Survey: Observability tools can create more resilient, secure networks

IT leaders are investing in observability technologies that can help them gain greater visibility beyond internal networks and build more resilient environments, according to recent research from Splunk.

Splunk, which Cisco announced it would acquire for $28 billion, surveyed 1,750 observability practitioners to gauge investment and deployment of observability products as well as commitment to observability projects within their IT environments. According to the vendor’s State of Observability 2023 report, 87% of respondents now employ specialists who work exclusively on observability projects.

In the big picture, observability plans are part of a larger effort among many IT leaders who are working toward building more resilient environments that can recover quickly from incidents and remediating security threats faster.

Both Splunk and Cisco offer products that can deliver greater visibility into enterprise environements. Splunk’s software platform is known for its ability to search, monitor, and analyze data from a variety of systems spanning network and security components. Cisco expects to bring those capabilities and more to its security portfolio. Cisco also offers observability capabilities through its ThousandEyes division.

“Our combined capabilities will create an end-to-end data platform to enhance digital resiliency,” Chuck Robbins, chair and CEO of Cisco, told analysts during a call about Cisco’s Splunk acquisition, which is set to close by the third quarter of 2024.

In the Splunk survey, 79% of respondents say they fear that failure to become resilient will cause them to lose customers due to an outage, and 74% report that they worry they will be out innovated by competitors due to lost productivity. In addition, “95% of respondents say that their observability leaders are actively collaborating more with line-of-business leaders on resilience strategies, priorities, and investments than just a year ago,” the report states.

Other factors that are driving organizations to seek greater visibility include multi-cloud environments, hybrid work, and the convergence of networking and security operations.

“Organizations that build a rich observability practice have more visibility into their interwoven environments, which translates into fewer outages, faster issue resolution, greater confidence in their apps’ reliability — and, ultimately, more revenue and happier customers,” the report states.

Digital resilience efforts are growing but inconsistent, according to the survey results. For instance, 40% of respondents have a formal approach to resilience that has been instituted organization-wide, while another 40% have a formal approach that has only been instituted in pockets. Some 16% have a formal approach to resilience that has yet to be instituted, and 4% do not have a formal approach to resilience.           

IT leaders believe that if they can build a more resilient digital environment, they can also:

• Recover customers and user services faster.
• Respond and remediate security incidents quicker.
• Gain visibility throughout the entire technology environment.
• Combine resilience efforts with traditional business continuity preparation.
• Understand the downstream impact of security incidents.

Tools overload adds to complexity

As environments grow more complex, survey respondents report adding more tools to try to monitor and control all the components in their digital infrastructure.

Some 81% of respondents said the number of observability tools and capabilities they use has been increasingly recently, with 32% reporting the increase as significant. The report also shows that 44% of respondents report an uptick in vendor count—12% say the increase is significant— and another 40% said they are consolidating tools. Organizations surveyed for the Splunk report indicated the following tools are most prevalent in their IT environments:

• Network performance monitoring (79%)
• Security monitoring (78%)
• Application performance monitoring (78%)
• Digital experience monitoring (72%)
• Infrastructure monitoring (70%)

Boosting collaboration between network and security teams

Observability projects are also driving efforts to converge some of the functions of network and security teams and the tools they use, according to the Splunk report. 

Respondents pointed to several reasons why it makes sense to increase collaboration across the two IT domains. For instance, 59% of respondents said combining the two “helps us uncover security issues, thanks for intelligence and correlation capabilities native to observability tools.” Another 55% said bringing observability and security together “allows us to uncover and assess more security vulnerabilities, thanks to the visibility afforded by observability solutions.”

More than half (51%) said collaboration helps them take action on security issues faster because of the remediation capabilities in the observability solutions. And nearly half (48%) said combining efforts of the two domains is “an ideal way to make security a shared organizational responsibility.” More than one-third (36%) reported converging observability with security monitoring was a “top-down mandate to integrate.”

“As observability tools continue to become more sophisticated, the visibility they provide grows deeper and more granular. This rising tide will no doubt lift both boats—security and observability—as more teams maximize these benefits to proactively prevent issues, pinpoint problems, and keep systems running smoothly and securely around the clock,” the report states.