Skip to main content
false
shared header v2
Lucid Search Bar Implementation
Push Down Banner V1 Analytics Patch, remove after implementing V2 (S9 or S10)
Global nav V2 patch, remove after adding the mobile languages fix in the codebase (S7 or S8)

Perspectives Home / TRENDS

“Observability” Isn’t Enough To See and Secure Your Systems. Here’s What You Need Instead

Exploring and securing the fragmented, federated edges and corners of your corporate network is an active undertaking. Here are three steps that go beyond passive observability — and why observability deserves executive sponsorship.

A headshot of Richard Marshall, Founder of Concept Gap LLC.

You can’t secure what you can’t see, and you can’t operate what you don’t know exists.

Gary Steele, .conf23 mainstage

Do you stay awake at night, wondering what might be going wrong on your corporate network? Are the unknown vulnerabilities and mysterious-yet-critical applications haunting your dreams? Do you wake in a sweat over those subscription products business users are secretly using? Don’t just stand back and watch what is happening through regular, passive observability, but engage in powerful active observability.

Unwanted complexity is the curse of modern businesses. Organic growth and constant change both inside and outside the organization inevitably will tangle things no matter how neatly they were put together in the first place. Observability is a critical approach to understanding what is on the network, but active observability takes it a step further by taking a role in keeping a lid on the ever-threatening chaos. Here are a few considerations to achieve it.

1. Expand your asset classes

It sounds obvious to say that the first step is to catalog the assets on the network, but the first step is to actually identify the different classes of assets that need managing. In the past it used to be a case of sticking asset numbers onto boxes, but in our multi-cloud, federated world we need to broaden our concept of assets to include the virtual as well as physical. Ideally that list will include: applications, servers, networks, cloud providers, subscription services, data in all its forms, configurations for everything, certificates and chains, security tools and appliances, operating environments, development pipelines, API endpoints, serverless compute, source code and more. Include it if it is involved in computing.

We must reflect the blurring boundaries between capital and operational assets in how executives think about their business. While this change has been going on for many years, all too many people still think of servers as “the computer in the cupboard” and networks as simply cabling. This model precludes an understanding of the inherent vulnerabilities in our modern networks full of edges and connections, let alone the implications of including software in the mix.

2. Watch and learn

Observability tools are night sights for CIOs, letting them peer into the darkest recesses of their organization. As I mentioned before, documentation cannot keep up with change — staff often do not have the time, or indeed the inclination, to record every update. Each one feels small and unimportant, but they accumulate rapidly to the point where those lovingly-created Visio charts become more dangerous than useful when navigating the resources out there.

Observability tools are night sights for CIOs.

Tools enable dynamic discovery and tracking, removing at least some of the burden from the SOC and NOC teams, but they are only part of the approach. Using them to maintain the asset catalog and look inside the black box that keeps the business running provides huge benefits immediately, but is still missing an opportunity. We can use observability to unify the organization. 

3. Engage, act and unify

Tools can provide the necessary visibility for powering an active, engaged approach that delivers unified computing to support a unified enterprise. Despite years of attempts at digital transformation, organizations are still struggling with silos. We’ve even created new, fully-digital silos by deploying different applications across different cloud providers. That’s why now is the time to change your approach.

Knowing where to start is always the toughest part of any new approach. Bringing together the diverse parts of a business will require diplomacy and tact, so where better to start than with our own, internal IT silo? Activating our own operational data is a great first step towards active observability. We all recognize that data and how it flows through an organization is hugely important, but do we treat it with the respect and importance it deserves? Probably not. As a first act of active observability, build a dashboard showing the ebb and flow of the business lifeblood, its volume, its routes and how much control the business now has over it. 

Share that dashboard with the rest of the business to demonstrate the value of active observability. Directly showing how poor network performance impacts sales for an ecommerce site is a perfect example of the power of linking the operational and transactional data. This will help convince them they need to join the movement, bringing it all together for efficiency and above all, digital resilience across the entire business.

Read more Perspectives by Splunk

SEPTEMBER 20, 2023  •  21 minute watch

Want To Lead Cross-Functional Teams? Rethink the Concept of "Digital Resilience"

Preventing both observability and security incidents require holistic thinking, cross-functional teams and cultural changes. Splunk's Matt Swann and Patrick Coughlin discuss with analysts Daniel Newman and Pat Moorhead.

OCTOBER 6, 2023  •  22 minute watch

Subtle Ransomware Tactics, More Regulation on the Horizon for Security Leaders

Today’s security leaders are facing technical challenges, including a shift to specified, “surgical” ransomware tactics. But as the CISO’s role moves into the spotlight, business-level concerns rise to the top of the priority list.

JULY 11, 2023 • 7 minute read

The Executive Imperative To Innovate With Resilience

IT and security leaders have a perilous balancing act to manage. Mandates from the top say everything must be cutting edge, but secure. If apps don’t have AI in them, you’re fired — but also, please don’t let AI undermine our business. What’s a CxO to do?

Get more perspectives from security, IT and engineering leaders delivered straight to your inbox.