When DevOps began taking hold around 2007, it was meant as a mechanism to remove silos between IT teams and accelerate software development. Adoption has been steadily growing for almost two decades, and currently, 83% of IT decision-makers report implementing DevOps, with more than half (61%) agreeing that “higher quality deliverables” are their top driver. To say “every company is a software company” is now an understatement — and at this point — DevOps alone is not enough.
New Cisco research shows the growing importance of applications in the daily lives of application users who consistently factor the value of digital services into brand loyalty and purchasing decisions. In fact, 70% of app users (under age 35) admit to warning other people against using poorly performing applications and stats from a multitude of sources back that up. For instance, McKinsey analysts say most B2C customers (85%) no longer extend blind trust to apps, and more than half of B2B buyers (52%) have stopped doing business with a company that violates trust. Add that to the 78% of technologists who believe their company is vulnerable to a multi-staged attack that would affect the full application stack over the next 12 months — and clearly, it’s not a good time to ignore security.
Solving the need for speed across performance and security
About 90% of organizations report being on the journey to DevSecOps, which is impressive, but only 30% claim to have fully implemented it. For organizations that aren’t there yet — Gartner says, 75% of engineering leaders view application security skills as a pain point in their organization, which points to the longstanding shortage of security professionals and a need for workarounds. As described in Forbes, the current most common viable strategy is to leverage AppSec experts on staff and shared tools to support a DevSecOps culture that ensures security is baked in across the entire application lifecycle.
Observability unlocks IT collaboration
To bake security into the application lifecycle, cross-functional teams need monitoring and shared views across the full application stack, including core network and infrastructure. With this level of visibility, technologists can easily identify and fix performance issues before they negatively impact users. As a result, organizations leveraging shared application performance monitoring tools are quickly gaining ground in competitive markets by reducing mean time to repair (MTTR) and accelerating delivery of high-performing application user experiences. But where is security’s seat at the table?
The convergence of application monitoring and security
Five years ago (2017), in a whitepaper titled Application Performance Monitoring and Application Security Monitoring Are Converging, Gartner analysts explained the value of combining these two monitoring capabilities in one tool. The basis for their opinion was that “an end user doesn’t care if their application service problems are performance or security related,” which reflects the growing expectations for both. Gartner saw the adoption of rapid development methodologies such as Agile and DevSecOps as “increasing the need for detailed visibility, monitoring, and analysis of applications during development and at runtime, from both an operational and security perspective.” Analysts reasoned the agent used to monitor app performance could also discover and monitor security vulnerabilities without additional friction or overhead — if — it performed both functions as one single, unified agent.
Cisco AppDynamics is in front of the innovation curve
In 2017, when the Gartner paper was released, they didn’t know Cisco engineers were already deep into creation of a single agent to solve these challenges for our APM customers — but that’s exactly how Cisco Secure Application came to be. The combination of AppDynamics for performance monitoring and Cisco Secure Application for security monitoring on a single agent delivered an industry-first solution for application security in 2022. That was phase one. Now, we’re in phase two of our evolution: a game-changing innovation for customers using OpenTelemetry.
OpenTelemetry: A superhighway for full-stack observability
In 2019, OpenTracing and OpenCensus merged and joined the Cloud Native Computing Foundation (CNCF) as OpenTelemetry, a sandbox project geared at developing a vendor-neutral standard for ingesting, transforming and sending data to any observability solution. Before this, the lack of standardization when collecting and instrumenting telemetry data caused problems. For example, instrumenting code where significant variations occurred put a heavy burden on developers to maintain large, complex instrumentation libraries, which slowed application delivery, deployment and innovation. Since its inception, OpenTelemetry has amassed a following, developed its own standard, and the project moved from sandbox to incubation, where it has gained support and meaningful code contributions from over 1000 organizations across the global tech community (including Cisco).
Cisco Secure Application for OpenTelemetry
In 2021, right after OpenTelemetry moved from sandbox to incubation, Cisco AppDynamics announced support of AWS Distro for OpenTelemetry (ADOT). This new capability enabled AWS and AppDynamics’ joint customers to standardize monitoring and observability telemetry; a crucial milestone in accelerating OpenTelemetry adoption for a larger audience. In early 2022, we announced AppDynamics for OpenTelemetry, a feature that made it easier for technologists to gain visibility into a broader set of systems and enriched our traditional AI/ML capabilities to help our customers make better sense of vast arrays of data. Now, we are tapping into the OpenTelemetry pipeline, which was built for performance not necessarily for security, and using it to deliver security information — without changing anything in the spec itself or the standard. We are well on the way to fulfilling the convergence of APM and ASM as Gartner saw it, with our first phase available now in Cisco Secure Application for OpenTelemetry with additional capabilities rolling out this year.
For more information on Cisco’s commitment to the OpenTelemetry project, start with OpenTelemetry: How Cisco and AppDynamics are contributing to the future of observability and stay tuned for upcoming announcements.
* OpenTelemetry™ is a trademark of The Linux Foundation®.
Ted Hulick is a principal engineer and a senior member of the AppDynamics Java Agent group responsible for both application performance monitoring (APM) and security. He is the patent chairman for the Cisco Observability Monitoring and Performance committee and has close to 100 patents filed and/or granted with Cisco — many of which involve Java internals and/or instrumentation and application performance and security as well as OpenTelemetry integrations. Ted has been a principal engineer on four different APM products and two different RASP products across his career and is recognized as a subject matter expert for all aspects of full-stack observability technologies.
When not working or studying the latest technological trends – Ted spends time at his lake house in the piney woods of Texas — fishing, boating and hanging out with his Husky dog, Athena.
