Gartner Magic Quadrant APM
Free! Get access to Gartner's latest Magic Quadrant for Application Performance Monitoring (APM).
You've heard of continuous integration, continuous deployment, and continuous development. Now, there's a new "continuous" buzzword in town: continuous monitoring. By emphasizing real-time detection of risks — especially, but not solely, security risks — on an ongoing basis, continuous monitoring helps businesses operate as efficiently and proactively as possible.
Here's a look at what continuous monitoring means, how it works, why it's beneficial and how to get started implementing continuous monitoring.
Continuous monitoring is the ongoing detection of risks and problems within IT environments.
Traditionally, continuous monitoring (which is also sometimes called ConMon) has referred to the detection of security- and compliance-related risks in particular. The concept has been promoted by security organizations like NIST. That said, continuous monitoring doesn't need to be limited strictly to security monitoring. Other types of monitoring — such as infrastructure and application monitoring — can also be continuous if they focus on immediate, ongoing detection of problems.
(Compare monitoring with observability.)
At this point, you may be thinking, "Hasn't monitoring always been continuous? What makes continuous monitoring different?"
Those are fair questions to ask. Almost all monitoring operations typically aim to be relatively continuous, in the sense that they collect and interpret data on an ongoing basis. It's not as if you would monitor your applications by checking in on them only once a day, for example, or monitor your network for security threats only on Tuesday afternoons. You'd do those things continuously and indefinitely.
What makes continuous monitoring significant as a standalone concept, however, is that it places a strong emphasis on three key factors:
So, whereas a conventional approach to, say, cloud security monitoring might involve periodically auditing the configurations of workloads to check for security risks, continuous cloud security monitoring would mean both:
Likewise, whereas traditional application and infrastructure monitoring might involve collecting and analyzing metrics at fixed intervals – such as once a minute – continuous monitoring would mean collecting and analyzing data in true real time.
(Explore the four golden signals of monitoring.)
By taking a proactive approach to monitoring and focusing on collecting and analyzing all available data, continuous monitoring provides several important benefits:
If the benefits of continuous monitoring sound similar to the benefits of continuous software delivery, it's because they are. In many ways, the idea and goals of continuous monitoring are the same as those of continuous delivery. Both strategies aim to help businesses move faster and operate more efficiently while also keeping risks in check. (That's why continuous monitoring is sometimes also known as DevOps monitoring.)
For that reason, it's only natural for organizations that take a DevOps approach to software delivery to adopt a continuous monitoring strategy, too. Although, as noted above, the concept of continuous monitoring emerged out of the security community rather than the DevOps world, continuous monitoring is an obvious complement to continuous software delivery.
(Learn about today’s State of DevOps and State of Security.)
Like any innovative concept in the world of IT, continuous monitoring is not something you can just buy or turn on. Nor can you implement it using a specific tool or by setting up a certain process.
Instead, implementing continuous monitoring requires teams to configure the right mix of tools and processes to meet their monitoring goals.
Start the process by determining what you want to monitor continuously. In many cases, you can't actually monitor every resource and environment continuously because doing so would require too many resources.
So, identify where continuous monitoring will offer the greatest benefit for your organization, and focus your efforts on that context.
You'll next need to deploy tools that enable continuous monitoring. You can use a variety of tools for this purpose, but you'll want to make sure they are capable of collecting data in real time, as well as collecting all data (instead of sampling).
Finally, the third key element in continuous monitoring is to make sure you can react quickly to monitoring insights.
Developing playbooks that define how you'll respond to different scenarios is one step toward this goal. Equally important is ensuring that everyone who needs access to monitoring data and insights has that access, because it's hard to react in real time when monitoring data is not visible to everyone.
Although continuous monitoring may not sound very innovative – monitoring has always been continuous, in one sense of the word – it actually encourages a fundamentally new approach to collecting and analyzing data. It helps teams not only to maximize visibility, but also to respond to issues as proactively as possible. Which should be the ultimate goal of any monitoring operation.
This posting does not necessarily represent Splunk's position, strategies or opinion.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.