, the number one priority for AIA-enabled support for the move to public/private or hybrid cloud was improved network security. This was followed by hybrid cloud optimization, compliance and integrated security and performance. Finally, real-time service performance (the ostensible focus for our research) came in fifth. What this tells me is that the move to cloud though desirable is also a little scary — nothing new there. But what is new, at least to me, is security's growing role as an integrated part of AIA initiatives supporting performance and change.

The ascendance of security in core operations and even ITSM concerns is of interest to me even though I'm not the security analyst at EMA (that's David Monahan). Years ago, well before Dave joined, I worked with our security lead to promote joint research and other initiatives across security, performance and change management. But the reaction ten years ago was a lot of nods and no action. The industry just wasn't ready.

Now, it seems, things are changing and they are changing dramatically. Security, operations and even IT service management are becoming much more closely intertwined than in the past. The reasons for this are manifold and include the move to cloud, the pressures from our "digital age" on more cross-domain ways of working, and the need for managing change in a far more dynamic, less conflicted, and "risk free" (or its pragmatic equivalent) way.

One of the critical catalysts for this is in fact AIA. By bringing many multiple data sources together and applying advanced analytic techniques, AIA is becoming a powerful enabler for truly integrating security and service delivery — two worlds that still have different metrics, processes and cultures, but which are finally seeking to work together in a way that was unprecedented in the past.

For more information, view a video on this data and research.

Dennis Drogseth is VP at Enterprise Management Associates (EMA).

Related Links

Hot Topics

The Latest

How AI Agents Are Reshaping DataOps for the Always-On Enterprise

Enterprises today operate in a real-time environment where uninterrupted access to trusted data has become a baseline expectation for users, applications and automated systems. Traditional DataOps models, built on manual effort and human triage, cannot keep pace with this always active demand. AI agents are emerging as the operational backbone, ensuring consistent data availability, reinforcing trustworthiness and enabling a level of scale that manual processes cannot achieve ...

AI Deepfakes: Rethinking Trust in the Workplace

For decades, trust in the digital workplace rested on familiar signals. We trusted faces on video calls, voices on the phone, and emails that appeared to come from people we knew. These cues felt human and intuitive. They anchored how decisions were made, approvals were granted, and access was authorized. AI-powered deepfakes have quietly broken that model ...

Nine in Ten Enterprises Plan Cloud Data Repatriation amid Rising Cloud Costs and Data Sovereignty Mandates

Cloud migration was supposed to be a one-way door. For most enterprises, it turns out it isn't. Cloud data repatriation is a real and growing trend. A new survey ... finds that 89% of organizations plan to expand their on-premises infrastructure footprint over the next two years — and 75% have already moved at least some workloads back from public cloud in the past 24 months. The findings point to a broad rethinking of where data belongs ...

Why ITOps Need Right-Sized AI, Not Bigger Models

Over the past few years, large language models (LLMs) have revolutionized the software industry. Given their ability to excel at multi-step reasoning, LLMs have helped enterprises streamline workflows and adapt to the unknown. However, employing such models comes with sky-high costs, latency issues, and limited flexibility. In the realm of IT operations, it is generally wiser to employ smaller, domain-specific models instead ...

The End of Reactive DevOps: AI-Driven Observability for Zero-Defect Digital Systems

For years, DevOps teams operated under a simple assumption: collect enough telemetry, and you can find and fix any problem. That assumption is breaking down. Modern enterprises now operate across microservices, hybrid cloud environments, APIs, Kubernetes, and highly automated delivery pipelines. Releases happen continuously, dependencies shift constantly, and failures spread faster than teams can diagnose them ...

5 Takeaways from the Observability Forecast for Media and Entertainment

New Relic surveyed IT and engineering leaders from the media and entertainment (M&E) sector to understand what's working — and where challenges persist with their observability practices. The findings reveal how M&E organizations are navigating rising platform complexity, audience expectations, and AI-driven change. Below are five takeaways that stand out ...

Why Moving Off the Cloud Is the Easy Part and What Comes Next Is Where Things Get Hard

Let me start with something I've seen play out more times than I can count. A team hits a wall with the cloud. Costs creep up, then spike. Performance starts to feel inconsistent. Someone in finance asks a simple question like "why did this double?" and nobody has a clean answer ... Maybe this isn't the right place for everything. That realization feels like a breakthrough, like you've identified the problem. In reality, you've just identified the starting line ...

MEAN TIME TO INSIGHT Podcast - Episode 24: Network Observability Tool Sprawl

In MEAN TIME TO INSIGHT Episode 24, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses network observability tool sprawl ... 

Capacity Isn't a Guess: Observability-Driven Sizing for On-Prem Databases

In cloud-native systems, scaling is often as simple as moving a slider. For on-premise databases, the stakes are different. Over-provisioning hardware is expensive. Under-provisioning leads to performance bottlenecks that are difficult to fix once the equipment is in the rack ...

5 Security Principles Every Entrepreneur Should Apply to Leadership

When most people think about cybersecurity, they picture firewalls, encryption, and access controls — technical tools designed to protect systems and data. But beneath the technology lies a deeper set of principles about trust, decision-making, and resilience ... The best leaders don't eliminate risk. They manage it intelligently. And in many ways, cybersecurity offers a surprisingly useful playbook for doing exactly that ...

The Rising Role of Security in Advanced IT Analytics

Dennis Drogseth

In two prior blogs I provided some highlights from EMA's Advanced IT Analytics (AIA) research earlier this year, and explained how AIA goes beyond being just a market. (I haven't changed my opinion there, by the way. Right now I'm using the term "landscape of innovation" for AIA, which many in the industry still call "IT Operations Analytics.") In that second blog, I also explained that AIA isn't just about operations, but rather it's a unifying investment that may well span all of IT and even support a growing number of business stakeholders.

As a quick refresher, the research was done in Q1 of this year, and we spoke to 250 respondents — 150 in North America and 100 in Europe (England, France and Germany). We targeted companies over 500 employees with fairly good spread between those over 20,000 employees and smaller businesses. Our leading verticals were finance and banking, high tech software, manufacturing and retail in that order. We tried not to legislate what our respondents thought AIA was or should be, although we did require high-volume, cross-domain (network, systems, applications, etc.) data collection from many different sources, as well as the application of some level of advanced heuristics. The goal was to find out what actual IT priorities were, not to prematurely force them into a box.

In this blog I'd like to highlight one very critical area of AIA that came out in my research: the growing role of security as an integrated requirement for performance, change and capacity management. The truth is, our EMA research did not approach security as a separate use case, but did include security options in questions regarding data source, triage, and other parameters. In fact only 6% of those participating indicated that security was their job description. This contrasted with 21% in operations planning and design and 10% in IT performance engineering.

Here's a look at some of our respondents' priorities. (Remember that we didn't require security roles or use case to do this research, but instead were focusing on performance, change and capacity management.)

Security led the charge for triage and diagnostics: Security came in first followed by what I'd expected to win — isolating whether the problem was in the application, server, network or database. Isolating infrastructure issues in the network came in third followed by isolating problems in provisioning applications. Security's high ranking surprised me, but when I checked earlier research from 2014, I saw that security (or security information and event management or SIEM) was already tied for first place with triage across the application infrastructure.

Security Information and Event Management also led as a data source: Once again security came in first place, this time followed by Internet of Things (IoT). This was an even bigger surprise given past history, as in 2014 the lead data source was, believe it or not, Excel spreadsheets. In fact, the trend in 2016 indicates much more sophisticated attention to data sources, with business process impacts and application transaction data (for technical and business performance) also topping the charts.

Security tied for first place in domain role support: Security tied, in fact, with systems management followed by application development, database and cloud architecture.

Security led in three of the four top AIA use cases directed at supporting the move to cloud: To be specific, the number one priority for AIA-enabled support for the move to public/private or hybrid cloud was improved network security. This was followed by hybrid cloud optimization, compliance and integrated security and performance. Finally, real-time service performance (the ostensible focus for our research) came in fifth. What this tells me is that the move to cloud though desirable is also a little scary — nothing new there. But what is new, at least to me, is security's growing role as an integrated part of AIA initiatives supporting performance and change.

The ascendance of security in core operations and even ITSM concerns is of interest to me even though I'm not the security analyst at EMA (that's David Monahan). Years ago, well before Dave joined, I worked with our security lead to promote joint research and other initiatives across security, performance and change management. But the reaction ten years ago was a lot of nods and no action. The industry just wasn't ready.

Now, it seems, things are changing and they are changing dramatically. Security, operations and even IT service management are becoming much more closely intertwined than in the past. The reasons for this are manifold and include the move to cloud, the pressures from our "digital age" on more cross-domain ways of working, and the need for managing change in a far more dynamic, less conflicted, and "risk free" (or its pragmatic equivalent) way.

One of the critical catalysts for this is in fact AIA. By bringing many multiple data sources together and applying advanced analytic techniques, AIA is becoming a powerful enabler for truly integrating security and service delivery — two worlds that still have different metrics, processes and cultures, but which are finally seeking to work together in a way that was unprecedented in the past.

For more information, view a video on this data and research.

Dennis Drogseth is VP at Enterprise Management Associates (EMA).

Related Links

Hot Topics

The Latest

How AI Agents Are Reshaping DataOps for the Always-On Enterprise

Enterprises today operate in a real-time environment where uninterrupted access to trusted data has become a baseline expectation for users, applications and automated systems. Traditional DataOps models, built on manual effort and human triage, cannot keep pace with this always active demand. AI agents are emerging as the operational backbone, ensuring consistent data availability, reinforcing trustworthiness and enabling a level of scale that manual processes cannot achieve ...

AI Deepfakes: Rethinking Trust in the Workplace

For decades, trust in the digital workplace rested on familiar signals. We trusted faces on video calls, voices on the phone, and emails that appeared to come from people we knew. These cues felt human and intuitive. They anchored how decisions were made, approvals were granted, and access was authorized. AI-powered deepfakes have quietly broken that model ...

Nine in Ten Enterprises Plan Cloud Data Repatriation amid Rising Cloud Costs and Data Sovereignty Mandates

Cloud migration was supposed to be a one-way door. For most enterprises, it turns out it isn't. Cloud data repatriation is a real and growing trend. A new survey ... finds that 89% of organizations plan to expand their on-premises infrastructure footprint over the next two years — and 75% have already moved at least some workloads back from public cloud in the past 24 months. The findings point to a broad rethinking of where data belongs ...

Why ITOps Need Right-Sized AI, Not Bigger Models

Over the past few years, large language models (LLMs) have revolutionized the software industry. Given their ability to excel at multi-step reasoning, LLMs have helped enterprises streamline workflows and adapt to the unknown. However, employing such models comes with sky-high costs, latency issues, and limited flexibility. In the realm of IT operations, it is generally wiser to employ smaller, domain-specific models instead ...

The End of Reactive DevOps: AI-Driven Observability for Zero-Defect Digital Systems

For years, DevOps teams operated under a simple assumption: collect enough telemetry, and you can find and fix any problem. That assumption is breaking down. Modern enterprises now operate across microservices, hybrid cloud environments, APIs, Kubernetes, and highly automated delivery pipelines. Releases happen continuously, dependencies shift constantly, and failures spread faster than teams can diagnose them ...

5 Takeaways from the Observability Forecast for Media and Entertainment

New Relic surveyed IT and engineering leaders from the media and entertainment (M&E) sector to understand what's working — and where challenges persist with their observability practices. The findings reveal how M&E organizations are navigating rising platform complexity, audience expectations, and AI-driven change. Below are five takeaways that stand out ...

Why Moving Off the Cloud Is the Easy Part and What Comes Next Is Where Things Get Hard

Let me start with something I've seen play out more times than I can count. A team hits a wall with the cloud. Costs creep up, then spike. Performance starts to feel inconsistent. Someone in finance asks a simple question like "why did this double?" and nobody has a clean answer ... Maybe this isn't the right place for everything. That realization feels like a breakthrough, like you've identified the problem. In reality, you've just identified the starting line ...

MEAN TIME TO INSIGHT Podcast - Episode 24: Network Observability Tool Sprawl

In MEAN TIME TO INSIGHT Episode 24, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses network observability tool sprawl ... 

Capacity Isn't a Guess: Observability-Driven Sizing for On-Prem Databases

In cloud-native systems, scaling is often as simple as moving a slider. For on-premise databases, the stakes are different. Over-provisioning hardware is expensive. Under-provisioning leads to performance bottlenecks that are difficult to fix once the equipment is in the rack ...

5 Security Principles Every Entrepreneur Should Apply to Leadership

When most people think about cybersecurity, they picture firewalls, encryption, and access controls — technical tools designed to protect systems and data. But beneath the technology lies a deeper set of principles about trust, decision-making, and resilience ... The best leaders don't eliminate risk. They manage it intelligently. And in many ways, cybersecurity offers a surprisingly useful playbook for doing exactly that ...