Digital Resilience for State and Local Governments (Part One)

The digital systems that once only helped support organizations in meeting resident expectations are now responsible for handling the vast majority of interactions with residents. And residents don't care how complicated a digital system is or the challenges in keeping it performant — they just want it to work.

Ensuring systems work can be anxiety-inducing. Our world is filled with evolving threats, compromises, system stressors and other adverse events that all have the ability to grind operations to a halt.

We can do a lot to strengthen our digital systems and detect and prevent many bad things from happening. But the reality is, sometimes they will.

There are three key challenges getting in the way of agencies and organizations being digitally resilient:

• The complexity of today’s digital systems increases risk
• Siloed tools and teams impede detection and response
• Going from just reacting to events to proactively getting ahead of the next incident or preventing it before it happens is difficult and requires both a culture and technology shift

The complexity of today’s digital systems: To keep up with the rapid pace of change, most large organizations now have sprawling interdependent hybrid and multi cloud technology stacks that often rely on third-party services. In most cases public sector teams are also dealing with legacy systems that take up time and require greater effort to maintain. These complex systems have more points of failure and larger attack surfaces that threat actors can exploit.

Siloed tools and teams: Even within teams, disparate tools get in the way of giving analysts and engineers the comprehensive visibility and insights they need to solve problems. This problem gets even worse when teams need to work together. Many IT and security issues start out looking the same way — a service is down or degraded. When a security analyst, IT analyst and engineer need to work together, they are often frustrated by the inability to work off of the same data or leverage the same searches or playbooks because they have disparate tools that don’t work well together. Without a shared understanding of the data and the ability to collaborate, teams can’t effectively spot and solve problems and ultimately deliver the best and safest experiences to their residents.

Going from reactive to predictive: Teams are often stuck in reactive “fire-fighting” mode that holds them back from more holistically solving issues and being more proactive about threats and incidents. Evolving from just reacting to events to instead proactively getting ahead of the next incident is often difficult for teams to prioritize amid alert storms. Splunk leverages our legacy of ML to provide the next generation of AI capabilities to allow agencies to be proactive and predictive to get ahead of problems and even prevent incidents from happening.

The complexity of today’s IT systems make it hard to figure out the root cause of an incident when SecOps, ITOps, Engineering teams aren’t working together. As an example you may have come across before, let’s imagine your website goes down. Alerts go off left and right. You see a traffic spike. Was it a DDoS attack? A real demand spike? A misconfigured API?

SecOps might start investigating with one set of data while ITOps and Engineering begin working on the same problem with their own tools that don’t speak the same language or share data. This process obviously isn’t the most efficient way to deal with an incident as teams are often forced to investigate the same problem with different sources of truth and with different methodologies. This inability to work across teams slows down response time and means incidents may cause greater mission impact. With Splunk, you can get comprehensive visibility across your digital systems — with mission context and without data sampling. SecOps, ITOps and Engineering teams can visualize data and dependencies across the entire technology stack. Building on this visibility, Splunk provides robust capabilities to quickly and accurately determine root cause and impact radius, so you can accurately prioritize incidents for response.

Organizations can automatically detect and remediate many incidents before they become major issues. When incidents require human response, Splunk provides advanced, guided troubleshooting that tells users which alerts are critical, where to look, and how things could be impacted downstream. And when teams need to collaborate to investigate or respond to incidents, a shared data context, with common query language and visualization tools, protects against “lost in translation” problems, enabling SecOps, ITOps and Engineering teams to easily build on each other's work and minimize churn.

Siloed data and teams are being exploited by threat actors. This is a vulnerability that security teams are well aware of, but haven’t had a platform or process to easily close that gap. Splunk is data source agnostic, and works across your complex, hybrid tech landscape, and legacy systems. This enables Splunk to provide your teams comprehensive visibility of their data with an end to end view, with mission context, without data sampling. Building on this visibility, Splunk provides robust capabilities that power rapid detection, investigation and helps optimize responses. Teams can collaborate through the lifecycle of an incident more easily with shared data and tooling. Splunk empowers organizations to prevent incidents from becoming major issues with comprehensive visibility into their systems, surfacing key risks and detecting issues so teams can respond before they become major incidents. Splunk helps remediate threats and disruptions faster. No matter how effectively you prevent incidents, issues are bound to occur. With Splunk, organizations improve MTTD and MTTR so they can get back up and running faster.

Because anything can cause a service degradation or outage and collaborative teams can improve detection, investigation and response when they work off of shared data. Data is the common language of resilience. Our analysis of our customers’ data shows there is up to 85% overlap between Security and Observability data. Having common data visibility simplifies cross-team collaboration to proactively prevent incidents from becoming major issues, remediate faster and adapt quickly. All empowering teams to do their best work. The platform creates resilience by being extensible and customizable, with thousands of Splunk-built and partner built apps and integrations,allowing for smooth collaboration between teams using a shared set of data and processes.