While cybersecurity and observability teams have wildly different functions, they're both in the business of digital resilience. Bringing the two teams together makes business sense: costs go down (through consolidating tools), incidents get addressed faster, and downtime happens less. Per Splunk's 2024 State of Security, many organizations already recognize the advantage of the two functions' partnership, as 76% of organizations with advanced security practices say they've increased collaboration with IT operations this past year.
Empowering cybersecurity and observability to work hand in glove is worth the effort, but it requires leaders to address challenges with culture and buy-in. How will you get support from the board, as well as from the respective teams? How do you drive cohesion across two teams with vastly different cultures and tech stacks?
At Unisuper, we underwent our own integration journey, as we consolidated tools and leadership for both cybersecurity and monitoring — and then proceeded to merge the teams entirely. During our transformation, we encountered some of these very challenges. Here are some ways we addressed them head-on and made it through to the other side.
Support for integrating security and observability practices starts with having a vision. It's important to communicate in business terms why it makes sense to merge the two teams and how it would shape business outcomes. It's also critical to explain how consolidating tools and working off the same dataset across both teams fuels comprehensive insights and better decision-making. Also, clarify how these ultimately accelerate time to identify and resolve incidents that could rock the bottom line — especially as downtime can cost companies an average of $540,000 per hour.
To get buy-in from the cybersecurity and observability teams, they must also understand the value of the integration. Demonstrate how it accelerates time to detect and identify incidents, provides access to shared data, and ultimately helps both teams do their jobs better — defend the organization and keep every application running and every light on.
Additionally, uniting the two functions also provides unique opportunities for upskilling. Once we brought the teams together at Unisuper, those working on observability gained cybersecurity experience, which broadened their skillsets and knowledge.
Bringing two teams together also entails bringing together two distinct cultures. For a truly successful integration, the teams need to transition from operating independently to collaborating as one unit, united in mission.
Put cross-functional team engagements on the calendar and get your teams together, so they build shared experiences and have a shared purpose.
In the case of Unisuper, I led both information security and monitoring teams, which made it easier to spearhead and foster cross-functional team interaction. Whatever the situation, it's the leaders at the helm who need to make collaboration a priority and ensure that cross-functional partnerships occur regularly.
Integrating security and observability also means that their data is unified, creating a larger data volume for the team to sift through on a daily basis. And this amount of information is only rising, as businesses evolve, infrastructures expand, and new platforms and systems get introduced.
Already, more than a quarter of security analysts (26%) say they have trouble keeping up with alerts.
The biggest challenge of having consolidated teams is that they have to look at combined incidents, and so burnout is a very real possibility. After the integration at Unisuper, we used automation and playbooks to help the team stay engaged and filter out the noise. This enabled analysts to focus on solving higher-priority problems — and we're considering using AI tools in the future too.
Uniting cybersecurity and observability is, at the end of the day, far more than a merging of tools and workflows. It's the union of two teams and two cultures that are ultimately on the same mission — and can achieve that mission better together.
For more perspectives from security, IT, and engineering leaders delivered straight to your inbox, sign up for our monthly Perspectives by Splunk newsletter.
The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.
Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.