Continuous monitoring of network activity – a foundation of cybersecurity awareness and remediation – is evolving as greater numbers of systems, databases and applications become interconnected. More data, and more sources of data require operators to move monitoring up a notch to achieve a state known as observability.
“Observability is actually an evolution of monitoring,” said Mala Pillutla, the vice president for the observability strategy at Splunk. “Observability is that modern approach to monitoring that provides complete visibility and context across your full stack of infrastructure, applications, and customer experience.”
A special panel discussion hosted by Federal News Network looked at the observability trend and what if means for how agencies deal with activity within their IT infrastructures. Observability, panelists agrees, implies connecting data from various silos in such a way as to make it more actionable, and to help ensure users trust the systems an agency deploys. It enables decisions to prevent performance and security problems.
Jonathan Feibus, director of the governance enterprise management services division at the Nuclear Regulatory Commission, said, “We want to make sure that folks have trust that when they put something into our system, it’s going to stay that way.” He said the NRC has been evolving its approach to monitoring by adding automation and orchestration to deal with log data generated by each server, application and user device.
“From our observability perspective, not only do we want to make sure that people know what they’re logging into, when they’re coming in as an application from a licensee or from a public stakeholder,” Feibus said. If something gets change, he added, “we can point to who changed it, why they changed it, what the changes were and what that means for our licensing and regulatory decisions.”
According to Kent Meyer, a managing director at Deloitte, agencies at both the federal and state levels seek to break down the silos keeping data sources apart. At the same time, he said, they’re seeking to use common data for varying functional requirements.
“Everybody has different mission sets, whether it’s internal or directly external to your client experience,” Meyer said. “We’re seeing our clients really looking to say, ‘How do I how do I leverage one piece of data and use it across multiple areas – cybersecurity, networking, or application development.’”
Meyer said observability is also driven by the increasing complexity of IT environments, with agencies hosting data and applications both in their own data centers and in multiple commercial clouds. An observability approach to monitoring, he said, gives administrators predictive analytic capabilities to prevent performance and availability lapses. And it gives them insights into how applications look from the outside in – that is, from the users’ perspective.
Observability helps Wyoming navigate numerous requirements demanded of systems, Chief Information Officer Bill Vajda said. His shop deals with multiple agency heads who want applications, legislators who push for efficiency, state relationships with multiple federal agencies, and numerous privacy and data protection statutes. The need for efficiency drives a search for reusable software, he said, but that can increase the danger of data ending up where it shouldn’t.
“So if you think about observability in that context,” Vajda said, “how could you use observability to help with something like risk management, to help with something like portfolio management?”
Vajda noted that a given individual might give some information for unemployment benefits, for a licensure of some sort, or for a state health program. “So you’re multiplying the amount [of data],” he said. “If you let that go without trying to use observability as a tool to consolidate or to rationalize the exposure, you have the typology of risk that you’re taking on. Potentially, you’re putting yourself in a position where, how do you hold people accountable for the information internally if there’s a breach?”
Vajda added, “What if the Department of Transportation has a breach, but the Board of Nursing is the one that actually suffers because it’s their interactions with the constituents that are impacted?”
Pillutla said that whether someone is a member of a network operations center, security operations center, or team of systems reliability engineers, “the core challenges the same? See when there’s an issue happening, identify the root cause and resolve it before it impacts citizen services or uptime, or [causes] downtime of critical business workloads.”
Meyers noted that, in order to achieve observability, data analysis platforms increasingly incorporate artificial intelligence. It helps those doing the observing more readily find the patterns and the information they’re looking for, he said. Observability, Meyers said, helps the IT staff spot lags, erosion of trust, performance slowdowns or advanced cyber threats earlier than is possible with plain monitoring.
Meyers said an organization can enhance its observability journey with good data management. “You need to have a strategy,” he said. “Understand what you’re collecting, how long you’re going to retain it, and how you’re going to store it.” That’s all in addition to knowing how it flows through the infrastructure and what applications are using the data.
Ultimately, Pillutla added, observability yields three pieces of information – regardless of where the application is hosted – that are important to business resilience. First, you can understand the results of downtime for critical workloads. Second, you quickly identify a recovery strategy.
Third, she said, observability helps speed modernization. It helps anser the question of how you drive transformation, with full visibility and agility, to adapt to changing macro environments.”
Please register using the form on this page or call (202) 895-5023.
By providing your contact information to us, you agree: (i) to receive promotional and/or news alerts via email from Federal News Network and our third party partners, (ii) that we may share your information with our third party partners who provide products and services that may be of interest to you and (iii) that you are not located within the European Economic Area.