What security practitioners are really facing in the cloud era, and why observability is critical to data innovation and cybersecurity in the cloud.

In October 2021, Splunk launched its new security research arm SURGe to take on a completely new approach to security research.

In the wake of SolarWinds, the company noticed that security research teams were not focused on solving the security problems that security practitioners are actually facing – so it set out to change the security research landscape with SURGe, tapping into a diverse team of ex-journalists, government intelligence officials, CISOs and more, to tackle the problems that 99% of security teams face.

CybersecAsia found out more about the real issues security practitioners are facing, and why SURGe is tapping into people from an array of backgrounds to change the approach to security research, in this interview with Raen Lim, Group Vice President of South Asia & Korea, Splunk.

Raen Lim, Group Vice President, South Asia & Korea, Splunk

What is SURGe, and how is it different from other cybersecurity research organizations?

Raen Lim (RL): SURGe is an elite team of cybersecurity experts that have the capabilities to provide technical guidance during high-profile, time-sensitive cyber-attacks. This team is dedicated to researching, responding, and educating on the threats that impact the world.

In the event of high-profile security incidents, SURGe acts as a key partner, empowering blue teams (a group of experts who are responsible for strengthening digital security infrastructure, identifying unusual threats and building responses to counter them) with contextual awareness. 

What differentiates SURGe from other cybersecurity research organizations is that as a trusted advisor, SURGe aims to solve the problems of today and tomorrow, rather than preempting the potential problems of the future. As the “blue collar for the blue team”, SURGe reviews every Cybersecurity & Infrastructure Security Agency (CISA) alert or emergency directive and provides detections that help organizations further enhance and develop their security strategies.

Organizations can rely on SURGe to provide appropriate context and timely recommendations – from rapid response guides to creating and releasing long-term quality detections in collaboration with Splunk’s Threat Research Team. The SURGe team is dedicated to help organizations solve their holistic security problems so that they can navigate global security incidents with confidence and intelligence.

What should leaders in APAC organizations know about their cloud ecosystems that many of them may be unaware of?

RL: As an extensive technology infrastructure, the benefits of the cloud go beyond simply digitizing platforms. Many companies and organizations think that digitization stops at investing in technology infrastructures, but that is just the first step.

Organization leaders should maximize the available tools and applications to help them monitor and analyze their data across the various existing cloud infrastructures. This enables them to harness the full potential of the cloud ecosystem, which includes detecting anomalies and cyber risks, and addressing them before they turn into crises. 

When moving into the cloud, leaders may also be unaware of the demands and stresses placed upon their own security teams. The transformation to cloud introduces new services and providers into the organization, which face potential challenges in terms of system compatibility and integration.

In fact, as cloud adoption increases across Asia, we see a lot of regulations and industry standards designed to regulate areas concerning digital safety, cybersecurity and compliance risk. While the shift to cloud enables DevOps teams to innovate and work more efficiently, it also poses additional compliance issues as a result of evolving infrastructure and new regulations.

Additionally, with more innovations emerging on the cloud, security teams may struggle to catch up to maintain adequate security for the organization.

For instance, Globe Telecom, the largest telecommunications service provider in the Philippines, manages 180 business systems and 2,000 servers across a multitude of hybrid environments. This resulted in increased complexity, making it hard to spot issues that can impact customers.

By visualizing operational health on Splunk’s Data Platform, Globe Telecom cut 20 monitoring screens to one centralized framework which investigates events through a single, at-a-glance view while displaying data-driven analytics results on highly customizable and intuitive dashboards. This resulted in improved anomaly detection, accelerated reporting and saving of valuable resources.

A key benefit of transformation to the cloud is the ability to harness the power of data from cloud ecosystems, something which is often overlooked by organization leaders. In fact, according to the Splunk’s State of Data Innovation report, APAC organizations are likely to be investigating collaboration patterns when analyzing data to improve employee productivity and efficiency (54%, ahead of Europe’s 44% and behind North America’s 57%).

However, there is significant room for improvement, as APAC has a larger proportion of organizations rated as “beginners” in terms of data innovation (59%, behind Europe (58%) and North America (51%).

In what ways is observability critical for managing today’s hybrid infrastructures?

RL: At its core, observability is a data opportunity that enables organizations to accelerate business performance, productivity and innovation. To use that data effectively, organizations need a solution that can help ingest and analyze complex, high-velocity data across increasingly dynamic environments and architectures. 

It is thus important that the data platform chosen by the organization has the ability to ingest data from multiple hybrid cloud sources effectively, at scale, and in an automated way. As more organizations demand the ability to adopt cloud at their own terms and pace, this also means that transparency, flexibility in pricing models, and a customizable experience in switching to cloud-centric infrastructure are key factors.

Thus, a system that can provide observability across various services, infrastructures, applications and users will enable companies to fully optimize their data output. Splunk’s advanced observability capabilities therefore aim to bring monitoring into the modern era, empowering IT, Security and DevOps teams to detect, fix and prevent issues at any stage of their digital transformation journeys in order to deliver optimal user experiences. 

How can enterprises benefit from the power of being data-driven and observability? 

RL: Being data-driven in today’s hyper-digital world equips organizations with a strategic asset which enables them to not just survive, but thrive. Our current era of innovation is propelled by organizations who not only have a complete view of their data, but have the ability to act upon their data quickly. 

Over 30 industry leaders including organizations such as Nasdaq, Slack, McLaren and Domino’s have used real-time insights from Splunk to drive impactful outcomes, from increasing efficiency and visibility while moving to the cloud, to automating security operations and preventing attacks, all while accelerating innovation and delivering exceptional user experiences.

Splunk’s latest State of Data Innovation report reveals a remarkable achievement gap between organizations with mature data practices versus data-innovation beginners. On average, data innovators release twice as many products and increase employee productivity at double the rate of organizations with less mature data strategies.

Evidently, organizations that have invested in placing data at the core of their operations are twice as innovative and twice as productive as those that aren’t.

In Asia Pacific, as economies start to rebound and rebuild from the pandemic, the study found that organizations within the region are doing well in the following areas:

  • APAC organizations were the most likely to report hiring a chief innovation officer to drive initiatives (75% versus 72% in North America and 64% in Europe).
  • APAC organizations are likely to be investigating collaboration patterns when analyzing data to improve employee productivity and efficiency (54%, ahead of Europe’s 44% and behind North America’s 57%). 

More and more organizations in the region are taking note of their shortfalls, and prioritizing their investments in data innovation:

  • 33% of APAC organizations rate better data utilization as their top business and IT priority for the next 24 months, a significantly higher proportion relative to both North America (21%) and Europe (17%). 
  • 54% of APAC organizations are using observability to improve how they innovate with their data, outpacing North America and Europe (both 42%).