It’s 3:00 on a Tuesday, and your AIops tool messages that the corporate network is reaching a saturation point. It seems that one of the virtual cloud servers is spinning off a massive number of packets, hijacked by a rogue piece of software placed by a hacker the night before.
You wish that the security operations tool would have picked up on this, but it was the general-purpose management and monitoring tool that saw the network traffic spiking out of threshold and sounded the alarm that drew attention to the breach. The offending server is quickly taken down; all is right with the world again. However, this could have gone much better.
What’s missing is direct integration between the AIops tool and the security tool. Although they have different missions, they need each other. The security tool needs visibility into the behavior of all applications and infrastructure, considering that behaviors that are out of line with normal operations can often be tracked to security issues, such as DDoS attacks.
At the same time, the cloudops tool could play some role in automatically defending the cloud-based systems, such as attempting a restart or taking other corrective action so the issue does not result in an outage. The recovery could be reported back to the security tool, which would take further action, such as blocking the IP address that is the source of the DDoS attack.
This example describes security and ops tools working together, but there is much value in other tool integration as well. Configuration management, testing, special-purpose monitoring such as edge computing and IoT, data governance, etc., can all benefit from working together to create common automation between tools.
The smarter cloud management and monitoring players, especially those selling AIops tools, have largely gotten the tool integration religion. They are able to work and play well with other cloud tools to move towards a 1+1=3 kind of value driver. It’s the number one thing I look for these days, beyond the feature and function of each tool, but it’s still not high on the radar of most of the enterprises selecting cloud tools for the first time.
The reality is no magical tool does it all. They all have limited missions, which is a good thing, considering that they can be good at a few things versus being bad at many things. The strategy is to select the best-of-breed tools for each function (security, performance management, network management, application monitoring, data governance) and have those tools provide a common integration layer where events and information can be shared in a peer-to-peer method.
If this seems much more complex than just picking a single-purpose tool for a single purpose and not having to think about how they work together, you’re right. But, if this stuff were easy, it would not bring the value of cloud computing that enterprises have been promised.