You've heard of continuous integration, continuous deployment, and continuous development. Now, there's a new "continuous" buzzword in town: continuous monitoring. By emphasizing real-time detection of risks — especially, but not solely, security risks — on an ongoing basis, continuous monitoring helps businesses operate as efficiently and proactively as possible.
Here's a look at what continuous monitoring means, how it works, why it's beneficial and how to get started implementing continuous monitoring.
What is continuous monitoring?
Continuous monitoring is the ongoing detection of risks and problems within IT environments.
Traditionally, continuous monitoring (which is also sometimes called ConMon) has referred to the detection of security- and compliance-related risks in particular. The concept has been promoted by security organizations like NIST. That said, continuous monitoring doesn't need to be limited strictly to security monitoring. Other types of monitoring — such as infrastructure and application monitoring — can also be continuous if they focus on immediate, ongoing detection of problems.
Components of continuous monitoring
At this point, you may be thinking, "Hasn't monitoring always been continuous? What makes continuous monitoring different?"
Those are fair questions to ask. Almost all monitoring operations typically aim to be relatively continuous, in the sense that they collect and interpret data on an ongoing basis. It's not as if you would monitor your applications by checking in on them only once a day, for example, or monitor your network for security threats only on Tuesday afternoons. You'd do those things continuously and indefinitely.
What makes continuous monitoring significant as a standalone concept, however, is that it places a strong emphasis on three key factors:
- The collection and analysis of data in real time, as opposed to analyzing data after it has been collected or performing periodic audits.
- The ability to respond to monitoring data and insights proactively, instead of collecting data and only later deciding how to react to it.
- The ability to collect and analyze all data, as opposed to sampling data or collecting data only at periodic intervals.
So, whereas a conventional approach to, say, cloud security monitoring might involve periodically auditing the configurations of workloads to check for security risks, continuous cloud security monitoring would mean both:
- The constant, ongoing analysis of configurations
- The ability to react immediately to any configuration changes deemed risky
Likewise, whereas traditional application and infrastructure monitoring might involve collecting and analyzing metrics at fixed intervals – such as once a minute – continuous monitoring would mean collecting and analyzing data in true real time.
(Explore the four golden signals of monitoring.)
Benefits of continuous monitoring
By taking a proactive approach to monitoring and focusing on collecting and analyzing all available data, continuous monitoring provides several important benefits:
- Greater visibility. By avoiding data sampling and periodic analysis, continuous monitoring maximizes your visibility into whatever you are monitoring.
- Leverage data more effectively. Continuous monitoring helps ensure that monitoring yields actionable insights instead of just revealing information that you can no longer use because it's outdated or incomplete.
- Minimize the scope of failures. Because continuous monitoring helps teams to get ahead of risks, it minimizes the chances of failures that could cause serious harm to users or the business.
- Move faster and more accurately. Continuous monitoring helps businesses to implement changes more quickly, while simultaneously lowering the risk associated with change. When you can detect problems quickly, you can move quickly without unforeseen consequences.
Continuous monitoring and DevOps
If the benefits of continuous monitoring sound similar to the benefits of continuous software delivery, it's because they are. In many ways, the idea and goals of continuous monitoring are the same as those of continuous delivery. Both strategies aim to help businesses move faster and operate more efficiently while also keeping risks in check. (That's why continuous monitoring is sometimes also known as DevOps monitoring.)
For that reason, it's only natural for organizations that take a DevOps approach to software delivery to adopt a continuous monitoring strategy, too. Although, as noted above, the concept of continuous monitoring emerged out of the security community rather than the DevOps world, continuous monitoring is an obvious complement to continuous software delivery.
Getting started with continuous monitoring
Like any innovative concept in the world of IT, continuous monitoring is not something you can just buy or turn on. Nor can you implement it using a specific tool or by setting up a certain process.
Instead, implementing continuous monitoring requires teams to configure the right mix of tools and processes to meet their monitoring goals.
1. Determine what need continuous monitoring
Start the process by determining what you want to monitor continuously. In many cases, you can't actually monitor every resource and environment continuously because doing so would require too many resources.
So, identify where continuous monitoring will offer the greatest benefit for your organization, and focus your efforts on that context.
2. Deploy the right tools
You'll next need to deploy tools that enable continuous monitoring. You can use a variety of tools for this purpose, but you'll want to make sure they are capable of collecting data in real time, as well as collecting all data (instead of sampling).
3. Enable agile reactions
Finally, the third key element in continuous monitoring is to make sure you can react quickly to monitoring insights.
Developing playbooks that define how you'll respond to different scenarios is one step toward this goal. Equally important is ensuring that everyone who needs access to monitoring data and insights has that access, because it's hard to react in real time when monitoring data is not visible to everyone.
Continuous monitoring is fundamentally different
Although continuous monitoring may not sound very innovative – monitoring has always been continuous, in one sense of the word – it actually encourages a fundamentally new approach to collecting and analyzing data. It helps teams not only to maximize visibility, but also to respond to issues as proactively as possible. Which should be the ultimate goal of any monitoring operation.
What is Splunk?
This article was written by Chris Tozzi. Chris has worked as a Linux systems administrator and freelance writer with more than ten years of experience covering the tech industry, especially open source, DevOps, cloud native and security. He also teaches courses on the history and culture of technology at a major university in upstate New York.
This posting does not necessarily represent Splunk's position, strategies or opinion.