On November 5, 2013, National Association of State Chief Information Officers (NASCIO) released a member service document representing the top 10 state CIO priorities for 2014. The list presents no surprises as state CIOs try to do more with less extracting the most value out of every dollar, providing constituent services, protecting customer data and preventing data breaches. The list is almost a mirror image of the benefits our customers are seeing with Splunk. I won’t go through the whole list but lets look at the top three.
Security is the number one priority for state CIOs in 2014:
“Security: risk assessment, governance, budget and resource requirements, security frameworks, data protection, training and awareness, insider threats, third party security practices as outsourcing increases, determining what constitutes “due care” or “reasonable.”
Splunk addresses agency risk by being able to combine data from traditional IT operations, application managing, and traditional security use cases to help agencies maintain service availability. The only way to be able to respond quickly to outages that can be either a security or operational issue are to have both sets of data in Splunk and use it a common platform. Placing security, operational, and application data in Splunk allows teams to not only know something happened but have the context to know why something happened. Splunk’s statistical analysis commands and the ability to view data in context of data locked in traditional business systems works to support understanding insider threats, outsourcing risks. Splunk itself addresses the log management use case and constitutes a “due care” approach to preserving and utilizing log data as the definitive record of human to machine and machine to machine activities. Splunk also supports continuous diagnostics and monitoring (CDM) for real-time monitoring of critical services and activities.
The next priority on the list is Consolidation / Optimization:
“Consolidation / Optimization: centralizing, consolidating services, operations, resources, infrastructure, data centers, communications and marketing “enterprise” thinking, identifying and dealing with barriers.”
Many Splunk customers tell us that prior to deploying Splunk log data was “everywhere” with multiple log collection systems owned by different groups in different silos. This made using log data to create efficiencies or the ability to gain insight from data impossible. The introduction of Splunk to a single group in the organization and the resulting successes melt cultural barriers between groups. Over time Splunk becomes a data hub for an agency. All of this leads to the “enterprise thinking” so desperately needed in resource constrained governmental agencies. Standardizing on a single product with multiple uses provides for flexibility in staffing. An added benefit is that many more people can bring their expertise to bear on a particular problem and solve it faster.
Rounding out the top three is Cloud Services:
Cloud Services: scalable and elastic IT-enabled capabilities provided “as a service” using internet technologies, governance, service management, service catalogs, platform, infrastructure, security, privacy, data ownership, vendor management, indemnification, service portfolio management.
Splunk is offered as a cloud based service itself and can monitor log data from cloud applications where logs are made available from a service provider. Splunk’s application for Amazon Web Services gives you access to application health data so important in understanding when additional cloud instances need to be turned up. The Splunk for VMware app similarly provides the visibility needed to understand access and monitor for instances that may be no longer needed and can be turned off to reduce licensing costs. Splunk can be the ‘glue’ between services to constituents delivered from on-premise systems and cloud based services. For example, you can follow access to systems by a particular individual from a local system all the way into the cloud. As with log data from local systems, Splunk is the perfect solution for understanding and troubleshooting service availability issues. Finally, Splunk’s command language command ‘Scrub’ allows you to substitute random characters for data that may be deemed private. A good example of this is where salary data may be public information but social security numbers are not.
Big data solutions like Splunk provide the flexibility needed to solve the widest variety of problems, the power to track system, employee and constituent activities, separate private and public data, and break down silos in the organization for faster MTTR across security, IT operations and application management teams.