Merging technology alerts and their business context
Gregg Ostrowski, CTO Advisor, Cisco AppDynamics

Merging technology alerts and their business context

Business risk observability is the answer to fighting back data fragmentation and it breaks down silos across the IT department and brings applications and security teams together around a single source of truth explains Gregg Ostrowski at Cisco AppDynamics.

Few technology paradigms have been as transformative as that of cloud computing. Businesses across the Middle East were quick to shed initial concerns and most now position themselves as being cloud-first. Indeed, the cloud application market in the region, which stood at a respectable US$2 billion in 2019, is set to more than double, reaching US$4.5 billion in just the half decade.

But rapid growth has also exposed new vulnerabilities. Organisations now find themselves on the backfoot, ill prepared to counter the threats introduced by the cloud-oriented evolution of their IT environments. A recent study in the UAE found that just a third, 35% of businesses in the Emirates that have deployed Kubernetes have tools in place to protect against data-loss incidents such as ransomware.

This is particularly concerning as attackers on the other hand are well-prepared. Bad actors are targeting known vulnerabilities within Kubernetes clusters, and these threats will continue to rise as organisations shift to cloud native platforms.

Far from trying to put the genie back in the bottle, organisations need to find modern ways to protect modern applications across the entire lifecycle. Traditional approaches for managing application security simply are not fit for purpose within highly dynamic cloud native environments, and organisations urgently need to find new solutions.

Level of visibility

Applications are at the heart of digital transformation initiatives. They enable employees to carry out their daily functions more efficiently, they empower teams to collaborate across geographies, and they afford customers the convenience of instant access to services via the device of their choice.

The number of applications therefore is skyrocketing, while the windows for development and deployment are constantly shrinking. But, in the rush to deliver new applications, security has often struggled to keep pace.

Cloud infrastructures, while undeniably convenient and effective, greatly expand the attack surface area. IT teams now struggle with gaping visibility gaps in their Kubernetes environments, leaving mission-critical cloud native applications vulnerable to attack.

Alert fatigue

We recently asked global technologists about the challenges they are facing in managing application security and two-thirds reported that their current security solutions work well in silos but not together. This means that they can’t get a comprehensive view of their organisation’s security posture.

Instead of being aided by their technology investments, IT teams are inundated by security alerts from multiple vulnerability scanning tools. This hampers their ability to cut through the data noise, making it significantly more challenging to quickly analyse issues and understand the level of risk.

In fact, the same study found that 59% of technologists are understandably feeling overwhelmed by the volume of security threats and vulnerabilities to their organisation ,they simply have not got the insights and resources required to manage an ever more complex application security landscape.

This challenge is so significant that it even has its own name, alert fatigue. Unfortunately, the result is that many IT teams are ending up in security limbo, not being able to deliver the impact they would like because they simply do not know what to focus on and prioritise. And inevitably, as a result, the likelihood of a revenue-impacting security event rises higher.

Risk prioritisation

As the number of cloud-native applications grows, IT teams need to gain expanded visibility into their Kubernetes environments. They need to have the ability to rapidly pinpoint security issues across application entities, whether these are business transactions, services, workload, pods or containers. Entity level correlation enables IT teams to quickly isolate issues and apply fixes, improving metrics such as mean time to detect, MTTD and mean time to remediation, MTTR.

But visibility alone is not sufficient. To make sense of the flood of incoming alerts, IT teams also need to add business context to their security findings. They must have the right solution that enables them to rapidly locate, assess and prioritise risk and remediate issues based on potential business impact.

This is why business risk observability is a must for any organisation that considers itself to be cloud-first. This approach brings together application performance data and business impact context with vulnerability detection and security intelligence so that IT teams can easily identify which business transactions present the greatest risk to the business.

As a result, they are able to prioritise the issues with the potential to do most damage to the business, for example, issues which are associated with highly sensitive customer data, or vulnerabilities in mission-critical applications.

Business risk observability

Business risk observability is also the answer to fighting back fragmentation. It breaks down silos across the IT department and brings applications and security teams together around a single source of truth for all application availability, performance, and security data. With it, organisations can finally succeed in their quest towards DevSecOps and a more integrated approach to security throughout the application lifecycle.

Development teams can easily adhere to their organisation’s most critical security priorities and embed robust security into every line of code. This will result in secure applications that have been designed for security from the onset, and are therefore easier to manage and troubleshoot before, during and after release.

As digital transformation initiatives progress, IT teams will constantly have to do more with less. Business risk observability eases the pressure on over-stretched IT teams, providing technologists with the tools and insights they need to regain control, make smart decisions and deliver positive impact for their organisations.

It is time for technologists in all sectors to think beyond just the technical aspects of the infrastructure and applications they are responsible for. IT is now a fundamental enabler of the enterprise, and so they must think of attacks from the perspective of their potential impact on the business.

Fortunately, business risk observability can help organisations to meet the challenge of security within modern application environments. The urgency with which IT teams need to implement these tools, along with process and cultural change, is only increasing.

They cannot afford to get left behind in the shift towards business risk observability. With the right strategy in place, they can mitigate business risk, empower their teams, and keep their digital transformation programs on track.

Click below to share this article

Browse our latest issue

Intelligent CIO Middle East

View Magazine Archive