<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:georss="http://www.georss.org/georss" xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#" > <channel> <title>observability Archives - CDInsights</title> <atom:link href="https://www.clouddatainsights.com/tag/observability/feed/" rel="self" type="application/rss+xml" /> <link>https://www.clouddatainsights.com/tag/observability/</link> <description>Trsanform Your Business in a Cloud Data World</description> <lastBuildDate>Fri, 22 Sep 2023 13:09:12 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod> hourly </sy:updatePeriod> <sy:updateFrequency> 1 </sy:updateFrequency> <generator>https://wordpress.org/?v=6.6.1</generator> <image> <url>https://www.clouddatainsights.com/wp-content/uploads/2022/05/CDI-Favicon-2-45x45.jpg</url> <title>observability Archives - CDInsights</title> <link>https://www.clouddatainsights.com/tag/observability/</link> <width>32</width> <height>32</height> </image> <site xmlns="com-wordpress:feed-additions:1">207802051</site> <item> <title>Cisco Acquires Splunk for $28 Billion</title> <link>https://www.clouddatainsights.com/cisco-acquires-splunk-for-28-billion/</link> <comments>https://www.clouddatainsights.com/cisco-acquires-splunk-for-28-billion/#respond</comments> <dc:creator><![CDATA[David Curry]]></dc:creator> <pubDate>Fri, 22 Sep 2023 13:09:07 +0000</pubDate> <category><![CDATA[Security]]></category> <category><![CDATA[cybersecurity]]></category> <category><![CDATA[observability]]></category> <guid isPermaLink="false">https://www.clouddatainsights.com/?p=4482</guid> <description><![CDATA[With the acquisition of Splunk, Cisco is adding one of the world’s best data platforms to Cisco’s robust security portfolio.]]></description> <content:encoded><![CDATA[<div class="wp-block-image"> <figure class="aligncenter size-full"><img fetchpriority="high" decoding="async" width="1000" height="666" src="https://www.clouddatainsights.com/wp-content/uploads/2023/09/cisco-Depositphotos_42165729_S.jpg" alt="" class="wp-image-4484" srcset="https://www.clouddatainsights.com/wp-content/uploads/2023/09/cisco-Depositphotos_42165729_S.jpg 1000w, https://www.clouddatainsights.com/wp-content/uploads/2023/09/cisco-Depositphotos_42165729_S-300x200.jpg 300w, https://www.clouddatainsights.com/wp-content/uploads/2023/09/cisco-Depositphotos_42165729_S-768x511.jpg 768w, https://www.clouddatainsights.com/wp-content/uploads/2023/09/cisco-Depositphotos_42165729_S-930x620.jpg 930w" sizes="(max-width: 1000px) 100vw, 1000px" /><figcaption class="wp-element-caption"><em>With the acquisition of Splunk, Cisco is adding one of the world’s best data platforms to Cisco’s robust security portfolio.</em></figcaption></figure></div> <p>Cisco announced on Thursday its intention to acquire cybersecurity and observability software provider Splunk for $28 billion. It is Cisco’s largest acquisition ever and a declaration of intent by the company to push further into <a href="https://www.clouddatainsights.com/cloud-security-a-primer/">cybersecurity</a>. </p> <p>In the press release of the acquisition, Cisco CEO Chuck Robbins said the Cisco Security Cloud and Splunk’s data platform are complementary to one another, enabling customers that use both services to move from threat detection to threat prediction and prevention. </p> <p>“The Cisco Security Cloud has visibility into vast amounts of security data — network data, identities, emails, web traffic, endpoints, and processes,” said Robbins. “With Splunk, Cisco is adding one of the world’s best data platforms to Cisco’s robust security portfolio.”</p> <p>Robbins also mentioned the growth of <a href="https://www.rtinsights.com/generative-ai-and-secops-a-perfect-match-or-potential-disaster/">generative AI</a> as another challenge, which Cisco and Splunk will be able to tackle more effectively with both services combined. </p> <p>“Uniting with Cisco represents the next phase of Splunk’s growth journey, accelerating our mission to help organizations worldwide become more resilient,” said Gary Steele, president and CEO of Splunk. “Together, we will form a global security and <a href="https://www.clouddatainsights.com/observability-key-to-managing-complex-infrastructures/">observability</a> leader that harnesses the power of data and AI to deliver excellent customer outcomes and transform the industry.”</p> <p>At $157 a share, Cisco’s offer was a 31 percent premium on Splunk’s share price on Wednesday. The company’s stock increased rapidly following the news, and stood at $144 per share at close on Thursday.</p> <p>It is the second largest technology acquisition of 2023, behind Broadcom’s acquisition of VMWare for $69 billion. </p> <p>The two companies expect to complete the acquisition by the third quarter of 2024, with Steele joining Cisco’s executive team. It is not clear if all Splunk jobs will be transferred over to Cisco, or if there will be layoffs. Splunk is not a profitable business and reported a net loss of $278 million in 2022. </p> <div class="saboxplugin-wrap" itemtype="http://schema.org/Person" itemscope itemprop="author"><div class="saboxplugin-tab"><div class="saboxplugin-gravatar"><img decoding="async" src="https://www.clouddatainsights.com/wp-content/uploads/2022/05/curry-150x150-1.webp" width="100" height="100" alt="" itemprop="image"></div><div class="saboxplugin-authorname"><a href="https://www.clouddatainsights.com/author/david-curry/" class="vcard author" rel="author"><span class="fn">David Curry</span></a></div><div class="saboxplugin-desc"><div itemprop="description"><div class="author-info"> <div class="author-description"> <p>David is a technology writer with several years experience covering all aspects of IoT, from technology to networks to security.</p> </div> </div> <div class="clear"> <article id="post-47305" class="entry-grid first-grid post-47305 post type-post status-publish format-standard has-post-thumbnail hentry category-aiops tag-aiops tag-observability"> <div class="post-thumb"></div> </article> </div> </div></div><div class="clearfix"></div></div></div>]]></content:encoded> <wfw:commentRss>https://www.clouddatainsights.com/cisco-acquires-splunk-for-28-billion/feed/</wfw:commentRss> <slash:comments>0</slash:comments> <post-id xmlns="com-wordpress:feed-additions:1">4482</post-id> </item> <item> <title>Revisiting Attack Surface Management in the Cloud</title> <link>https://www.clouddatainsights.com/revisiting-attack-surface-management-in-the-cloud/</link> <comments>https://www.clouddatainsights.com/revisiting-attack-surface-management-in-the-cloud/#respond</comments> <dc:creator><![CDATA[Elizabeth Wallace]]></dc:creator> <pubDate>Fri, 15 Sep 2023 12:42:13 +0000</pubDate> <category><![CDATA[Security]]></category> <category><![CDATA[attack surface management]]></category> <category><![CDATA[cloud security]]></category> <category><![CDATA[observability]]></category> <guid isPermaLink="false">https://www.clouddatainsights.com/?p=3614</guid> <description><![CDATA[Attack surface management has changed with cloud, remote work, and bring your own device. Find out what companies should do now.]]></description> <content:encoded><![CDATA[<div class="wp-block-image"> <figure class="aligncenter size-full"><img decoding="async" width="1000" height="563" src="https://www.clouddatainsights.com/wp-content/uploads/2023/07/Depositphotos_359509470_S.jpg" alt="" class="wp-image-3615" srcset="https://www.clouddatainsights.com/wp-content/uploads/2023/07/Depositphotos_359509470_S.jpg 1000w, https://www.clouddatainsights.com/wp-content/uploads/2023/07/Depositphotos_359509470_S-300x169.jpg 300w, https://www.clouddatainsights.com/wp-content/uploads/2023/07/Depositphotos_359509470_S-768x432.jpg 768w" sizes="(max-width: 1000px) 100vw, 1000px" /><figcaption class="wp-element-caption"><em>Attack surface management has changed with cloud, remote work, and bring your own device. Find out what companies should do now.</em></figcaption></figure></div> <p>The attack surface has evolved thanks to the advent of cloud/multi-cloud/hybrid cloud operations. And what companies need to do to secure these environments has also evolved. Let’s dive right in.</p> <h3 class="wp-block-heading">Understanding attack surface management</h3> <p>Attack surface management tries to identify and manage an organization’s external assets for vulnerabilities and exposures before malicious actors can exploit them. This race is crucial to cybersecurity in an era of cloud, hybrid/remote work, and bring-your-own-device models. Valuable assets include applications, IoT devices, cloud platforms, user accounts, and a whole host of other possibilities. As the attack surface grows with the adoption of new technologies, it becomes even more crucial for security teams to understand what they’re up against.</p> <p>JupiterOne’s recently released “<a href="https://www.jupiterone.com/blog/second-annual-state-of-cyber-assets-report-reveals-growth-in-cyber-asset-value-and-scale">State of Cyber Assets Report</a>” provides valuable insights into the current state of enterprise cloud assets. The report analyzed more than 291 million assets, findings, and policies, revealing a jaw-dropping 133% year-over-year increase in these assets. To compare, the average number was 165,000 in 2022. In 2023, it was nearly 400,000. The number of security vulnerabilities or unresolved findings also increased to a staggering 589%. </p> <p>This presents several challenges for cybersecurity teams. The pressure to defend an ever-expanding attack surface has demanded unprecedented levels of visibility, automation, and practice, whether teams are resource-strapped or not. According to JupiterOne’s report, the average asset value in 2023 is over $17,000, a lot of value left vulnerable without a clear plan. It’s not enough to simply react; threats move too fast for that. This calls for a proactive, comprehensive approach to attack surface management.</p> <h3 class="wp-block-heading">Why the attack surface changes in the cloud</h3> <p>With a bit of thought, most companies understand that the cloud expands the attack surface. Cloud environments introduce a plethora of new potential entry points for cyber threats. As organizations move their data and applications to the cloud, the traditional perimeter-based security approach becomes obsolete. </p> <p>Companies also understand that cloud environments are highly dynamic and agile. Changes in evolving cloud assets create new security challenges, and organizations must adopt continuous monitoring and real-time visibility to keep track. But that isn’t all that’s changing the game:</p> <p>Shared responsibility model: Cloud service providers (CSPs) operate under a shared responsibility model. They’re responsible for the security of the underlying cloud infrastructure, but the company itself is responsible for security data, applications, and configurations. This division of responsibilities requires a shift in security strategies and puts organizations in an active position.</p> <p>Shadow IT and shadow cloud: The cloud’s ease of accessibility can lead to the phenomenon where employees deploy cloud services and applications without the IT department approving or providing oversight. This creates unauthorized—and subsequently unmonitored—cloud assets, expanding the attack surface without the organization’s knowledge. Companies need to identify and secure these shadow assets to create a comprehensive security strategy.</p> <p>Varying security postures: Companies operating a multi-cloud environment will encounter a variety of security postures, and each organization’s cloud architecture can differ significantly. This disparity can lead to inconsistent security practices and configurations across the cloud environment. Reevaluating the attack surface requires organizations to standardize security policies, configurations, and best practices to ensure a cohesive and robust security approach across all cloud assets.</p> <h3 class="wp-block-heading">What companies miss</h3> <p>It’s a familiar story. When thinking about the attack surface, companies often miss the inclusion of shadow IT and unmonitored third-party assets. Shadow IT refers to the use of unauthorized or unapproved applications, services, or devices by employees within an organization. These could be cloud services, mobile apps, or other IT resources that employees use without the knowledge or approval of the IT or security departments.</p> <p>Similarly, third-party assets are external systems, applications, or services connected to an organization’s network or interact with its digital assets. These could include vendor platforms, partner APIs, or other external services that the company relies on for various business functions.</p> <p>The problem with both shadow IT and third-party assets is that they often operate outside the scope of the company’s traditional security measures and visibility. Since they are not officially recognized or monitored, they can introduce unknown vulnerabilities and become weak points that threat actors might exploit to gain unauthorized access to the organization’s systems or data.</p> <p>Several reasons contribute to this oversight:</p> <ul class="wp-block-list"> <li><strong>Lack of Visibility:</strong> IT and security teams may not have comprehensive visibility into all the assets connected to their network, especially when employees use unapproved tools or when third-party services are integrated without proper oversight.</li> <li><strong>Decentralization:</strong> In larger organizations or those with distributed operations, different departments or business units may independently adopt various tools or services without a centralized approval process.</li> <li><strong>Agility and Convenience:</strong> Employees may turn to shadow IT to quickly address their specific needs, believing it enhances their productivity without realizing the potential security risks.</li> <li><strong>Third-Party Risk Management:</strong> Companies may focus primarily on their internal security posture and overlook the security practices of their third-party vendors and partners.</li> </ul> <p>Addressing the shadow IT and third-party asset blind spots is crucial for a comprehensive attack surface management strategy. To mitigate these risks, companies should:</p> <ul class="wp-block-list"> <li>Encourage an open and transparent communication culture, allowing employees to report the use of unauthorized tools without fear of repercussions.</li> <li>Conduct regular audits to identify and monitor shadow IT applications and services.</li> <li>Implement strong third-party risk management practices, including thorough assessments of vendors’ security practices and contractual agreements that enforce security standards.</li> <li>Leverage advanced threat intelligence tools that continuously scan and identify potential third-party assets connected to the organization’s network.</li> <li>Educate employees about the risks associated with shadow IT and the importance of adhering to the organization’s approved technology stack.</li> </ul> <p>By addressing these overlooked aspects of the attack surface, companies can significantly enhance their security posture and minimize the risk of cyber threats originating from unmonitored or unauthorized assets.</p> <h3 class="wp-block-heading">The role of unified cyber insights</h3> <p><a href="https://www.gartner.com/reviews/market/cyber-asset-attack-surface-management">Unified cyber insight</a> plays a crucial role in attack surface management in the cloud. It refers to the comprehensive visibility and correlation of security data from various sources across an organization’s entire cloud infrastructure. This unified view allows security teams to gain a holistic understanding of their cloud-based assets, potential vulnerabilities, and overall security posture, which is essential for effectively managing the attack surface and mitigating security risks.</p> <p>Here are the key features of unified cyber insight in attack surface management in the cloud:</p> <ul class="nv-cv-m wp-block-list"> <li><strong>Centralized visibility:</strong> Cloud environments are dynamic and distributed, with assets and data spread across multiple cloud service providers and regions. Companies need a centralized platform to aggregate and consolidate security data from sources such as cloud platforms, network devices, applications, and user activities to enable security teams to keep track of all cloud assets and activities.</li> <li><strong>Identifying shadow IT and shadow cloud:</strong> Identifying unauthorized or unapproved cloud services and applications used by employees and external cloud services that interact with the organization’s network is critical to managing the modern attack surface. This visibility helps organizations bring shadow assets under the umbrella of formal security measures, reducing potential vulnerabilities.</li> <li><strong>Correlation of security events:</strong> Unified cyber insight correlates security events from different cloud platforms, network devices, and other sources so that security teams can better detect patterns and trends indicative of malicious activities or security breaches.</li> <li><strong>Early threat detection:</strong> Security teams can set up proactive alerts and responses to unusual activities, enabling them to address potential threats before they escalate into full-fledged attacks. This proactive monitoring is key to staying ahead of evolving threats.</li> <li><strong>Compliance and auditing:</strong> A modern attack surface requires simplifying compliance monitoring and reporting for cloud environments. It helps organizations track adherence to industry regulations, data protection laws, and internal security policies, facilitating audit trails and ensuring compliance with relevant standards.</li> <li><strong>Improved incident response:</strong> If a security incident happens, unified insights and visibility accelerate incident response by providing security teams with a complete view of the attack surface and the affected assets. This enhanced visibility enables quick containment and remediation actions to minimize the impact of the breach.</li> <li><strong>Data access and collaboration:</strong> Collaboration and data sharing between different teams within the organization is such a positive thing. It fosters a culture of transparency, allowing security teams to access data from systems owned or administered by other departments. This collaboration is essential in a multi-cloud environment, where multiple teams are responsible for various cloud assets.</li> </ul> <p>Unified insight is a vital component of effective attack surface management in the cloud, thanks to a comprehensive view of cloud assets, activities, and security events. It shifts from a reactive security posture to a proactive one by providing centralized visibility and correlation capabilities and minimizing potential risks and vulnerabilities in the rapidly evolving cloud environment.</p> <p><strong>See also:</strong> <a href="https://www.clouddatainsights.com/a-secure-multi-cloud-a-real-possibility-or-just-a-pipe-dream/">A Secure Multi-cloud: A Real Possibility or Just a Pipe Dream?</a></p> <h3 class="wp-block-heading">Managing a distributed modern attack surface</h3> <p>Dealing with the distributed modern attack surface more efficiently requires companies to make a decisive shift from a reactive to a proactive security posture. Here are some best practices that companies can implement to make that shift and manage the distributed attack surface more effectively:</p> <ul class="nv-cv-m wp-block-list"> <li><strong>Continuous Visibility and Monitoring:</strong> Implement comprehensive and continuous visibility across all cloud environments, including multi-cloud and hybrid cloud architectures. Leverage cloud security solutions that provide real-time monitoring and centralized dashboards to detect potential threats and vulnerabilities and alert security teams.</li> <li><strong>Standardization and consistent security policies:</strong> Develop standardized security policies and configurations across all cloud service providers and environments to reduce potential gaps and inconsistencies that threat actors might exploit.</li> <li><strong>Identity and Access Management (IAM):</strong> Strengthen IAM practices by adopting multi-factor authentication, role-based access controls, and least privilege principles.</li> <li><strong>Cloud-native security tools:</strong> Utilize cloud-native security tools and technologies provided by cloud service providers. These tools are designed to address specific cloud security challenges, unlike those designed for a traditional attack perimeter.</li> <li><strong>Automated Security Measures:</strong> Integrate automation and orchestration to enhance security operations and incident response so that security teams can focus on critical issues and speed up response times.</li> <li><strong>Threat Intelligence Integration:</strong> Integrate threat intelligence feeds to stay informed about the latest cyber threats and attack patterns. Using threat intelligence, organizations can proactively anticipate potential attacks and implement appropriate defenses.</li> <li><strong>Regular Security Assessments and Audits:</strong> Conduct regular security assessments, penetration testing, and audits of cloud environments. These assessments help identify vulnerabilities and weaknesses in the distributed attack surface, allowing organizations to address them promptly.</li> <li><strong>Vendor and Third-Party Risk Management:</strong> Establish strong vendor risk management practices, especially when using third-party cloud services or relying on external vendors for critical functions. Assess the security practices of these partners and ensure they adhere to robust security standards.</li> <li><strong>Cloud Security Training and Awareness:</strong> Remember the human element, and provide comprehensive cloud security training to all employees, including company policy on shadow IT (it doesn’t have to be a total ban). An informed and security-aware workforce is a valuable defense against cloud-related threats.</li> <li><strong>Incident Response and Disaster Recovery Plans:</strong> Develop and regularly test incident response and disaster recovery plans specific to the organization’s cloud environment. A well-prepared response plan mitigates the impact of security incidents and minimizes downtime in the event of a breach.</li> <li><strong>Cloud Security Experts and Managed Services:</strong> If companies don’t have the onsite expertise to create a holistic security plan, they should consider leveraging the expertise of cloud security professionals or managed security service providers (MSSPs) who specialize in cloud security. Their knowledge and experience can provide valuable guidance and support in managing the distributed attack surface.</li> <li><strong>Stay Informed About Cloud Security Trends:</strong> Keep abreast of the latest cloud security trends, best practices, and emerging threats in the cybersecurity landscape. Regularly attend industry conferences, and webinars, and participate in cloud security communities to stay informed and learn from others’ experiences.</li> </ul> <p>A proactive and comprehensive approach to cloud security not only protects critical assets but also enables organizations to embrace the full benefits of cloud technologies while mitigating potential risks. The attack surface has changed, but companies have the right resources to adapt and implement an attack surface management plan that works.</p> <div class="saboxplugin-wrap" itemtype="http://schema.org/Person" itemscope itemprop="author"><div class="saboxplugin-tab"><div class="saboxplugin-gravatar"><img loading="lazy" decoding="async" src="https://www.clouddatainsights.com/wp-content/uploads/2022/05/Elizabeth-Wallace-RTInsights-141x150-1.jpg" width="100" height="100" alt="" itemprop="image"></div><div class="saboxplugin-authorname"><a href="https://www.clouddatainsights.com/author/elizabeth-wallace/" class="vcard author" rel="author"><span class="fn">Elizabeth Wallace</span></a></div><div class="saboxplugin-desc"><div itemprop="description"><p>Elizabeth Wallace is a Nashville-based freelance writer with a soft spot for data science and AI and a background in linguistics. She spent 13 years teaching language in higher ed and now helps startups and other organizations explain – clearly – what it is they do.</p> </div></div><div class="clearfix"></div></div></div>]]></content:encoded> <wfw:commentRss>https://www.clouddatainsights.com/revisiting-attack-surface-management-in-the-cloud/feed/</wfw:commentRss> <slash:comments>0</slash:comments> <post-id xmlns="com-wordpress:feed-additions:1">3614</post-id> </item> <item> <title>A Secure Multi-cloud: A Real Possibility or Just a Pipe Dream?</title> <link>https://www.clouddatainsights.com/a-secure-multi-cloud-a-real-possibility-or-just-a-pipe-dream/</link> <comments>https://www.clouddatainsights.com/a-secure-multi-cloud-a-real-possibility-or-just-a-pipe-dream/#respond</comments> <dc:creator><![CDATA[Elizabeth Wallace]]></dc:creator> <pubDate>Sat, 09 Sep 2023 15:59:43 +0000</pubDate> <category><![CDATA[Governance]]></category> <category><![CDATA[Security]]></category> <category><![CDATA[cloud security]]></category> <category><![CDATA[multi-cloud]]></category> <category><![CDATA[observability]]></category> <guid isPermaLink="false">https://www.clouddatainsights.com/?p=3589</guid> <description><![CDATA[What will it take for companies to secure their multi-cloud environments for good? A new way of thinking about security.]]></description> <content:encoded><![CDATA[ <figure class="wp-block-image size-full"><img loading="lazy" decoding="async" width="1000" height="625" src="https://www.clouddatainsights.com/wp-content/uploads/2023/07/Depositphotos_125103862_S.jpg" alt="" class="wp-image-3590" srcset="https://www.clouddatainsights.com/wp-content/uploads/2023/07/Depositphotos_125103862_S.jpg 1000w, https://www.clouddatainsights.com/wp-content/uploads/2023/07/Depositphotos_125103862_S-300x188.jpg 300w, https://www.clouddatainsights.com/wp-content/uploads/2023/07/Depositphotos_125103862_S-768x480.jpg 768w" sizes="(max-width: 1000px) 100vw, 1000px" /></figure> <p>The adoption of a multi-cloud environment has skyrocketed, offering organizations flexibility, scalability, and cost efficiency to operate competitively in the age of digital transformation. Sorry to be the bearer of bad news, however. With all good things comes risk. As organizations spread workloads across multiple cloud providers, they also increase their attack surface and face a greater risk of security flaws and vulnerabilities.</p> <p>To ensure the security of multi-cloud environments, organizations must become proactive in identifying and mitigating potential threats — easier said than done. Typical advice, even targeted at multi-cloud security doesn’t quite cover all the bases. Let’s take it a little further.</p> <h3 class="wp-block-heading">The typical advice for securing a multi-cloud environment</h3> <p>More companies are <a href="https://www.clouddatainsights.com/new-multi-cloud-study-answers-how-did-we-get-here/">adopting a multi-cloud strategy</a> attempting to maximize flexibility, and there’s quite a bit of advice out there for handling security in such a complex environment. You probably know this song already. It goes like this:</p> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li><strong>Develop a strategy:</strong> Define your organization’s security requirements and goals. Consider factors like data sensitivity and risk tolerance. Create a framework.</li> <li><strong>Understand shared responsibility:</strong> The service provider is responsible for the underlying infrastructure, but it’s the company itself that’s responsible for the data, applications, and user access. Clarify and understand the division of responsibilities.</li> <li><strong>Implement strong access controls:</strong> Strong authentication ensures that only the right individuals can access cloud resources. This includes strong passwords, multi-factor authentication, and regular review of access privileges.</li> <li><strong>Don’t forget encryption:</strong> This includes encryption for data at rest and in transit and secure communication protocols for data transmission. </li> <li><strong>Monitor and log activities:</strong> Robust logging and monitoring mechanisms provide a front-line defense against anomalies. Security information and event management (SIEM) tools help.</li> <li><strong>Update regularly:</strong> It goes without saying but implementing prompt security patches mitigates potential risks.</li> <li><strong>Conduct vulnerability assessments:</strong> Scanning cloud infrastructure and performing penetration tests identifies security gaps and helps companies stay ahead of threats.</li> <li><strong>Educate and train employees:</strong> The human factor in cybersecurity is a critical consideration. Security awareness and training ensures employees understand best practices and their roles and responsibilities in the fight against threats.</li> </ul> <p>And there’s nothing wrong with this list. It’s a good list of things to consider when implementing a multi-cloud security strategy. But it’s too broad and leaves a few gaps. </p> <h3 class="wp-block-heading">Can the multi-cloud be secure?</h3> <p>There are a few key threats facing multi-cloud environments.</p> <h4 class="wp-block-heading">Can we see our entire cloud infrastructure?</h4> <p>One of the biggest challenges in multi-cloud environments is the lack of visibility. While cloud providers offer access management and control capabilities, companies have to go further to prevent unauthorized access. This includes exploring the passwordless future, conditional access, role-based controls, and granular governance. But keeping up with these methods takes a lot of work.</p> <h4 class="wp-block-heading">Are we ready for more effective Distributed Denial of Service attacks? </h4> <p><a href="https://www.rtinsights.com/siem-a-complementary-approach-to-addressing-ddos/">DDoS</a> aims to deny access to services through sheer overwhelm. While the multi-cloud may seem like a great way to avoid this, thanks to scalability, the reality is that you’ve expanded your attack service and make securing them more complex. Again, combating this reality requires a lot of work tracking down different policies from cloud service providers and building solutions that can encompass the mitigation and recovery process.</p> <h4 class="wp-block-heading">Are we utilizing API best practices?</h4> <p>Applications and APIs play a crucial role in scalability and integration, but APIs are also a significant part of the visibility/observability issue. Extending security protections to runtime environments in the cloud is vital for maintaining usability while mitigating <a href="https://www.rtinsights.com/report-apis-are-a-serious-vulnerability/">API risks</a>.</p> <h4 class="wp-block-heading">Are we ready to take insider threats seriously?</h4> <p>Your own teams pose significant risks to multi-cloud environments. Employees need to know common attack vectors and understand security best practices. However, going beyond simple training incentivizes employees to prioritize continuous security training and foster a culture of vigilance. Additionally, companies need to understand how implementing tools like AI can help uncover suspicious and anomalous behavior from employees putting the company at risk on purpose.</p> <h3 class="wp-block-heading">Making visibility a priority</h3> <p>Lack of visibility (and therefore control) is a serious challenge for businesses securing multi-cloud environments. When organizations leverage <a href="https://www.clouddatainsights.com/cloud-management-for-the-modern-workload/">multiple cloud providers</a>, it becomes difficult to track and monitor all the data, applications, user access, and permissions across all clouds. Gaps in security monitoring and detection leave organizations vulnerable to unauthorized access and security breaches.</p> <p>Comprehensive understanding and awareness of the entire environment help IT teams and tools powered by AI identify potential security flaws, vulnerabilities, and anomalies faster. However, the problems businesses are trying to solve by allocating resources to different locations make this visibility challenging. Add in the proliferation of APIs and web applications, and companies add to their attack surface.</p> <p>Visibility is a key challenge in the pursuit of comprehensive security solutions. Companies must expand their security checklist to include policies that prevent these gaps. While the initial checklist covers important strategies for securing a multi-cloud environment, there are a few key aspects companies may overlook.</p> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li><strong><a href="https://www.clouddatainsights.com/multi-cloud-obstacles-still-in-the-way-of-deployment/">Cloud provider due diligence</a>:</strong> Of course, organizations consider security policies of potential cloud providers, but thorough due diligence is necessary. Evaluate more than simply data breach history. How did they address the breach? What are their current incident response capabilities? Do they have certifications for specific challenges? </li> </ul> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li><strong>Regular assessment of third-party integrations:</strong> Companies often solve integration issues with third-party services and applications. Regular security assessments of all third-party integrations and services ensures they meet the latest security standards—their security posture, data handling, and potential vulnerabilities they may introduce to the environment.</li> </ul> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li><strong>Comprehensive incident response and security planning:</strong> Prevention and mitigation are only part of the equation. A detailed <a href="https://www.clouddatainsights.com/csnf-open-approach-to-multi-cloud-security-notifications/">incident response</a> and recovery plan outlines the steps necessary in the event of an incident, assigns roles and responsibilities, and establishes communication channels. Companies should regularly review this plan to ensure it covers the most up-to-date situation.</li> </ul> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li><strong>Continuous monitoring and threat intelligence:</strong> Basic logging and monitoring won’t cover a complex multi-cloud environment. Advanced threat intelligence capabilities like machine learning-based anomaly detection and security information and event management (SIEM) tools move companies from reactive to proactive response strategies.</li> </ul> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li><strong>Cloud provider exit strategy:</strong> It’s crucial to have a plan in place for transitioning between cloud providers or bringing services back in-house so that companies don’t accidentally create vulnerabilities during the change. This strategy should address data migration, vendor lock-in considerations, and security controls during transition.</li> </ul> <h3 class="wp-block-heading">Security in the multi-cloud must evolve</h3> <p>Managing security within a multi-cloud environment requires an evolution in security practices. </p> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>Emphasize visibility and centralized control: Security solutions must have a holistic view of the environment, including applications, data, user access, and network traffic. Centralized control enables <a href="https://www.clouddatainsights.com/understanding-unified-security-in-a-cloud-world/">unified security</a>, giving organizations the capability to enforce consistent security policies, monitor activity, and better detect anomalies.</li> </ul> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>Adapt identity and access management (IAM): <a href="https://www.rtinsights.com/what-companies-must-know-about-identity-security-in-2023/">IAM strategies</a> must also evolve. For example, identity federation and single sign-on solutions can enable seamless authentication across the environment. Role-based access control and the principle of least privilege ensure that users only have the necessary permissions while still enabling them to do their jobs.</li> </ul> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>Leverage cloud-native security tools and automation: Security tools designed for on-premises environments may not suit the dynamic nature of multi-cloud. Security needs to evolve to enable automation, threat detection, and incident response capabilities tailored to the specific cloud platform used.</li> </ul> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>Enable network security and segmentation: Multi-cloud environments require robust network security measures. Security needs to evolve by implementing network segmentation and isolating workloads and data within each cloud provider. This prevents lateral movement and limits the impact of potential breaches. Organizations can also employ virtual private clouds (VPCs), network security groups (NSGs), and next-generation firewalls (NGFWs) to enforce network security policies and control traffic between cloud environments.</li> </ul> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>Implement continuous monitoring and threat intelligence: Multi-cloud environments demand continuous monitoring and proactive threat intelligence capabilities. Security needs to evolve by implementing advanced monitoring solutions that detect and respond to security events in real time. This includes leveraging <a href="https://www.rtinsights.com/flexibility-and-scale-foremost-in-cloud-siem/">security information and event management</a> (SIEM) systems, intrusion detection and prevention systems (IDPS), and security analytics tools. Integration with threat intelligence feeds and leveraging machine learning algorithms enables organizations to identify and respond to emerging threats more effectively.</li> </ul> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>Remember compliance and data governance: Multi-cloud environments introduce additional complexities regarding compliance and data governance. Security must evolve by ensuring appropriate security controls and compliance frameworks are in place across all cloud providers. Organizations must clearly understand the regulatory requirements applicable to their industry and region and implement controls to meet those requirements consistently across their multi-cloud environment.</li> </ul> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>Minimize point solutions: Security solutions designed for specific functions or individual components may work in the short term but don’t address the long-term strategy. They lack centralized visibility, experience limitations in scale, and may be incompatible with cloud environments. Multi-cloud demands a holistic, interoperable approach capable of adapting to the environment instead of forcing the environment to fit a series of point solutions. This is different than simply “working” in a multi-cloud. Instead, it must be a single policy distributed across the entire environment.</li> </ul> <h3 class="wp-block-heading">The role of artificial intelligence in securing a multi-cloud environment</h3> <p>A<a href="https://www.clouddatainsights.com/explore-the-mutual-advantages-of-generative-ai-and-the-cloud/">rtificial intelligence</a> will never replace humans in the security role, but it will play a critical part in supporting human efforts to keep a multi-cloud environment secure. It will extend human capabilities and reach, offering guidance and recognizing patterns humans may miss (or notice too late).</p> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li><strong>Threat detection and prevention:</strong> The sheer volume of data across the multi-cloud environment can make detection challenging. AI can process large data volumes from sources such as logs, network traffic, and user behavior to find patterns indicative of potential security threats. Machine learning algorithms learn and adapt, helping improve detection and prevention.</li> <li><strong>Intelligent security analytics:</strong> Jumping off from the previous point, AI automates the analysis of security events and provides actionable insights for human teams. Sifting through massive data to identify patterns and correlate events allows AI to detect sophisticated attacks and unusual behavior, even spanning across different cloud providers. Security teams can prioritize and respond more effectively to reduce response times and minimize the impact of any breaches.</li> <li><strong>User behavior analytics:</strong> AI-powered UBA systems can monitor user activities, access patterns, and understand behaviors across multiple platforms. By establishing baselines for normal user behavior, AI can identify anomalous activities that may indicate insider threats or compromised accounts. UBA helps detect unauthorized access attempts, privilege misuse, or unusual data exfiltration behaviors, enhancing overall security in multi-cloud environments. This reduces false positives and allows teams to get work done largely unhindered by accidental flags.</li> <li><strong>Automated incident response:</strong> AI can automate incident response processes in multi-cloud environments. Security incidents can be automatically identified, categorized, and remediated through predefined rules and AI algorithms. This includes actions such as isolating compromised systems, blocking suspicious traffic, or triggering alerts to security teams. Automated incident response powered by AI reduces response times, enhances consistency, and minimizes the impact of security incidents.</li> <li><strong>Vulnerability management and patching:</strong> AI can assist in vulnerability management by automatically scanning multi-cloud environments for vulnerabilities and prioritizing remediation efforts based on risk levels. AI-powered systems can analyze vulnerability data, threat intelligence feeds, and contextual information to recommend appropriate patches and configurations. This helps organizations stay on top of security updates and reduces the window of exposure to potential threats.</li> <li><strong>Adaptive access controls:</strong> AI can enhance access control mechanisms in multi-cloud environments by dynamically adjusting access privileges based on user behavior, context, and risk scores. AI systems can analyze user activities, location, device information, and other contextual data to make real-time access control decisions. This adaptive approach strengthens security by dynamically granting or revoking access privileges, reducing the risk of unauthorized access or privilege abuse.</li> <li><strong>Threat intelligence and proactive defense:</strong> AI can leverage threat intelligence feeds, including indicators of compromise (IOCs) and behavior-based threat models, to proactively identify emerging threats and potential attack vectors. AI systems can analyze real-time threat data, correlate it with internal security information, and provide proactive recommendations for strengthening security controls. By harnessing AI-powered threat intelligence, organizations can stay ahead of evolving threats and proactively defend their multi-cloud environments.</li> </ul> <h3 class="wp-block-heading">Visibility, automation, and holistic security solutions in a multi-cloud world</h3> <p>Securing a multi-cloud environment may be more challenging than traditional on-premises environments or even a single cloud. However, that doesn’t mean it’s a futile effort. Companies that have run all the possibilities and decided to embark on a multi-cloud solution for its flexibility can still take strong measures to ensure loopholes don’t exist. They will need to step away from point solutions or any approach that treats the multi-cloud as separate systems and create one holistic policy designed to create visibility. Then, human teams, in conjunction with AI, can deploy holistic security solutions to reduce vulnerabilities and enable the multi-cloud to reach its full potential.</p> <div class="saboxplugin-wrap" itemtype="http://schema.org/Person" itemscope itemprop="author"><div class="saboxplugin-tab"><div class="saboxplugin-gravatar"><img loading="lazy" decoding="async" src="https://www.clouddatainsights.com/wp-content/uploads/2022/05/Elizabeth-Wallace-RTInsights-141x150-1.jpg" width="100" height="100" alt="" itemprop="image"></div><div class="saboxplugin-authorname"><a href="https://www.clouddatainsights.com/author/elizabeth-wallace/" class="vcard author" rel="author"><span class="fn">Elizabeth Wallace</span></a></div><div class="saboxplugin-desc"><div itemprop="description"><p>Elizabeth Wallace is a Nashville-based freelance writer with a soft spot for data science and AI and a background in linguistics. She spent 13 years teaching language in higher ed and now helps startups and other organizations explain – clearly – what it is they do.</p> </div></div><div class="clearfix"></div></div></div>]]></content:encoded> <wfw:commentRss>https://www.clouddatainsights.com/a-secure-multi-cloud-a-real-possibility-or-just-a-pipe-dream/feed/</wfw:commentRss> <slash:comments>0</slash:comments> <post-id xmlns="com-wordpress:feed-additions:1">3589</post-id> </item> <item> <title>6 Ways Supercloud Might Impact Emerging Cloud-Computing Trends</title> <link>https://www.clouddatainsights.com/6-ways-supercloud-might-impact-emerging-cloud-computing-trends/</link> <comments>https://www.clouddatainsights.com/6-ways-supercloud-might-impact-emerging-cloud-computing-trends/#respond</comments> <dc:creator><![CDATA[Elizabeth Wallace]]></dc:creator> <pubDate>Thu, 27 Jul 2023 21:57:26 +0000</pubDate> <category><![CDATA[Cloud Data Platforms]]></category> <category><![CDATA[cloud infrastructure]]></category> <category><![CDATA[Cloud strategy]]></category> <category><![CDATA[observability]]></category> <guid isPermaLink="false">https://www.clouddatainsights.com/?p=3407</guid> <description><![CDATA[The supercloud will impact the way we handle cloud operations. Discover what it could offer to help companies manage the multi-cloud.]]></description> <content:encoded><![CDATA[<div class="wp-block-image"> <figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" src="https://www.clouddatainsights.com/wp-content/uploads/2023/06/Depositphotos_132516942_S.jpg" alt="Supercloud" class="wp-image-3408" width="749" height="508" srcset="https://www.clouddatainsights.com/wp-content/uploads/2023/06/Depositphotos_132516942_S.jpg 999w, https://www.clouddatainsights.com/wp-content/uploads/2023/06/Depositphotos_132516942_S-300x203.jpg 300w, https://www.clouddatainsights.com/wp-content/uploads/2023/06/Depositphotos_132516942_S-768x520.jpg 768w" sizes="(max-width: 749px) 100vw, 749px" /><figcaption class="wp-element-caption"><em>The supercloud will impact the way we handle cloud operations. Discover what it could offer to help companies manage the multi-cloud.</em></figcaption></figure></div> <p>Why lock yourself into one single cloud when multi-cloud offers flexibility and scalability? Because with expanded cloud environments come expanded challenges. Companies moving to a multi-cloud environment must mitigate the inherent complexity of such ecosystems and manage security, cost optimization, and resource allocation. When companies expand their cloud footprint, it becomes a business imperative to find ways to streamline and mitigate the intricacies of running operations in the multi-cloud. Enter the supercloud—an intuitive approach that could offer potential solutions for tackling multi-cloud complexity.</p> <h3 class="wp-block-heading">Understanding multi-cloud complexity</h3> <p>What are the key drivers for needing a solution to the multi-cloud challenge? While it offers benefits in some areas over a single cloud, it introduces either challenges that need solving or new aspects of single cloud problems.</p> <h4 class="wp-block-heading">The complexity conundrum</h4> <p>Managing multiple cloud environments from various providers may improve flexibility and allow companies to allocate resources where they see fit. The downside is that it introduces complexity to an already complex cloud environment. Sure, companies may have more choices for resource allocation, but that also gives them more ways to get it wrong. Additionally, interoperability becomes a serious issue with the potential for silos. </p> <p>Each cloud platform comes with its own set of tools, APIs, and management interfaces. This moves a lot of the provisioning burden onto the company itself, making consistency and efficiency tricky to maintain across the entire ecosystem. If the company doesn’t have the expertise to execute this strategy, it can only multiply existing problems. Can’t manage scale in a single cloud environment? Multi-cloud isn’t a magic bullet.</p> <h4 class="wp-block-heading">Vendor lock-in and interoperability issues</h4> <p>Another major concern for multi-cloud environments is vendor lock-in. Ironically, one of the major reasons companies switch to hybrid or multi-cloud environments is to avoid this, but it can still be a problem. Organizations may find it challenging to migrate workloads or switch providers because of dependencies on proprietary technologies. Also, achieving seamless interoperability between different clouds is crucial for smooth data exchange and workload portability, but that’s only if you can get them to play nicely together.</p> <h4 class="wp-block-heading">Governance and security concerns</h4> <p>Anytime you add complexity to a technology solution, you create the potential for security weaknesses. Once again, each cloud provider will have its own security procedures and policies, leaving companies to manage consistency. This includes understanding and executing appropriate access controls, enforcing compliance, and maintaining in-house security policies. Companies need a clear, unified approach to mitigate risks and ensure regulatory compliance.</p> <h3 class="wp-block-heading">Introducing (and demystifying) the supercloud</h3> <p>A supercloud is a centralized cloud management platform integrating multiple cloud environments. It provides companies with a unified interface and control plane. It acts as an agnostic, abstraction layer, enabling organizations to manage and orchestrate their diverse cloud resources from a single location and consolidating management tasks.</p> <h4 class="wp-block-heading">Architecture and components</h4> <p>At the core of the supercloud lies intelligent automation and orchestration capabilities. These enable efficient management, provisioning, and monitoring. </p> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>Intelligent Automation and Orchestration: The supercloud harnesses intelligent automation and orchestration capabilities, typically leveraging AI and ML to automate tasks and optimize resource allocation. Automation frameworks streamline management processes, reducing manual effort and increasing efficiency.</li> <li>Advanced Technologies: Speaking of AI and ML, these algorithms enable intelligent decision-making, predictive analytics, and adaptive resource allocation. Models also analyze patterns and optimize workflows for improved performance and cost optimization.</li> <li>Open Standards and APIs: A well-designed supercloud requires open standards and APIs to ensure compatibility and promote interoperability between different cloud platforms. These facilitate seamless integration, allowing applications and services to communicate and interact.</li> <li>Interoperability Between Cloud Services: The strong focus on interoperability simplifies the movement of workloads, data, and applications across multiple cloud providers. Basically, these separate cloud environments interact with each other as if they belong to the same environment. Applications run in containers or virtual machines and connect to any cloud environments within the ecosystem.</li> <li>Efficient Management and Provisioning: And it’s more than just interoperability. The architecture of the supercloud facilitates centralized management and provisioning, and provides a unified interface and control plane for administrators to oversee resources and operations across multiple clouds for efficient provisioning mechanisms and optimized resource utilization.</li> <li>Monitoring and Performance Optimization: It enables real-time monitoring of cloud resources, application performance, and service-level agreements. Performance optimization algorithms identify bottlenecks, auto-scale resources, and enhance overall system performance.</li> </ul> <h4 class="wp-block-heading">Benefits of a supercloud </h4> <ol class="nv-cv-d nv-cv-m wp-block-list"> <li><strong>Centralized Management and Control</strong>: The supercloud gives a unified view of resources to administrators, allowing them to deploy, monitor, and manage applications across multiple clouds from one central place. This unified control simplifies day-to-day operations by replacing the constant task switching with a single view.</li> <li><strong>Interoperability and Portability:</strong> With the supercloud, organizations can choose different cloud configurations based on the strengths of different cloud providers. It eliminates vendor lock-in and allows businesses to optimize their resource allocation and choose the best services out of multiple providers.</li> <li><strong>Enhanced Governance and Security:</strong> Supercloud provides a centralized framework to enforce security controls, manage access policies, and adhere to regulatory requirements. Through this unified framework, organizations can enhance their overall security posture and minimize vulnerabilities.</li> <li><strong>Cost Optimization and Resource Efficiency:</strong> A supercloud strategy offers organizations deep insights into resource usage, performance, and cost metrics across multiple clouds. This visibility enables informed decision-making and can help companies achieve significant savings in their cloud operations.</li> <li><strong>Resilience and Business Continuity:</strong> Distributing workloads and data across multiple cloud providers reduces the chance of service disruptions caused by a single cloud provider’s outage. The supercloud helps companies expand their cloud strategy and enables organizations to architect fault-tolerant solutions.</li> <li><strong>Providing Innovation and Scalability:</strong> The supercloud gives companies more choices in how to develop and deploy applications across multiple clouds, but it also simplifies these choices to help reduce the operational difficulties that make multi-cloud difficult in the first place.</li> </ol> <h3 class="wp-block-heading">The supercloud offers a pathway through the (cloud) wilderness</h3> <p>Organizations choosing to go the multi-cloud route will need some sort of management plan to reduce the risks associated with deploying in a multi-cloud environment. The supercloud could offer companies a way to manage these different cloud environments not as separate entities but as part of a unified cloud strategy. Although companies will ultimately choose their own path through the multi-cloud complexity, this could be one way to make cloud operations successful.</p> <div class="saboxplugin-wrap" itemtype="http://schema.org/Person" itemscope itemprop="author"><div class="saboxplugin-tab"><div class="saboxplugin-gravatar"><img loading="lazy" decoding="async" src="https://www.clouddatainsights.com/wp-content/uploads/2022/05/Elizabeth-Wallace-RTInsights-141x150-1.jpg" width="100" height="100" alt="" itemprop="image"></div><div class="saboxplugin-authorname"><a href="https://www.clouddatainsights.com/author/elizabeth-wallace/" class="vcard author" rel="author"><span class="fn">Elizabeth Wallace</span></a></div><div class="saboxplugin-desc"><div itemprop="description"><p>Elizabeth Wallace is a Nashville-based freelance writer with a soft spot for data science and AI and a background in linguistics. She spent 13 years teaching language in higher ed and now helps startups and other organizations explain – clearly – what it is they do.</p> </div></div><div class="clearfix"></div></div></div>]]></content:encoded> <wfw:commentRss>https://www.clouddatainsights.com/6-ways-supercloud-might-impact-emerging-cloud-computing-trends/feed/</wfw:commentRss> <slash:comments>0</slash:comments> <post-id xmlns="com-wordpress:feed-additions:1">3407</post-id> </item> <item> <title>Right-Sizing Security for Small and Emerging Teams</title> <link>https://www.clouddatainsights.com/right-sizing-security-for-small-and-emerging-teams/</link> <comments>https://www.clouddatainsights.com/right-sizing-security-for-small-and-emerging-teams/#respond</comments> <dc:creator><![CDATA[Sumo Logic]]></dc:creator> <pubDate>Sun, 21 May 2023 14:38:17 +0000</pubDate> <category><![CDATA[Governance]]></category> <category><![CDATA[Security]]></category> <category><![CDATA[Sponsored]]></category> <category><![CDATA[cyber security]]></category> <category><![CDATA[observability]]></category> <guid isPermaLink="false">https://www.clouddatainsights.com/?p=3151</guid> <description><![CDATA[For emerging security teams that don’t need overly complex tools, Sumo Logic Cloud Security Analytics addresses key security challenges without the higher cost or added complexity of enterprise-grade tooling. ]]></description> <content:encoded><![CDATA[ <p><em>Sponsored by Sumo Logic</em></p> <div class="wp-block-image"> <figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="726" height="513" src="https://www.clouddatainsights.com/wp-content/uploads/2023/05/SMB-security-risks.jpg" alt="" class="wp-image-3162" srcset="https://www.clouddatainsights.com/wp-content/uploads/2023/05/SMB-security-risks.jpg 726w, https://www.clouddatainsights.com/wp-content/uploads/2023/05/SMB-security-risks-300x212.jpg 300w" sizes="(max-width: 726px) 100vw, 726px" /><figcaption class="wp-element-caption"><em>Sumo Logic Cloud Security Analytics addresses key security challenges without the higher cost or added complexity of enterprise-grade tooling.</em></figcaption></figure></div> <p>The recent trend of <a href="https://www.itpro.com/security/cyber-security/370140/state-sponsored-hackers-diversifying-tactics-targeting-smbs">state-sponsored hackers</a> targeting small businesses is just one example of how SMBs (small-medium businesses) and organizations without a dedicated SOC (security operations center) face many of the same security challenges that enterprises face. </p> <p>That comes at a time when attacks and the damage they do are on the rise. The <a href="https://www.fbi.gov/contact-us/field-offices/springfield/news/internet-crime-complaint-center-releases-2022-statistics">FBI’s Internet Crime Complaint Center (IC3)</a> saw over 800,000 complaints and dollar losses related to cybercrime increase by 49% in 2022.</p> <p>The key difference with SMBs is that their smaller security teams don’t have the same resources and dedicated cybersecurity expertise as larger enterprises. In some cases, smaller teams attempt to enable enterprise-grade security by adopting the same tools as larger organizations. The result is often high licensing costs with few practical benefits.</p> <p>That’s because traditional enterprise-grade tools aren’t the right fit. Instead of tools built with the Fortune 100 in mind, smaller teams need right-sized solutions that address <em>their </em>security challenges in a way <em>their </em>security teams can support.</p> <p>The sections below will examine the security challenges facing small and growing teams, how Sumo Logic can address them, and practical use cases.</p> <h2 class="wp-block-heading"><a></a>The problems that emerging security teams face</h2> <p>The challenges facing security teams have changed drastically in recent years. Network perimeters are no longer clearly defined, and attack surfaces are seemingly everywhere. Additionally, with the emergence of <a rel="nofollow" href="https://www.sumologic.com/glossary/devsecops/">DevSecOps</a>, concepts like “shifting left” (which can require teams that weren’t previously responsible for security to integrate it into their work) and <a href="https://psych.wisc.edu/news/building-better-human-bot-cybersecurity-teams/">human-bot cybersecurity teams</a> have made it so that even the composition of security teams is rapidly changing.</p> <p>This creates an environment where emerging teams face multiple difficult security challenges. Let’s take a look at exactly what those are.</p> <h3 class="wp-block-heading"><a></a>Complexity</h3> <p>Modern security teams must account for many users, workloads, applications and deployment models that spread sensitive data across multi-cloud and on-prem environments. Key complexity drivers include:</p> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li><strong>Diverse cloud infrastructure</strong>– Multi-cloud and hybrid-cloud environments are common. And deployment models range from cloud apps to complex microservices architecture. The variance in service providers and architecture creates different threat models that require additional security solutions.</li> <li><strong>Myriad of security tools- </strong>Mature small businesses <a href="https://www.anomali.com/blog/more-is-less-the-challenge-of-utilizing-multiple-security-tools">have an average of 15 to 20 security </a><a href="https://www.anomali.com/blog/more-is-less-the-challenge-of-utilizing-multiple-security-tools">tools, and medium-sized companies could have from 50-60 security tools</a>. This creates an environment where teams lack a central source of truth that provides holistic visibility into their security posture. As a result, they have to bounce between multiple consoles and tools to detect and respond to issues in a “swivel chair” fashion. </li> <li><strong>App sprawl</strong>– According to <a href="https://www.okta.com/blog/2022/11/okta-cic-for-saas-apps/">Okta</a>, companies use 89 apps on average. At that scale, ensuring applications meet and continue to adhere to security standards becomes challenging.</li> <li><strong>Distributed workforces</strong>– Remote work coupled with globally distributed workforces create a complex network perimeter. With a distributed workforce, sensitive data is spread in ways traditional security appliances can’t adequately protect. </li> </ul> <h3 class="wp-block-heading"><a></a>Lack of visibility</h3> <p>The complexity of modern IT infrastructure alone often creates silos that limit visibility. For example, applications owned by different business units may not have any central oversight. Similarly, legacy on-prem security tools may not integrate with cloud monitoring tools. Unfortunately, this often leads to a negative feedback loop where more security tools create more complexity.</p> <h3 class="wp-block-heading"><a></a>Limited security expertise</h3> <p>Cybersecurity is a complex topic with multiple highly specialized areas of expertise. For example, demonstrating compliance with standards like PCI DSS (Payment Card Industry Data Security Standard) or ISO 27001 is difficult without the proper domain knowledge. Similarly, pen testing and identity and access management require specialized skills. The highly competitive cybersecurity job market creates real challenges for organizations that want to hire and retain talented security professionals across different cybersecurity domains. </p> <p>Smaller teams don’t have the luxury of specialization, meaning they’ll have a tougher time benefitting from traditional enterprise-grade security solutions. Similarly, larger development teams are stretching to prioritize cybersecurity initiatives that weren’t previously their responsibility. Even though these larger teams have more people, they face the same challenges of limited security expertise.<br><br>Even when there is a dedicated SOC or team of DevSecOps engineers, it’s easy to get overwhelmed by the sheer volume of thousands of daily alerts and the work involved in truly “shifting left” and supporting the demands of various apps and business units across an organization.</p> <h3 class="wp-block-heading"><a></a>High costs</h3> <p>The license costs and operational overhead created by security tool sprawl alone can significantly impact the bottom line. However, that’s far from the only driver of high costs for emerging security teams. The data storage required for effectively detecting threats and compliance audits can also add up fast. Often, this leads to tough trade-offs around data retention policies based on the costs of different storage tiers and deciding which data to ingest due to cost concerns and the fear of surprise overages.</p> <p><strong>Did you know? </strong><a href="https://www.idc.com/getdoc.jsp?containerId=US49018922">According to IDC</a>, the Enterprise DataSphere will grow over twice as fast as the Consumer DataSphere between 2022-2026.</p> <p><strong>See also:</strong> <a href="https://www.clouddatainsights.com/how-to-secure-your-cloud-platform-and-be-ready-for-your-next-audit/" target="_blank" rel="noreferrer noopener">How to Secure Your Cloud Platform and Be Ready for Your Next Audit</a></p> <h2 class="wp-block-heading"><a></a>How Cloud Security Analytics democratizes security</h2> <p>Using the tools that Fortune 100 enterprises use makes sense on the surface. After all, they have the expertise to know what works, right? Yes, but knowing what works for <em>them</em> isn’t the same as knowing what will work for <em>your team</em>.</p> <p>What works for the top one percent of elite security teams will differ from the other 99% of organizations. Buying the tool and hoping a team will grow into it is effectively an aspirational approach to security that isn’t practical or efficient.</p> <p>For example, an <a rel="nofollow" href="https://www.sumologic.com/solutions/cloud-siem-enterprise/">enterprise-grade SIEM</a> is a powerful security solution. But, many organizations don’t need a SIEM at the current stage of their security journey. Investing in a SIEM when you <em>aren’t </em>ready is an excellent example of wasteful aspirational spending.</p> <p>Sumo Logic <a rel="nofollow" href="https://www.sumologic.com/solutions/cloud-security-analytics/">Cloud Security Analytics</a> directly addresses this challenge by simplifying — and democratizing — enterprise-grade security for smaller teams. With a right-sized, cloud-native security platform powered by logs, teams can address security and compliance challenges today with the resources they have. And, in a world where security needs to happen <em>now</em>, that can be a game-changer for your security posture.</p> <p>For emerging security teams that don’t need overly complex tools, Sumo Logic Cloud Security Analytics addresses key security challenges without the higher cost or added complexity of enterprise-grade tooling. Specifically, Cloud Security Analytics helps emerging security teams improve security by:</p> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li><strong>Consolidating tools- </strong>You can reduce tool sprawl by combining core data aggregation, log analytics, search, threat detection, compliance, and visualization functionality in a single platform. <strong></strong></li> <li><strong>Streamlining operations- </strong>A single, purpose-built security platform makes it easier for teams to address security challenges with limited staff.</li> <li><strong>Simplifying data ingestion, compliance, and auditing</strong>– Modern businesses depend on dozens or even hundreds of apps and services. With over 200 different out-of-the-box integration apps, Cloud Security Analytics simplifies data ingestion across even the most complex multi-cloud and hybrid cloud environments.</li> <li><strong>Improving visibility</strong>– Coupling centralized security logs and events with powerful analytics and shared dashboards helps teams improve visibility and focus on their top priorities.</li> <li><strong>Reducing costs </strong>– A security data lake with flexible data tiering and licensing helps reduce storage and usage costs. The reduced tool sprawl and operational overhead can also lead to more savings.</li> </ul> <p>Taken as a whole, those benefits effectively democratize security and help teams address modern cybersecurity threats without paying for tools that are too complex and expensive for their immediate needs.</p> <p><strong>See also:</strong> <a href="https://www.clouddatainsights.com/take-control-how-to-make-the-invisible-serverless-threat-landscape-visible/" target="_blank" rel="noreferrer noopener">Take Control: How To Make the Invisible Serverless Threat Landscape Visible</a></p> <h2 class="wp-block-heading"><a></a>Practical use cases for Cloud Security Analytics</h2> <p>Now let’s dive into some specific examples of how Cloud Security Analytics can help democratize enterprise-grade security.</p> <div class="wp-block-image"> <figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="624" height="371" src="https://www.clouddatainsights.com/wp-content/uploads/2023/05/SMB-security-1.png" alt="" class="wp-image-3153" srcset="https://www.clouddatainsights.com/wp-content/uploads/2023/05/SMB-security-1.png 624w, https://www.clouddatainsights.com/wp-content/uploads/2023/05/SMB-security-1-300x178.png 300w" sizes="(max-width: 624px) 100vw, 624px" /><figcaption class="wp-element-caption"><strong>Create a central lake for all your security data</strong> (<a href="https://www.sumologic.com/solutions/security-data-lake/" target="_blank" rel="noreferrer noopener nofollow">Image source</a>)</figcaption></figure></div> <p>Logs and events are essential aspects of observability and threat detection. Centralizing and analyzing logs and events from raw data to actionable information can drastically improve overall security posture. Using Sumo Logic Cloud Security Analytics as a security data lake makes aggregating, storing, and searching your logs and other security data simple and affordable.</p> <p>Two of the biggest challenges for small teams looking to shift their security tooling to the cloud are the cost of data storage and compliance. The Sumo Logic Cloud Security Analytics solution offers multiple <a rel="nofollow" href="https://help.sumologic.com/docs/manage/partitions-data-tiers/data-tiers/">data tiers</a> that provide the flexibility to balance cost and data retention. This data then directly informs the platform’s built-in analytics and threat detection capabilities to help improve overall visibility. <br><br>Additionally, Sumo Logic is committed to <a rel="nofollow" href="https://www.sumologic.com/security/platform-security/">data security on its platform</a> with compliance attestations and certifications, such as SOC Type II, PCI DSS, HIPAA, GDPR and FedRAMP™ built in.</p> <div class="wp-block-image"> <figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="624" height="407" src="https://www.clouddatainsights.com/wp-content/uploads/2023/05/SMB-security-2.png" alt="" class="wp-image-3154" srcset="https://www.clouddatainsights.com/wp-content/uploads/2023/05/SMB-security-2.png 624w, https://www.clouddatainsights.com/wp-content/uploads/2023/05/SMB-security-2-300x196.png 300w" sizes="(max-width: 624px) 100vw, 624px" /><figcaption class="wp-element-caption"><strong>Simplify PCI compliance for SMBs</strong> (<a href="https://www.sumologic.com/solutions/audit-compliance/" target="_blank" rel="noreferrer noopener nofollow">Image source</a>)</figcaption></figure></div> <p>Point-in-time demonstration of PCI DSS compliance can be time consuming, complex and risky. Manual scans and configuration checks go stale quickly. If you <em>only</em> validate compliance during specific point-in-time audits, you risk missing configuration drift and vulnerabilities that emerge between audits.</p> <p><a rel="nofollow" href="https://www.sumologic.com/solutions/audit-compliance/">Continuous compliance monitoring</a> makes it easy and cost effective for smaller teams to maintain and demonstrate PCI DSS compliance on demand.</p> <p>Cloud Security Analytics also supports continuous compliance readiness monitoring for frameworks like ISO 27001 and CMMC (Cybersecurity Maturity Model Certification).</p> <div class="wp-block-image"> <figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="624" height="343" src="https://www.clouddatainsights.com/wp-content/uploads/2023/05/SMB-security-3.png" alt="" class="wp-image-3158" srcset="https://www.clouddatainsights.com/wp-content/uploads/2023/05/SMB-security-3.png 624w, https://www.clouddatainsights.com/wp-content/uploads/2023/05/SMB-security-3-300x165.png 300w" sizes="(max-width: 624px) 100vw, 624px" /><figcaption class="wp-element-caption"><strong>Detect threats in hybrid cloud environments</strong> (<a href="https://www.sumologic.com/solutions/threat-detection-investigation/" target="_blank" rel="noreferrer noopener nofollow">Image source</a>)</figcaption></figure></div> <p>Modern security teams have to support a wide range of applications. Monitoring every tool in a silo is impractical, so aggregation and centralization of security information are essential. Sumo Logic’s threat intelligence powered by CrowdStrike enables security teams to detect indicators of compromise (IoCs) in near real-time. With <a rel="nofollow" href="https://www.sumologic.com/applications/">hundreds of app integrations</a> that support built-in queries and dashboards, including security tools from Cisco, Okta, Proofpoint, and Zscaler, threat visibility across your environment is easy to acquire.</p> <p>Configurable alert Monitors and robust operators help you quickly drill down to investigate root causes and remediate issues when a threat is detected.</p> <h3 class="wp-block-heading"><a></a>Enable application security throughout the CI/CD pipeline</h3> <div class="wp-block-image"> <figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="624" height="375" src="https://www.clouddatainsights.com/wp-content/uploads/2023/05/SMB-security-4.png" alt="" class="wp-image-3159" srcset="https://www.clouddatainsights.com/wp-content/uploads/2023/05/SMB-security-4.png 624w, https://www.clouddatainsights.com/wp-content/uploads/2023/05/SMB-security-4-300x180.png 300w" sizes="(max-width: 624px) 100vw, 624px" /><figcaption class="wp-element-caption"><strong>Enable application security throughout the CI/CD pipeline</strong> (<a href="https://www.sumologic.com/solutions/application-security/" target="_blank" rel="noreferrer noopener nofollow">Image source</a>)</figcaption></figure></div> <p>Cloud Security Analytics enables DevSecOps teams to monitor their entire CI/CD pipeline. In addition to integrations with popular DevOps tools like <a rel="nofollow" href="https://www.sumologic.com/application/gitlab-app/">GitLab</a>, <a rel="nofollow" href="https://www.sumologic.com/application/github/">GitHub</a>, and <a rel="nofollow" href="https://www.sumologic.com/application/jenkins/">Jenkins</a>, the platform can implement robust monitoring and alerting throughout your pipelines. For example, teams can monitor code repositories for malicious access and assess security policy configurations throughout their tech stacks.<br><br>>>For a deeper dive on integrating security throughout the software development life cycle, check out our free <a rel="nofollow" href="https://www.sumologic.com/brief/accelerate-your-sdlc-with-devsecops/">Accelerate and secure your SDLC with DevSecOps</a> ebook.</p> <h2 class="wp-block-heading"><a></a>Conclusion: Security needs to happen now</h2> <p>With the threats facing modern security teams, aspirational tooling for the one percent isn’t practical. Organizations need solutions that solve problems and prevent threats <em>now</em> with the resources teams have <em>today</em>. That means leveraging tools that address modern threats without breaking the bank or forcing your team to become experts on a specific platform. Additionally, Cloud Security Analytics can grow with your team to support advanced use cases like <a rel="nofollow" href="https://www.sumologic.com/solutions/cloud-siem-enterprise/">Cloud SIEM</a> and <a rel="nofollow" href="https://www.sumologic.com/solutions/cloud-soar/">Cloud SOAR</a> when the time comes.</p> <p><em>Sumo Logic’s Cloud Security Analytics solution, powered by logs, helps every team monitor their apps and secure their infrastructure across public cloud, multi-cloud and on-prem environments. To see what our cloud-native security platform can do for you, sign up for a <a href="https://www.sumologic.com/solutions/cloud-security-analytics/" rel="nofollow"><strong>free 30-day trial today</strong></a>!</em></p> <div class="saboxplugin-wrap" itemtype="http://schema.org/Person" itemscope itemprop="author"><div class="saboxplugin-tab"><div class="saboxplugin-gravatar"><img alt='Sumo Logic' src='https://secure.gravatar.com/avatar/2da2697e511b7fb3ea6e595bcbc8451d?s=100&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/2da2697e511b7fb3ea6e595bcbc8451d?s=200&d=mm&r=g 2x' class='avatar avatar-100 photo' height='100' width='100' itemprop="image"/></div><div class="saboxplugin-authorname"><a href="https://www.clouddatainsights.com/author/sumo-logic/" class="vcard author" rel="author"><span class="fn">Sumo Logic</span></a></div><div class="saboxplugin-desc"><div itemprop="description"></div></div><div class="clearfix"></div></div></div>]]></content:encoded> <wfw:commentRss>https://www.clouddatainsights.com/right-sizing-security-for-small-and-emerging-teams/feed/</wfw:commentRss> <slash:comments>0</slash:comments> <post-id xmlns="com-wordpress:feed-additions:1">3151</post-id> </item> <item> <title>Observing Transformation and Disruption in Data Management</title> <link>https://www.clouddatainsights.com/observing-transformation-and-disruption-in-data-management/</link> <comments>https://www.clouddatainsights.com/observing-transformation-and-disruption-in-data-management/#respond</comments> <dc:creator><![CDATA[Elisabeth Strenger]]></dc:creator> <pubDate>Mon, 10 Apr 2023 17:31:52 +0000</pubDate> <category><![CDATA[Cloud Strategy]]></category> <category><![CDATA[Governance]]></category> <category><![CDATA[data observability]]></category> <category><![CDATA[data reliability]]></category> <category><![CDATA[observability]]></category> <guid isPermaLink="false">https://www.clouddatainsights.com/?p=2657</guid> <description><![CDATA[Data observability is playing a new role in understanding and managing the economics of cloud data. At Gartner's Data & Analytics Summit, Acceldata’s CEO, Rohit Choudray, shared his observations on drivers of data observability's rapid ascent.]]></description> <content:encoded><![CDATA[<div class="wp-block-image"> <figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" src="https://www.clouddatainsights.com/wp-content/uploads/2023/04/data-reliability-2-Depositphotos_58126819_S.jpg" alt="" class="wp-image-2662" width="744" height="479" srcset="https://www.clouddatainsights.com/wp-content/uploads/2023/04/data-reliability-2-Depositphotos_58126819_S.jpg 992w, https://www.clouddatainsights.com/wp-content/uploads/2023/04/data-reliability-2-Depositphotos_58126819_S-300x193.jpg 300w, https://www.clouddatainsights.com/wp-content/uploads/2023/04/data-reliability-2-Depositphotos_58126819_S-768x494.jpg 768w" sizes="(max-width: 744px) 100vw, 744px" /><figcaption class="wp-element-caption"><em>Acceldata’s CEO, Rohit Choudray, talks data observability’s new role at Gartner’s Data & Analytics Summit.</em></figcaption></figure></div> <p>As more organizations are surprised by their cloud expenses, they seek to reign in utilization, but they want to do this wisely without limiting essential access to data. Data observability software provides a broad and deep view of data from its starting point in a data pipeline through its deployment and utilization as a data product.</p> <p>At the 2023 Gartner Data & Analytics Summit, Cloud Data Insights (CDI) had the chance to ask Rohit Choudhary, the CEO of Acceldata.io, to share his market insights gathered from customers’ priorities. He painted a clear picture of the drivers behind data observability and managing the cloud data footprint with an eye to cost optimization.</p> <p><em>(The interview has been revised for clarity and readability. See Rohit Choudharys bio at the end of this article.)</em></p> <p><strong>CDI: How have your customers’ needs or attitudes changed given current economic conditions and post-pandemic digital transformation?</strong></p> <div class="wp-block-image"> <figure class="alignright size-full is-resized"><img loading="lazy" decoding="async" src="https://www.clouddatainsights.com/wp-content/uploads/2023/04/rohit-Choudhary-1.png" alt="" class="wp-image-2659" width="199" height="149" srcset="https://www.clouddatainsights.com/wp-content/uploads/2023/04/rohit-Choudhary-1.png 796w, https://www.clouddatainsights.com/wp-content/uploads/2023/04/rohit-Choudhary-1-300x225.png 300w, https://www.clouddatainsights.com/wp-content/uploads/2023/04/rohit-Choudhary-1-768x575.png 768w" sizes="(max-width: 199px) 100vw, 199px" /><figcaption class="wp-element-caption"><em>Acceldata’s CEO, Rohit Choudhary</em></figcaption></figure></div> <p><strong>Choudhary: </strong>One of the silver linings in the current economic environment is the continued enterprise investment in data and analytics products. We expect this to continue for the rest of 2023. Early in January 2023, Gartner forecasted that worldwide IT spending will grow 2.4% in 2023, with a clear indication that enterprise IT spending remains strong. The software segment will be the fastest growing segment in 2023, with 9.3% YOY growth and spend hitting over $850 billion.</p> <p>Our customers, who are data leaders and represent data teams at Global 2000 enterprises, continue to invest more in new innovative solutions such as data observability. We’re also seeing a shift towards a more balanced and more pragmatic approach to these new investments. A few common trends include:</p> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>Tool consolidation and more interest in an integrated approach</li> <li>Focus on better performance</li> <li>Looking for value and strong ROI</li> <li>Hybrid deployment architecture</li> </ul> <p>Within our prospect base, we continue to see data quality-related challenges, an inability to address hybrid cloud observability use cases, the lack of technical talent, and the inability to use legacy tools.</p> <p>Given our customers’ goals, we are helping them fully understand the value of our platform with an ROI analysis for their use cases. And we have adopted a consultative partnership approach that starts with understanding customer pain points, product direction, and their desired business value before discussing solutions.</p> <p>We certainly monitor market trends closely. Our key to success has been focusing on delivering the right business outcomes associated with these trends. They also help us time the execution of a multi-year strategy for our unified data observability platform that eliminates the need for siloed tools.</p> <p><strong>CDI: Is there one recent trend that stands out in terms of its impact on customers?</strong></p> <p><strong>Choudhary: </strong>Cloud cost spend and optimization is a major challenge with cloud platforms today. The continued growth in cloud-based data platforms is resulting in modernization initiatives and is invariably leading to overspending and data-quality challenges.</p> <p>We believe Acceldata is well-positioned to address these challenges with our unified data observability platform, which eliminates the scale challenge that many of our customers face.</p> <p><strong>CDI: The direct connection between data observability and cost optimization might not be as obvious as types of observability. Could you explain how they relate to each other?</strong></p> <p><strong>Choudhary: </strong>The backdrop is that enterprises are collecting more data than ever before. And system complexity has increased way beyond anything that people can actually manage to deal with. Along with that, there is not enough talent. If you look at the fastest-growing job in North America, it’s either data scientist or data engineering. That means enterprises have less ability to administer systems manually. It also means that if there is a mistake made, that mistake is going to be very expensive.</p> <p>Consumption-based pricing gives you flexibility but not the ability to control your speed. So if there is user behavior, which is detrimental to your budget, then you will discover it the harsh way. A customer came and told us that one SQL query costs them $275,000. The numbers are staggering because every expensive mistake can literally cause a bank run on your enterprise budgets. Another issue behind costs is that as you’re trying to harmonize all the data that you brought into the company and then activate it for operations, marketing, or advertising, that’s actually causing more and more processing–more stress on your systems. Every time that you process and the results are not reliable, you have to reprocess, which at least doubles the costs for the same amount of work. So you have to monitor and put guardrails around user behavior to control costs.</p> <p><strong><em>See also:</em></strong><a href="https://www.rtinsights.com/using-data-observability-to-control-costs-increase-data-reliability-in-cloud-data-platforms/"> </a><a href="https://www.rtinsights.com/using-data-observability-to-control-costs-increase-data-reliability-in-cloud-data-platforms/" target="_blank" rel="noreferrer noopener">Using Data Observability to Control Costs</a></p> <p><strong>CDI: Some of what you describe might fall under infrastructure or application observability. How do you disambiguate these from data observability?</strong></p> <p><strong>Choudhary: </strong>Application observability is when you’re trying to look for trends in user experience–did the screen load up in 30 seconds? In the case of data observability, you’re monitoring the supply chain of data, which contains data that has originated in multiple different systems, including transaction data from applications, third-party data sources, which the enterprise goes and buys, and engagement systems where people are providing data. Now that has to be processed and transformed. It has to be made human-readable, and then it gets ready for consumption. Data observability has a complete focus on the state of the system, as opposed to the click of a button on the desktop or a touch on a mobile device. In addition to the data, you’re observing data products and outcomes.</p> <p>Observing is essential. It’s a foundation, but customers need a lot more such as ways to quickly identify problems and address them. Over a period of time, data observability will become crucial for all kinds of data management.</p> <p><strong>CDI: Mitigating the rising cost of cloud has grown to be a main theme at the 2023 Gartner Data & Analytics Summit. How are costs affecting your customers?</strong></p> <p><strong>Choudhary: </strong>In the last year or so, people are just getting surprised by the amount of money they pay for low latency, high-volume cloud, or high-volume data. Customers believe that they should be able to run an open source stack on an environment of their choosing, whether it is on-premises, private cloud, or public cloud, but it all depends on the business model.</p> <p><strong><em>See also:</em></strong> <a href="https://www.rtinsights.com/the-need-for-data-observability-in-todays-cloud-oriented-data-architectures/" target="_blank" rel="noreferrer noopener">The Need for Data Observability in Today’s Cloud-Oriented Architectures</a></p> <p>All the consumption use cases are headed toward the cloud, where the cost of a high volume of transactions can affect business fundamentals. An ad network, for example, might make only 20 cents on the dollar, so the infrastructure cost has to be 10% of that because it really affects your gross margin. And when your gross margins get affected, your share price gets affected, and your CEO or CFO level conversation is about how much money can be spent.</p> <p>AI brings up another example. Every company is going to try to become an AI company, but if you introduce AI into your product, you potentially may not remain a SaaS company because the gross margins will be completely eroded by the cost of cloud infrastructure.</p> <p>Now the total data supply chain is directed toward data and analytics. But in the next five years, 10% will be for machine learning and AI. But things have started progressing more quickly, so this might happen sooner.</p> <p><strong>CDI: What’s Acceldata’s area of focus for the coming year?</strong></p> <p><strong>Choudhary: </strong>Well, we are a very, very IP- and engineering-centric company. One of the unique differentiators of our company is that we keep looking at these problems as though they were our own. It’s the bane of an observability company to integrate [with many platforms and tools], but it’s also basically engineers in a candy store.</p> <p>The biggest initiatives that we ran in 2022 were essentially in scaling the data engine and reliability. The big change on the data reliability side, where reliability is giving quality a run for its money, is the way that structured data has completely disappeared, and analytics has to work with unstructured data. And if you look at the data supply chain, you know more data is coming.</p> <p><strong><em>See also:</em></strong> <a href="https://www.rtinsights.com/data-observabilitys-role-in-ensuring-data-reliability/" target="_blank" rel="noreferrer noopener">Data Observability’s Role in Ensuring Data Reliability</a></p> <p>One of our customers presented at our sales kickoff. They said that if you model data as hostile and go with that assumption after you run the entire process, it almost seems like the whole industry is ready for disruption.</p> <p><em><strong>Bio:</strong> Rohit Choudhary is the CEO and Co-Founder of <a href="https://www.acceldata.io/">Acceldata</a>, a San Jose-based startup that has developed a multidimensional Data Observability Cloud to help enterprises observe and optimize modern data systems and maximize return on data investment. Prior to Acceldata, Choudhary served as Director of Engineering at Hortonworks, where he led the development of Dataplane Services, Ambari, and Zeppelin, among other products. While at Hortonworks, Rohit was inspired to start Acceldata after repeatedly witnessing his customers’ multi-million dollar data initiatives fail despite employing the latest data technologies and experienced teams of data experts.</em></p> <p><em>Rohit previously founded Appsterix, which was acquired by 24(7) Labs. He served as an engineering leader at 24(7) after Appsterix’s acquisition and also spent time managing engineering teams at Inmobi. Choudhary specializes in developing and scaling products and building and managing high-performance teams. He is based in Silicon Valley and earned his Bachelor of Engineering from SJCE in Mysore, India.</em></p> <div class="saboxplugin-wrap" itemtype="http://schema.org/Person" itemscope itemprop="author"><div class="saboxplugin-tab"><div class="saboxplugin-gravatar"><img alt='Elisabeth Strenger' src='https://secure.gravatar.com/avatar/d42bdc4339b8a684f54ad42d3ac0accb?s=100&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/d42bdc4339b8a684f54ad42d3ac0accb?s=200&d=mm&r=g 2x' class='avatar avatar-100 photo' height='100' width='100' itemprop="image"/></div><div class="saboxplugin-authorname"><a href="https://www.clouddatainsights.com/author/estrenger/" class="vcard author" rel="author"><span class="fn">Elisabeth Strenger</span></a></div><div class="saboxplugin-desc"><div itemprop="description"><p>Elisabeth Strenger is a Senior Technology Writer at <a href="https://www.clouddatainsights.com/">CDInsights.ai</a>.</p> </div></div><div class="clearfix"></div></div></div>]]></content:encoded> <wfw:commentRss>https://www.clouddatainsights.com/observing-transformation-and-disruption-in-data-management/feed/</wfw:commentRss> <slash:comments>0</slash:comments> <post-id xmlns="com-wordpress:feed-additions:1">2657</post-id> </item> <item> <title>Cloud Governance Primer: What You Need to Know Now</title> <link>https://www.clouddatainsights.com/cloud-governance-primer-what-you-need-to-know-now/</link> <comments>https://www.clouddatainsights.com/cloud-governance-primer-what-you-need-to-know-now/#respond</comments> <dc:creator><![CDATA[Elizabeth Wallace]]></dc:creator> <pubDate>Mon, 16 Jan 2023 16:15:20 +0000</pubDate> <category><![CDATA[Governance]]></category> <category><![CDATA[cloud governance]]></category> <category><![CDATA[cloud infrastructure]]></category> <category><![CDATA[Cloud strategy]]></category> <category><![CDATA[observability]]></category> <guid isPermaLink="false">https://www.clouddatainsights.com/?p=2222</guid> <description><![CDATA[Organizations can't apply traditional governance approaches to the cloud and be successful. Here's what to consider in cloud governance.]]></description> <content:encoded><![CDATA[<div class="wp-block-image"> <figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" src="https://www.clouddatainsights.com/wp-content/uploads/2023/01/Depositphotos_197863348_S.jpg" alt="" class="wp-image-2224" width="750" height="500" srcset="https://www.clouddatainsights.com/wp-content/uploads/2023/01/Depositphotos_197863348_S.jpg 1000w, https://www.clouddatainsights.com/wp-content/uploads/2023/01/Depositphotos_197863348_S-300x200.jpg 300w, https://www.clouddatainsights.com/wp-content/uploads/2023/01/Depositphotos_197863348_S-768x512.jpg 768w, https://www.clouddatainsights.com/wp-content/uploads/2023/01/Depositphotos_197863348_S-930x620.jpg 930w" sizes="(max-width: 750px) 100vw, 750px" /><figcaption class="wp-element-caption"><em>Cloud governance is more than applying traditional security policies to the cloud. Organizations need to “think in the cloud.”</em></figcaption></figure></div> <p>A comprehensive security strategy is an essential pillar of a company’s operational strategy—likely, no one would disagree with this. However, a <a href="https://ermetic.com/blog/cloud/state-of-cloud-security-2021-more-aware-yet-very-exposed" target="_blank" rel="noreferrer noopener">2021 IDC study</a> commissioned by cloud infrastructure security platform, Ermetic, found that an unbelievable 98% of companies experienced at least one cloud data breach during the 18 months before the survey. Cloud governance is now a significant component of any company’s comprehensive security strategy and will continue to grow in importance. Here’s what companies need to know.</p> <p>See also: <a href="https://www.clouddatainsights.com/data-governance-why-its-fundamental-and-how-to-implement-an-effective-strategy/">Data Governance: Why It’s Fundamental and How to Implement an Effective Strategy</a></p> <h3 class="wp-block-heading">What is cloud governance? </h3> <p>Cloud governance is the set of policies, procedures, and standards an organization implements to ensure the security of all cloud resources. It includes:</p> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>Data privacy</li> <li>Compliance with regulations</li> <li>Resource allocation</li> <li>Cost management</li> <li>Security and access control</li> </ul> <p>These policies ensure all parties use cloud resources in ways that align with business goals, optimize performance, and minimize risk. These policies matter beyond avoiding security breaches. They enable teams to collaborate—even across massively distributed workforces that include remote workers. Companies might even reduce the chances of unexpected cloud costs. And clear policies help to drive value, ensuring companies actually see a return on their cloud investments.</p> <h3 class="wp-block-heading">Traditional governance versus the cloud</h3> <p>As companies shift operations from on-premises systems to the cloud or create a hybrid environment, it might be tempting to apply traditional governance approaches to the entire system. This won’t work and leaves companies with critical vulnerabilities. Here are some of the most significant differences:</p> <h4 class="wp-block-heading">Complexity</h4> <p>Traditional systems were slow to expand or contract and included on-premises systems the company controlled. Cloud environments are more dynamic and full of ephemeral resources designed for rapid scaling and resource deployment. This can make governance policies more challenging to enforce consistently.</p> <p>In addition, companies must consider hybrid and multi-cloud environments. An effective strategy must consider the requirements and needs of different cloud environments, both public and private.</p> <h4 class="wp-block-heading">Shared responsibility</h4> <p>In the cloud, providers and customers share the responsibilities of security, compliance, and management of resources. In traditional IT environments, the responsibility lies with the organization. Companies must ensure proper access controls for all cloud resources so that only authorized users can reach cloud resources.</p> <p>Typically, cloud service providers are responsible for ensuring that their hardware and infrastructure are using security best practices and the latest updates. However, companies themselves must set sufficient access controls that allow optimized workflows without allowing just anyone in. This can be a challenge because of the dynamic environment of the cloud.</p> <h4 class="wp-block-heading">Observability</h4> <p>Unfortunately, true visibility into the entire cloud environment is a significant challenge. Cloud environments often rely heavily on automation and self-service capabilities, making it more difficult to maintain visibility and control over cloud resources without a clear dashboard or well-established documentation in place. Cloud governance usually focuses on the infrastructure and services because of the need to look closely at the automations and services running tasks. Traditional governance focuses on the organization’s IT strategy and risk management in a more static environment.</p> <p>Although many companies are migrating to the cloud to control costs, cloud environments can be more expensive to operate than traditional IT environments. Without clear observability, cloud costs can quickly spiral out of control. Cloud governance must be able to manage and optimize costs.</p> <h3 class="wp-block-heading">Recent breakthroughs in cloud-native governance</h3> <p>New achievements can help make governance more straightforward despite complexity. Some of these breakthroughs are:</p> <ol class="nv-cv-d nv-cv-m wp-block-list"> <li><strong>Automation tools</strong>: Many cloud governance tools now leverage automation. For example, machine learning algorithms and artificial intelligence can automate policy enforcement and resource management, learn from each incident, and offer actionable next steps that reduce false positives and mitigate risk.</li> <li><strong>Governance as Code</strong>: This approach allows for the definition, enforcement, and management of cloud governance policies through code. This enables organizations to apply governance consistently and at scale across their cloud environments without relying heavily on manual monitoring and response.</li> <li><strong>Cloud-native governance</strong>: With the rise of cloud-native applications and services, there is an increasing focus on native cloud governance solutions built specifically for cloud environments. These can be integrated with other cloud-native services and tools and build cloud idiosyncrasies into the tool or service.</li> </ol> <h3 class="wp-block-heading">Checklist: 7 steps for better cloud utilization</h3> <p>Companies embarking on a cloud governance strategy will need to take full stock of their entire ecosystem. It might be a single cloud housing specific data, a multi-cloud environment spread across an enterprise, or a hybrid cloud setup designed to modernize IT infrastructure without decommissioning legacy systems. Context is important. From there, these steps can help companies begin.</p> <ol class="nv-cv-d nv-cv-m wp-block-list"> <li><strong>Develop a new cloud governance strategy that matches the cloud environment without recycling traditional governance</strong>: This includes setting goals, identifying key stakeholders, and outlining the policies, procedures, and standards that will be used.</li> <li><strong>Define roles and responsibilities</strong>: Organizations should clearly define the roles and responsibilities of different teams and individuals. Users need access to do their work, but companies must remember the shared responsibility of the cloud.</li> <li><strong>Implement automation and management tools</strong>: Organizations should implement automation and management tools to help them monitor and enforce governance policies, as well as provide visibility into cloud usage and costs.</li> <li><strong>Conduct regular audits and reviews:</strong> Regular audits and reviews ensure that their cloud resources are being used in compliance with governance policies and standards. This can be easier with automated documentation.</li> <li><strong>Communicate and educate</strong>: Organizations should communicate the importance of cloud governance to all stakeholders and provide training and education to help employees understand the policies and procedures that are in place.</li> <li><strong>Remain flexible:</strong> Organizations should be flexible and adaptable to change, as the cloud computing landscape is constantly evolving and new challenges and opportunities may arise.</li> </ol> <h3 class="wp-block-heading">Cloud strategy requires a new way of thinking</h3> <p>Traditional governance strategies can’t encompass everything the cloud requires. Companies must consider the new environment of the cloud to build governance that addresses its unique characteristics. Tackling the problem from the beginning and keeping a flexible mindset can be a strong step toward helping organizations the most from their cloud strategy.</p> <div class="saboxplugin-wrap" itemtype="http://schema.org/Person" itemscope itemprop="author"><div class="saboxplugin-tab"><div class="saboxplugin-gravatar"><img loading="lazy" decoding="async" src="https://www.clouddatainsights.com/wp-content/uploads/2022/05/Elizabeth-Wallace-RTInsights-141x150-1.jpg" width="100" height="100" alt="" itemprop="image"></div><div class="saboxplugin-authorname"><a href="https://www.clouddatainsights.com/author/elizabeth-wallace/" class="vcard author" rel="author"><span class="fn">Elizabeth Wallace</span></a></div><div class="saboxplugin-desc"><div itemprop="description"><p>Elizabeth Wallace is a Nashville-based freelance writer with a soft spot for data science and AI and a background in linguistics. She spent 13 years teaching language in higher ed and now helps startups and other organizations explain – clearly – what it is they do.</p> </div></div><div class="clearfix"></div></div></div>]]></content:encoded> <wfw:commentRss>https://www.clouddatainsights.com/cloud-governance-primer-what-you-need-to-know-now/feed/</wfw:commentRss> <slash:comments>0</slash:comments> <post-id xmlns="com-wordpress:feed-additions:1">2222</post-id> </item> <item> <title>Observability Stats You Need to Know in 2023</title> <link>https://www.clouddatainsights.com/observability-stats-you-need-to-know-in-2023/</link> <comments>https://www.clouddatainsights.com/observability-stats-you-need-to-know-in-2023/#respond</comments> <dc:creator><![CDATA[Elisabeth Strenger]]></dc:creator> <pubDate>Mon, 05 Dec 2022 01:25:15 +0000</pubDate> <category><![CDATA[Cloud Strategy]]></category> <category><![CDATA[Governance]]></category> <category><![CDATA[observability]]></category> <guid isPermaLink="false">https://www.clouddatainsights.com/?p=2041</guid> <description><![CDATA[As we try to understand observability and see what it means for our own organizations, taking a look at some of the facts and stats will shed some much-needed light on this evolving and essential area.]]></description> <content:encoded><![CDATA[ <p>Anyone doing research on observability has seen that it’s in the early stages of formation: definitions are unclear, with vendors staking their claim on the market by bending the definition to showcase their solution. There is a degree of “observability-washing” as software and service providers use the term to describe elements of it, such as logging or automated alerts. Then there are the organizational aspects to clarify: Who owns it? Who does it? Who pays for it? </p> <p>Even more fundamental is the disagreement over what we are observing–applications, infrastructure, data, network, or all of the above. One thing is clear though, observability is a top area for technology investments in the coming years.</p> <p>As we try to understand observability and see what it means for our own organizations, taking a look at some of the facts and stats will shed some much-needed light on this evolving and essential area.</p> <p>Areas we are highlighting here include:</p> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>Adoption</li> <li>Impact</li> <li>Organizational Structure</li> <li>Technology</li> </ul> <h2 class="wp-block-heading">Observability Stats on Adoption in the Enterprise</h2> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>The observability market is forecasted to reach $2B by 2026, growing from $278M in 2022 (<a href="https://www.gigamon.com/company/news-and-events/newsroom/650-group-deep-observability-market-forecast.html#:~:text=Deep%20Observability%20Market%20Forecasted%20to,to%20%242B%2C%20by%202026">650 Group</a>, 2022) </li> <li>90% of IT professionals believe observability is important and strategic to their business, but only 26% said their observability practice was mature. 50% are currently implementing observability. (<a href="https://newrelic.com/sites/default/files/2021-10/New_Relic_Report_2021_Observability_Forecast.pdf">New Relic</a>, 2021)</li> <li>91% of IT decision makers see observability as critical at every stage of the software lifecycle, citing the biggest benefits to planning and operations. (<a href="https://newrelic.com/sites/default/files/2021-10/New_Relic_Report_2021_Observability_Forecast.pdf">New Relic</a>, 2021) </li> <li>Most ETR study respondents said they used application performance monitoring tools, with database monitoring tools coming a distant second. Digital experience monitoring was the least common use case. (<a href="https://wikibon.com/breaking-analysis-cutting-noise-full-stack-observability/">ETR</a>, 2021) </li> </ul> <h2 class="wp-block-heading">Observability Statistics on Business Impact</h2> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>Advanced observability deployments can cut downtime costs by 90 percent, keeping costs down to $2.5M annually versus $23.8 million for observability beginners. (<a href="https://www.splunk.com/en_us/form/state-of-observability.html">Enterprise Strategy Group</a>, 2022)</li> <li>These are the perceived benefits of implementing an observability practice: </li> </ul> <figure class="wp-block-image size-full"><img loading="lazy" decoding="async" width="825" height="461" src="https://www.clouddatainsights.com/wp-content/uploads/2022/11/strategic_benefits_unified_observability_idc.png" alt="" class="wp-image-2045" srcset="https://www.clouddatainsights.com/wp-content/uploads/2022/11/strategic_benefits_unified_observability_idc.png 825w, https://www.clouddatainsights.com/wp-content/uploads/2022/11/strategic_benefits_unified_observability_idc-300x168.png 300w, https://www.clouddatainsights.com/wp-content/uploads/2022/11/strategic_benefits_unified_observability_idc-768x429.png 768w" sizes="(max-width: 825px) 100vw, 825px" /></figure> <p><a href="https://www.riverbed.com/sites/default/files/file/2022-07/idc-survey-unified-observability.pdf">Image Source</a></p> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>More than 70% of respondents believe that unified observability is critical to delivering the best possible digital experiences for customers and employees. (<a href="https://www.riverbed.com/sites/default/files/file/2022-07/idc-survey-unified-observability.pdf">IDC</a>, 2022) Note that digital experience monitoring was the least common use case when tools usage was surveyed. Observability to ensure availability is a critical element of CX: 40% of users will abandon a website that takes longer than three seconds to load. And 53%will abandon a mobile app that fails to load in three seconds. (<a href="https://www.clouddatainsights.com/why-continuous-availability-matters-for-cloud-adoption/">Cloud Data Insights</a>, 2022)</li> <li>Companies that have mastered observability <strong>released 60% more products or revenue streams</strong> from AppDev teams than observability beginners. (<a href="https://www.splunk.com/en_us/form/state-of-observability.html">Enterprise Strategy Group</a>, 2022) </li> <li>75% of CISOs within financial services organizations say <a href="https://www.dynatrace.com/news/blog/what-is-vulnerability-management/">vulnerability management</a> has become more difficult as the need to accelerate digital transformation has increased. (<a href="https://www.dynatrace.com/news/blog/observability-and-security-must-converge-as-finance-sector-goes-cloud-first/">Dynatrace</a>, 2022)</li> <li>According to <a href="http://nemertes.com">Nemertes Research</a>, an enterprise is considered successful if its MTTC is 20 minutes or less. IBM reported that the average was about 277 days. (<a href="https://www.ibm.com/reports/data-breach">IBM</a>, 2022)</li> <li>Organizations using AI and automation had a 74-day shorter breach lifecycle and saved an average of USD 3 million more than those without. (<a href="https://www.ibm.com/reports/data-breach">IBM</a>, 2022)</li> <li>Observability leaders report a 69% better mean time to resolution for unplanned downtime or performance degradation. (<a href="https://www.splunk.com/en_us/form/state-of-observability.html">Enterprise Strategy Group</a>, 2022)</li> </ul> <h2 class="wp-block-heading">Data on Organizational Structures</h2> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>63% of security analysts call out lack of visibility into the network and infrastructure as a stressor. (<a href="https://zkresearch.com/research/2021-state-of-aiops-study/">Ponemon Research</a>, 2021) </li> <li>Just 31% of security teams can access a fully accurate, continuously updated report of every application and code library running in production in real time. (<a href="https://www.dynatrace.com/news/blog/observability-and-security-must-converge-as-finance-sector-goes-cloud-first/">Dynatrace</a>, 2022)</li> <li>39% of CIOs said that siloed teams make it harder to understand whether the IT stack is delivering the service levels that are anticipated or required for business success. (<a href="https://assets.dynatrace.com/en/docs/report/2021-global-cio-report-dynatrace.pdf">Dynatrace</a>, 2021)</li> <li>94% of all IT respondents, regardless of title, said that observability is important to their role. (<a href="https://newrelic.com/sites/default/files/2021-10/New_Relic_Report_2021_Observability_Forecast.pdf">New Relic</a>, 2021)</li> <li>38% of organizations report that their SecOps team uses observability tools (<a href="https://www.riverbed.com/sites/default/files/file/2022-07/idc-survey-unified-observability.pdf">IDC</a>, 2022)</li> <li>Only 25% said that Site reliability engineering used observability solutions. 57% said that IT Ops did. (<a href="https://www.riverbed.com/sites/default/files/file/2022-07/idc-survey-unified-observability.pdf">IDC</a>, 2022) </li> </ul> <h2 class="wp-block-heading">Observability Stats: Technology</h2> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>72% noted having to toggle between at least two and 13% between ten different tools to monitor the health of their systems. (<a href="https://www.riverbed.com/sites/default/files/file/2022-07/idc-survey-unified-observability.pdf">IDC</a>, 2022)</li> <li>35% of IT professionals said that innovation is needed in streaming data, sometimes known as observability data pipelines or observability data management. (<a href="https://go.era.co/state-of-observability">ERA</a>, 2022)</li> <li>71% of companies believe their observability data (metrics, logs, traces) is growing at a concerning rate. (<a href="https://chronosphere.io/learn/esg-report-managing-the-exploding-volumes-of-observability-data/">Enterprise Strategy Group</a>, 2022) </li> <li>Logging data comes from a range of sources:</li> </ul> <figure class="wp-block-image"><img decoding="async" src="https://lh6.googleusercontent.com/0qTgxjbkpmkbu-GQGXcJzldD71oXh8jiVP1L4vXa-K-CvSaCb5GBCBPJVffSIuAw3WY5lQ_YWOmadKQWt-BwiJoelhFwvoN5vZ6ak71rnaraTummx7ZDup5_2mw1jkQ6W9xWZtwxDifh-hFjv_bOSI1JDhfzRdjfkbSqD3Le-yXdCTgEYAmuhC_I6cMVHA" alt=""/></figure> <p><a href="https://era.co/blog/2022-state-of-observability-blog">Image Source</a></p> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>43% of organizations align observability with an ability to collect and analyze just four types of telemetry [(metrics, events, logs, traces), and 41% of organizations align observability with DevOps tools and practices for only application performance management IDC (<a href="https://www.riverbed.com/sites/default/files/file/2022-07/idc-survey-unified-observability.pdf">IDC</a>, 2022)</li> </ul> <ul class="nv-cv-d nv-cv-m wp-block-list"> <li>60% of IT and software engineers agree that most monitoring tools serve narrow<br>requirements and fail to enable a unified and complete view into current operating conditions (<a href="https://www.riverbed.com/sites/default/files/file/2022-07/idc-survey-unified-observability.pdf">IDC</a>, 2022)</li> <li>55% of organizations are using AIOps for observability for both network and security (<a href="https://zkresearch.com/research/2021-state-of-aiops-study/">ZK Research</a>, 2021)</li> </ul> <p>Learn more in our <a href="https://www.clouddatainsights.com/?s=observability">Observability section</a>. </p> <div class="saboxplugin-wrap" itemtype="http://schema.org/Person" itemscope itemprop="author"><div class="saboxplugin-tab"><div class="saboxplugin-gravatar"><img alt='Elisabeth Strenger' src='https://secure.gravatar.com/avatar/d42bdc4339b8a684f54ad42d3ac0accb?s=100&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/d42bdc4339b8a684f54ad42d3ac0accb?s=200&d=mm&r=g 2x' class='avatar avatar-100 photo' height='100' width='100' itemprop="image"/></div><div class="saboxplugin-authorname"><a href="https://www.clouddatainsights.com/author/estrenger/" class="vcard author" rel="author"><span class="fn">Elisabeth Strenger</span></a></div><div class="saboxplugin-desc"><div itemprop="description"><p>Elisabeth Strenger is a Senior Technology Writer at <a href="https://www.clouddatainsights.com/">CDInsights.ai</a>.</p> </div></div><div class="clearfix"></div></div></div>]]></content:encoded> <wfw:commentRss>https://www.clouddatainsights.com/observability-stats-you-need-to-know-in-2023/feed/</wfw:commentRss> <slash:comments>0</slash:comments> <post-id xmlns="com-wordpress:feed-additions:1">2041</post-id> </item> <item> <title>Cloud Performance Management Market Will Double</title> <link>https://www.clouddatainsights.com/cloud-performance-management-market-will-double/</link> <comments>https://www.clouddatainsights.com/cloud-performance-management-market-will-double/#respond</comments> <dc:creator><![CDATA[Elizabeth Wallace]]></dc:creator> <pubDate>Fri, 07 Oct 2022 17:35:18 +0000</pubDate> <category><![CDATA[Cloud Strategy]]></category> <category><![CDATA[Security]]></category> <category><![CDATA[observability]]></category> <category><![CDATA[performance]]></category> <guid isPermaLink="false">https://www.clouddatainsights.com/?p=1909</guid> <description><![CDATA[Businesses will look to performance management tools to ensure efficiency and consistency across all regions of the enterprise.]]></description> <content:encoded><![CDATA[<div class="wp-block-image"> <figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" src="https://www.clouddatainsights.com/wp-content/uploads/2022/10/performance-management-Depositphotos_123499066_S.jpg" alt="" class="wp-image-1910" width="500" height="375" srcset="https://www.clouddatainsights.com/wp-content/uploads/2022/10/performance-management-Depositphotos_123499066_S.jpg 1000w, https://www.clouddatainsights.com/wp-content/uploads/2022/10/performance-management-Depositphotos_123499066_S-300x225.jpg 300w, https://www.clouddatainsights.com/wp-content/uploads/2022/10/performance-management-Depositphotos_123499066_S-768x576.jpg 768w" sizes="(max-width: 500px) 100vw, 500px" /><figcaption>Businesses will look to performance management tools to ensure efficiency and consistency across all regions of the enterprise.</figcaption></figure></div> <p>The cloud performance management market will more than double over the next five years, according to a report released from <a href="https://www.marketsandmarkets.com/Market-Reports/cloud-performance-management-market-239116385.html?utm_source=Prnewswire&utm_medium=Referral&utm_campaign=PaidPR" target="_blank" rel="noreferrer noopener">MarketsandMarkets</a>. Currently worth $1.5 billion, the report expects 2027 to bring a worth of at least $3.9 billion if trends continue.</p> <p><a></a>Cloud performance management will be of particular interest to enterprises of more than 1000 employees. Currently, these businesses grapple with changing regulations, the complexity of cloud architecture, and massive data stores. They will look to performance management tools to ensure efficiency and consistency across all regions of the enterprise.</p> <p>Cloud Monitoring as a Service will be the most likely route for many of these enterprises. CMaaS offers vigilant and consistent 24-hour monitoring with security best practices and access to experts in the field that enterprises outside big tech may not have. Because of this, this service could provide a great deal of clarity for the enterprise as its cloud operations evolve.</p> <p><strong>See also: </strong><a href="https://www.clouddatainsights.com/finops-becomes-more-important-as-cloud-spending-grows/" target="_blank" rel="noreferrer noopener">FinOps Becomes More Important as Cloud Spending Grows</a></p> <p><a></a><strong>Banking, Finance, and Insurance, especially in APAC, are expected to have the most significant interest</strong></p> <p>BFSI needs consistent security protocols to remain compliant with changing regulations. They’re prime customers for cloud performance management. As they seek to avoid vendor lock-in, they could find themselves carrying the weight of a complex cloud ecosystem that requires performance management tools to monitor fully.</p> <p>The vertical is already expected to carry a large portion of the market interest. In addition, those in Asia Pacific could experience the highest growth, signaling an increasing trend in the area for both cloud adoption and new solutions to help manage the load.</p> <p>In addition, massive investment from tech leaders in the area will most likely lead to significant gains in adoption in the region. It’s a natural progression from one to the other. With increased urbanization worldwide, the digital transformation of governments, and emphasis on smart cities and ESG benchmarks, cloud performance management fits right in.</p> <div class="saboxplugin-wrap" itemtype="http://schema.org/Person" itemscope itemprop="author"><div class="saboxplugin-tab"><div class="saboxplugin-gravatar"><img loading="lazy" decoding="async" src="https://www.clouddatainsights.com/wp-content/uploads/2022/05/Elizabeth-Wallace-RTInsights-141x150-1.jpg" width="100" height="100" alt="" itemprop="image"></div><div class="saboxplugin-authorname"><a href="https://www.clouddatainsights.com/author/elizabeth-wallace/" class="vcard author" rel="author"><span class="fn">Elizabeth Wallace</span></a></div><div class="saboxplugin-desc"><div itemprop="description"><p>Elizabeth Wallace is a Nashville-based freelance writer with a soft spot for data science and AI and a background in linguistics. She spent 13 years teaching language in higher ed and now helps startups and other organizations explain – clearly – what it is they do.</p> </div></div><div class="clearfix"></div></div></div>]]></content:encoded> <wfw:commentRss>https://www.clouddatainsights.com/cloud-performance-management-market-will-double/feed/</wfw:commentRss> <slash:comments>0</slash:comments> <post-id xmlns="com-wordpress:feed-additions:1">1909</post-id> </item> <item> <title>Observability: Key to Managing Complex Infrastructures</title> <link>https://www.clouddatainsights.com/observability-key-to-managing-complex-infrastructures/</link> <comments>https://www.clouddatainsights.com/observability-key-to-managing-complex-infrastructures/#respond</comments> <dc:creator><![CDATA[Salvatore Salamone]]></dc:creator> <pubDate>Thu, 29 Sep 2022 16:29:54 +0000</pubDate> <category><![CDATA[Cloud Strategy]]></category> <category><![CDATA[Governance]]></category> <category><![CDATA[AIOps]]></category> <category><![CDATA[observability]]></category> <guid isPermaLink="false">https://www.clouddatainsights.com/?p=1508</guid> <description><![CDATA[Modern infrastructures have a greater need for network visibility, observability, and ultimately the automation of network management functions.]]></description> <content:encoded><![CDATA[<div class="wp-block-image"> <figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" src="https://www.clouddatainsights.com/wp-content/uploads/2022/09/observability-Depositphotos_202894396_s-2019-370x231-1.jpg" alt="" class="wp-image-1865" width="640" height="399" srcset="https://www.clouddatainsights.com/wp-content/uploads/2022/09/observability-Depositphotos_202894396_s-2019-370x231-1.jpg 370w, https://www.clouddatainsights.com/wp-content/uploads/2022/09/observability-Depositphotos_202894396_s-2019-370x231-1-300x187.jpg 300w" sizes="(max-width: 640px) 100vw, 640px" /><figcaption><em>Modern infrastructures have a greater need for network visibility, observability, and ultimately the automation of network management functions.</em></figcaption></figure></div> <p>Network and corporate infrastructures are ever-so more important today as companies deploy new applications and undergo digital transformations. As such, there is a greater need for network visibility, observability, and ultimately the automation of network management functions.</p> <p>Perhaps the biggest current change in network management is its role in aligning IT and business objectives. Network managers need real-time insights about their operations to ensure the infrastructure supports the needs of the business. To accomplish this, they need awareness and continuous monitoring. Specifically, they must monitor and collect real-time network status information of the underlying systems used to meet the business objective.</p> <p>That information can be used to dynamically optimize network resources (using real-time status information) to ensure the network delivers the performance and availability needed for the specific business goal.</p> <p>Currently, many organizations are transitioning from traditional reactive network management approaches to more proactive methods. An example of how the different network management techniques work is how each would ensure an executive video conference goes off without a hitch. In the succession of network management strategies:</p> <ul class="wp-block-list"><li>The traditional approach to network management would be to wait for an angry call from executives complaining about the poor quality of their call. Next, an IT manager would use troubleshooting tools to identify the problem. And then make changes (perhaps increase the site’s bandwidth before the next call is made).</li><li>A more proactive approach would spot an increase in dropped or resent packets and other indicators of a poor video conferencing session and take corrective actions in real-time. For example, an IT manager could instruct a router or other edge device to give the video conferencing traffic more bandwidth or assign a lower priority to traffic from other users.</li><li>A more holistic approach would identify the business goal (a high-quality executive video conferencing session at 10 a.m. Monday), translate that into commands that configure the hardware to control bandwidth during the call, monitor the activity of other users and applications that are consuming great amounts of bandwidth, and dynamically adjust bandwidth to the executives while controlling bandwidth used by others. </li></ul> <p><strong>See also:</strong> <a href="https://www.rtinsights.com/4-key-trends-in-monitoring-and-observability/" target="_blank" rel="noreferrer noopener">4 Key Trends in Monitoring and Observability</a></p> <h3 class="wp-block-heading"><strong>Complexity requires observability and AIOps</strong></h3> <p>Until recently, network infrastructures were relatively static. Physical boundaries separated the corporate network that contained most end-user applications, data, and services within the LAN and WAN. Thus, from a network perspective, if the network devices were up and pushing packets, relatively little added visibility was required. <a href="https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol" target="_blank" rel="noreferrer noopener">SNMP</a>, ping, traceroute, and Syslog reporting were all that was needed.</p> <p>The use of cloud-based resources (applications, compute power, infrastructure, and more) makes network management more challenging. Visibility gaps in network monitoring and alerting tools arise with networks now stretching into third-party managed infrastructure-as-a-service (IaaS) clouds and apps/data moving into platform-as-a-service (PaaS) and SaaS environments.</p> <p>What’s needed is more monitoring and alerting capabilities. However, such capabilities can add to the workload of an already busy network administrator. That is why the industry is undergoing a shift away from separate network, application, and device monitoring tools to a more inclusive approach of artificial intelligence (AI) for IT operations (<a href="https://www.rtinsights.com/tag/aiops/" target="_blank" rel="noreferrer noopener">AIOps</a>).</p> <p>Modern monitoring and observability platforms offer many of these benefits. AIOps platforms combine traditional monitoring tools with streaming telemetry. They analyze all of the data to spot anomalies, derive insights, and make predictive assessments of the state of the systems. They analyze each data source and correlate multiple anomalies to automate the identification of problems while also providing detailed information about the potential source of and problem. Thus, if a modern monitoring and observability platform, enabled by AI, is properly implemented, it provides more visibility into potential problems and eliminates many manual troubleshooting and remediation tasks.</p> <div class="saboxplugin-wrap" itemtype="http://schema.org/Person" itemscope itemprop="author"><div class="saboxplugin-tab"><div class="saboxplugin-gravatar"><img loading="lazy" decoding="async" src="https://www.clouddatainsights.com/wp-content/uploads/2022/05/sal-headshot-150x150-1.webp" width="100" height="100" alt="" itemprop="image"></div><div class="saboxplugin-authorname"><a href="https://www.clouddatainsights.com/author/ssalamone/" class="vcard author" rel="author"><span class="fn">Salvatore Salamone</span></a></div><div class="saboxplugin-desc"><div itemprop="description"><p>Salvatore Salamone is a physicist by training who has been writing about science and information technology for more than 30 years. During that time, he has been a senior or executive editor at many industry-leading publications including High Technology, Network World, Byte Magazine, Data Communications, LAN Times, InternetWeek, Bio-IT World, and Lightwave, The Journal of Fiber Optics. He also is the author of three business technology books.</p> </div></div><div class="clearfix"></div></div></div>]]></content:encoded> <wfw:commentRss>https://www.clouddatainsights.com/observability-key-to-managing-complex-infrastructures/feed/</wfw:commentRss> <slash:comments>0</slash:comments> <post-id xmlns="com-wordpress:feed-additions:1">1508</post-id> </item> </channel> </rss>