Cisco Aligns Cloud Observability Tools To ‘Real’ Business Risk

Enterprises use security. We’ve been doing this for a while i.e. ever since the time of Windows 95 (if not before), organizations were deploying anti-virus suites across their business servers and, later, looking for higher-end enterprise versions of the same breed of products to lock down system security and hedge their bets against malware and all forms of web-based nastiness.

But times have moved on. Specifically, times have moved onward to the era of cloud-native applications and the need to provide systems engineers with tools to keep our apps and data safe. Today, it’s often more common for us to talk about ‘observability’ long before anyone mentions the word ‘cyber’ in the context of security.

We’re now at a point where the protection process is becoming entwined with observability practices designed to look for cloud misconfiguration, application data overloads, service request bottlenecks and issues related to network and system safety at the highest level.

Business-centric observability

But what if we could do all those tasks and apply a more business-centric approach to our observability, wouldn’t that make the digital analytics we do perform at the back-end more worthwhile and more efficient? Cisco thinks so. The firm is now aligning its Cisco Full-Stack Observability Platform to work inside a realm where its functions are more directly driven by business context. This is where application performance data and security intelligence dovetail and come together.

Built on Cisco’s Full-Stack Observability Platform, Cisco Secure Application provides organizations with intelligent business risk insights to help them prioritize issues, respond in real-time to revenue-impacting security risks and reduce overall organizational risk profiles.

“Traditional vulnerability scanning solutions simply don’t provide the information that teams need,” said Ronak Desai, senior vice president and general manager, Cisco Full-Stack Observability and AppDynamics. “An organization’s ability to quickly assess risks based on potential business impact, align teams and triage threats is entirely dependent on understanding where vulnerabilities exist, the severity of those risks, the likelihood they will be exploited and the risk to the business of each issue.”

Get cloud, now, quickly!

Desai suggests that business risk observability comes at the right time as we now move to build digital experiences across hybrid and multi-cloud environments. Why? Because, it seems, that many IT teams are working so fast to move to cloud computing with modern, distributed applications that some are argued to be overlooking lock-down processes to secure our enterprise applications.

Cisco’s own study - which would arguably have asked the right questions to get the right answers that the firm needed to peddle and promote this line - suggests that a whopping 92% of global technologists admit that the rush to rapidly innovate and respond to the changing needs of customers has come at the expense of robust application security during software development.

One might argue here that less is more and, if Cisco had even found a third of that figure, it would still be worrying. But marketing is marketing.

The company says that the IT landscape today sees companies exposed to security vulnerabilities and threats, with larger attack surfaces and gaps in their application security layer caused by siloed teams both struggling to gain visibility and the right business context to prioritize vulnerabilities.

How does it work?

The new Cisco Secure Application offering promises to arm customers with expanded visibility and business risk insights across cloud environments so that organizations can prioritize and respond in real-time to revenue and reputation-impacting security risks. Further, it is said to be able to reduce overall organizational risk profiles.

In terms of how the technology works, Cisco Secure Application integrates with Cisco’s other security products and enables software team members (typically system administrators, site reliability engineers, perhaps database administrators and wider operations team staff from penetration testers to others) to locate and highlight security issues across application entities, including services, workloads, pods (a small but deployable part of cloud connection technology is managed by an orchestration engine), containers and business transactions. It can then isolate them at speed.

IT teams can then prioritize issues and give them a ‘business risk score’ that combines application performance data and business impact context from Cisco’s own Cloud Native Application Observability technology.

Cloud, in concert

“A successful digital infrastructure must operate as a concert – not as a collection of separate products, providers and people. This requires all components – from core to edge, from network to applications, from on-premises systems to public cloud and communications services – to work as one to deliver the best digital experiences,” asserts Mark Leary, research director at IDC.

Leary thinks that Cisco’s ‘extensive domain experience’ (his chosen term) across hybrid and multi-cloud environments and comprehensive full tech stack oversight positions the company well to help customers bring application observability, security intelligence data and business risk observability together.

Although this is not a cybersecurity story, there is clearly an element of observability that looks after cloud health in that regard. What this really represents is a further affirmation of why we talk about orchestration so much in cloud computing i.e. our analyst here used the term 'concert' for a reason - this is a more variegated and diversified way of using technology, so we have to make sure we’re miscellaneous but never farraginous (a confused farrago) in our approach.