Research Vice President, Security & Trust Products
Research Director, Network Analytics & Automation
As the digital business model accelerates across the world’s regions and industries, organizations of all sizes are working to address onrushing digital business requirements as well as external forces such as inflation, supply chain disruptions, and worker shortages. Serving as the foundation for the digital business model is a maximally resilient and responsive digital infrastructure. This infrastructure includes all of its many on-premises systems and cloud services, core and edge components, end-user and smart-endpoint clients, vital applications and data, and cybersecurity functions. For CIOs, CISOs, and their IT organizations chartered with the delivery of a high-quality, well-protected, fast-moving, and cost-effective digital infrastructure, detailed visibility into and precise control over infrastructure conditions and components are vital keys to success. This is where observability comes in.
Observability delivers comprehensive intelligence and insights focused on current and trending operating conditions across the digital infrastructure — from networking to computing and to cloud, security, applications, and end-user experience. Today, observability solutions are used rather sparingly, in only select areas of IT management (e.g., IT operations, security operations). Going forward, the greatest value from observability will be realized when management intelligence and insights are highly leveraged within and across all IT technology domains. Observability solutions must work more completely and in concert at all layers of the digital infrastructure. Here, the comprehensive visibility and control provided by detailed observations of such important items as business workloads, technology components, cloud services, secure exchanges, and system anomalies assure that the digital infrastructure and the IT organization deliver on their full promise in service to business demands and desired outcomes.
There are many significant use cases for observability; at the top of practitioners’ preferences is “Strengthen cybersecurity posture and practices.” This is not surprising. Detection and response capabilities are often highlighted, but the best cybersecurity events are the ones that do not happen. Basic cybersecurity posture assessment such as determining which assets should not be exposed to the internet, how microsegments are established, and what data access conditions are permissible within the network all work in concert to enforce safe cybersecurity before an incident occurs.
To better understand how observability solutions are being evaluated, applied, and judged now and into the future, IDC conducted a worldwide survey focused on observability as it relates to the measurement, monitoring, mitigation, and management of the digital infrastructure. Over 900 respondents qualified and contributed to IDC’s Deep Observability Survey, which covered three regions, 11 countries, and a mix of major industries (including financial, manufacturing, retail/wholesale, healthcare, transport/utilities, education, government, and professional services). All respondents represented organizations with 1,000 employees or more, with 46% representing organizations with more than 5,000 employees. All respondents held roles of manager or above, with two thirds holding director, vice president, or C-level positions within their respective IT organizations. And all respondents had managerial and decision-making responsibilities for observability functions and solutions that span across IT operational domains, including networking, security, and cloud.
As a follow-on to IDC’s 2022WorldwideDeepObservabilitySurvey, a series of interviews were conducted with large organizations across five major industries: healthcare, financial services, technology, utilities, and ecommerce. Interview candidates were selected based on their advanced use of observability solutions and integrated approach to operations across networking, security, and cloud management. All subjects held senior management roles within
their respective IT organization (e.g., CIO, CISO) and could offer solid tactical and strategic insights into their journey to and results from their movement to a more conjoined and collaborative approach to IT observability and operations.
The above represents an overall summary of takeaways from the interviews conducted in support of this survey effort and white paper. Select and telling quotes from these interviews appear across this white paper.
When evaluating top business priorities, it is easy to draw the line between a resilient and responsive digital infrastructure and the delivery of high-quality exchanges, rich services, strong security, and digital innovation. Whether the focus is on worker productivity, operational efficiency, customer satisfaction, or digital innovation, observability solutions deliver the visibility and control necessary to assure that the infrastructure provides the best possible support to the business and all critical resources and workflows (see Figure 1).
n = 796, Source: IDC’s Future Enterprise Resiliency & Spending Survey — Wave 2, March 2022
The value presented by the detailed intelligence and in-depth analysis offered by observability solutions is also highlighted when examining the barriers to success when building out a digital infrastructure. Insufficient analytics and automation is a top 3 barrier. In addition, examining other top barriers reveals close ties to observability capabilities. Whether addressing digital priorities, workload performance and security concerns, staff challenges, utilization of cloud services, or edge and data management, more consistent, detailed, and intelligent analytics and automation help break down the top barriers to digital success (see Figure 2).
“The network architecture is something that is, for me, absolutely fundamental for protecting the core part of my business.”
n = 796, Source: IDC’s Future Enterprise Resiliency & Spending Survey — Wave 2, March 2022
There is widespread agreement that observability is a vital strategic management capability that serves both the overarching needs of the end-to-end digital infrastructure (e.g., digital experience management) and the specific needs of IT domains (e.g., CloudOps, NetOps, SecOps, and DevOps). There is also strong agreement that sharing intelligence and insights and combining staff efforts across IT domains is critical to infrastructure and IT organization success. When reporting on their level of sharing across IT domains, most respondents stated that they are either actively sharing (55%) or fully synchronized (22%).
Of note is the increasing alignment of efforts, toolsets, and practices between NetOps and SecOps. Over 60% of organizations reported that they are making good or strong progress in leveraging network-derived intelligence and insights in their security management efforts, while another 18% rated themselves as fully mature in this practice. In evaluating their ability to combine NetOps and SecOps to perform such actions as gathering telemetry, performing triage, and initiating remediation, on average, 60% rated themselves “good” or “excellent.”
Looking into the critical area of cloud service management, 73% of organizations reported having real-time telemetry for both their cloud computing and networking environments. And most organizations agreed or strongly agreed that they leverage cloud service intelligence and insights to optimize costs (72%), secure information (72%), resolve service problems (69%), and track client activity across multicloud environments (68%).
Are these positive reports of extensive sharing, complete visibility, and effective teamwork to be believed? More detailed probing into observability use, challenges, and expectations reveals that high-level perceptions may not reflect the detailed reality of complex and critical digital infrastructure management. Most IT organizations need to raise the bar in applying observability intelligence and insights across their infrastructure.
For example, running counter to respondents’ indicating the ease of sharing data between NetOps and SecOps and gathering telemetry from cloud services, only 14.6% of respondents answered that collecting data from observability tools was “not difficult.” While observability intelligence and insights offer much promise across the digital infrastructure, organizations are challenged to break siloed approaches, find a common workflow with other tools through integration, and train their teams to use the enriched data observability solutions present.
“I would say that having the NOC [network operations center] and SOC [security operations center] separately provides challenges. More so on the SOC side because they are reacting to an alert that says there is a problem. Because they don’t manage the network and they don’t sit with those that do, SOC staff don’t necessarily understand the environment to the level that is useful.”
While respondents indicated that sharing data and tools is widespread and that further progress is being made, indications are that observability tools and practices remain disjointed and dispersed. Just as the digital infrastructure itself must work in concert to serve the business, observability tools must work in concert to serve IT. For too many organizations, their observability toolsets, practices, and spending reflect more collection than concerted effort, as they are focused on specialized and standalone management functions. The sheer number of observability solutions in use reflects this complex collection approach. Almost 70% of organizations use six or more tools, and almost half of this group uses 11 or more tools. Amazingly, 7% use more than 20 observability tools to operate and optimize their digital infrastructure.
And where are all of these observability tools being used? Organizations report the use of observability solutions across every major IT management domain (see Figure 3). However, use is limited across all organizations. Just over half of organizations said that observability solutions are used only for IT operations; that means nearly half are not applying observability to IT operations. And it gets worse from there when examining other IT management domains (e.g., CloudOps, SecOps, NetOps). All fall below — and some well below — 50% utilization within responding organizations.
“I think the tools and the teams in the IT space have to come together.”
n = 912, Source: IDC’s Gigamon Deep Observability Study, June 2022
As pointed out, there are too many observability solutions being used by too few IT management domains. This creates multiple challenges for organizations looking to advance digital infrastructure visibility and control (see Figure 4). And these challenges exacerbate other pressing and more strategic IT challenges. For example, staff requirements multiply as the observability toolset grows, adding to the problem of staff shortages. Total cost of ownership increases, further pressuring IT budgets. Information overload, siloed intelligence, and integration burden delay management actions, undercut service quality, and hinder innovation, slowing or restricting digital business efforts and success.
“It is very difficult to say there is any one tool anymore that has everything because it is too hard to get everything in one place and there is too much data.”
n = 912, Source: IDC’s Gigamon Deep Observability Study, June 2022
There are numerous other indications from the survey that highlight concerning issues with current observability solutions. Many revolve around restrictions relating to observability data and the detailed visibility it provides. Over 40% of respondents indicated that it is difficult or even extremely difficult to derive actionable insights from the data collected. Over 60% agreed or strongly agreed with the statement that observability solutions serve narrow requirements and fail to offer a complete view into current operating conditions. Almost 70% advocated for a single source of truth to be established for use by all mission-critical IT management tools. And zooming in on security specifically, nearly 75% cited observability as being critical to forming a strong security posture and mitigating threats quickly and effectively.
Knowing the detailed status of digital infrastructure conditions and components at any moment in time has become a vital requirement for digital success. The movement of traffic, operational status of infrastructure services and components, contribution of cloud services, oncoming threats, and the end-user experience are all priorities as organizations accelerate and heighten their digital business initiatives. Beyond enabling complete visibility into the current state of the infrastructure, the detailed intelligence and insights provided by observability solutions also serve to direct precise actions, protect against threats, predict future outcomes, and improve IT staff productivity.
“I think eventually, you are going to be in a position where machine learning will be able to dictate and drive the scaling of your network and/ or your Kubernetes clusters based on behavioral patterns seen in your traffic.”
To fulfill all of this promise, observability solutions must continue to advance across many fronts. Ties to IT automation boost the accuracy and timeliness of automated actions. Ease of usability and integration promotes tool usage and teamwork across
IT domains. End-to-end digital experience management assures consistent service quality to end users (e.g., workers, partners, and customers) and smart endpoints
(e.g., sensors, robots). Anomaly detection bolsters threat detection and mitigation efforts. Cloud observability brings the cloud infrastructure into full view, a critical requirement given the core role cloud services (and multicloud environments) play within the digital infrastructure of almost every organization. As evidenced by the survey results, the list of expected advancements — and the areas of impact from these advancements — is long and, even more importantly, reflects a rather equally strong importance for all (see Figure 5, next page). The future success of observability is based upon advancements along many fronts, not just one or even a few.
n = 912 (Top 2 Box Summary), Source: IDC’s Gigamon Deep Observability Study, June 2022
Many respondents indicated that their use of network-derived intelligence and insights in support of their security management efforts is fully effective and mature, yet strengthening security postures and practices is viewed as the number 1 benefit of applying observability across the digital infrastructure (see Figure 6, next page). Obviously, there remains much concern for securing the digital infrastructure — and much hope for heightened security-driving observability intelligence and insights.
On the issue of IT staffing, everyone agrees that the shortage is real, and staff development, satisfaction, retention, and teamwork are all troubling challenges. Again, we see much hope for observability tools and data to bolster staff efforts and expertise, focused not only on their primary area of responsibility (e.g., network operator, security analyst) but also on their contribution to adjacent domains and overarching IT efforts (e.g., automation, digital experience management).
Beyond security and staffing improvements, observability is seen to deliver a mix of both tactical (e.g., resolution, continuity, tracking) and strategic (e.g., experience, governance, innovation) benefits. Observability offers potential impact along many fronts. When identifying requirements, evaluating solutions, and justifying purchases, it is key to understand all of the possible areas of impact.
“There is a lot of efficiency in automation. We automate about 78% of our alerts right now. And we are working to automate more. Our goal is to automate as much as possible, and then the team is really adding value as opposed to looking at alerts. It is not fun work. No one likes doing it. The more we can get into an automated playbook the better.
We don’t want our team to burn out and we want them working on higher-value things.”
n = 912, Source: IDC’s Gigamon Deep Observability Study, June 2022
Cybersecurity can be thought of in three movements. The first and last movements
are easily understood. A “shift-left” approach starts with the DevOps environment; we can call this, largely, prevention. Increasingly, the success of businesses is that they are becoming developers; security starts with secure containers and the most updated and vulnerability free code (outfitting old Java scripts is not cutting it). Identity access management, audio/visual (AV) and firewall policies, micro-segmentation, and zero trust are part of a shift-left approach.
A “shift-right” strategy is also advisable. Businesses must react to a high-security alert with the installation of the proper playbook, initiate ephemeral response such as having end users access the network through multifactor authentication (MFA), and then start a workflow. The next set of circumstances that a business should be prepared for is data backup and disaster-recovery procedures.
The middle is what we call “shift-through,” and it is probabilistic; the idea is to consider not just vulnerabilities but also the higher concept of risk. If expressed as a formula, risk = probable outcomes multiplied by potential damages multiplied by indemnities (compliance, loss of reputation, etc.) divided by (prevention + security controls + mitigation + recovery).
This is all germane to how a network is monitored. If a NOC/SOC goes into alerts based solely upon vulnerabilities, an organization will forever be in whack-a-mole mode. Differentiating asset criticality matters, too — any threat to a web/email server is a big problem. Shift-through is a risk-based approach that allows companies to investigate incidents in such a way that a problem is properly remediated and a company’s security posture improves over time as a native part of the investigative process (i.e., if a team finds an internet-facing exposed S3 bucket, it will find others in the same fell swoop).
With advanced observability, NetOps and SecOps teams can gain predictive
insights and proper remediation strategies for shift-left, shift-right, and shift-through (see Figure 7, next page). Deriving the best insights from packet data does take some expertise, but the path toward fortifying cybersecurity resides in the integration of log and network metadata. Only when these are used in concert can NetOps and SecOps teams gain the ability to proactively detect and remediate threats at all layers of the digital infrastructure.
“Having network engineers and security engineers involved in vendor and product evaluations brings a holistic approach to how we pick tools as well as how we select vendors.”
n = 912, Source: IDC’s Gigamon Deep Observability Study, June 2022
Among the survey respondents, 78% indicated that observability helps with threat detection and mitigation efforts. However, the very first move after triage is the most important: The security team must determine if an incident is indeed a security event, and then if the attack is against a type of persona (C-level executives), an application type, an exploit of opportunity, or a pawning of an identity to set up a command-and-control (C2C) exfiltration beachhead.
Logs and packets together provide immutable truths about what is happening within the application and network layers of the digital infrastructure. Metadata collection is helpful for forensic investigations and event correlation, but remember that the adversary understands this as well. The adversary can disguise IP addresses and sometimes manipulate logs. However, observability with deep packet inspection creates an unalterable insight.
When survey participants were asked what their top expectations are for the vendor/provider of an observability platform designed for cybersecurity, the top 2 replies were “Able to express indicators of compromise within the MITRE ATT&CK framework” and “Eliminate dwell time that an adversary can live off the land in the network.” The MITRE ATT&CK for Enterprise is a global framework deployed within security tools for monitoring, predicting, and remediating adversarial behavior on a network. MITRE ATT&CK recognizes two collection techniques and 12 specific techniques that can be used by the adversary in an attempted breach. There are 218 sub-techniques cataloged in the framework. If deployed properly, observability can find 90% of these techniques. The old colloquialism “Sunlight is the best antiseptic” definitely applies to cybersecurity tools.
In networks and in cybersecurity, the concept of observability is straightforward.
The network is the host where data, applications, and properly credentialled users meet. Vigilance of the network requires that the network be stable to enable access, and observability extends to preemptive observation of indicators of compromise (IOC) in hopes of preempting an attack, as well as the tools needed to investigate an incident if there is something more than an IOC.
Toward weaving network-derived intelligence and insights into security management, 32% of respondents said they are making fairly strong progress, and another 22% believed they had made excellent progress and are fully mature (see Figure 8, next page). When rating their ability to combine efforts, toolsets, and practices of NetOps and SecOps teams to identify compromised machines and personas, almost two thirds of the respondents rated themselves “good” or “excellent.” Maybe.
Why maybe? It is estimated that if organizations adhered to the top 5 of the SANS 20 Critical Security Controls, they would eliminate 98% of possible attack vectors. As easy as that sounds, organizations need to create inventories of authorized and unauthorized devices and software, secure configurations, continuous vulnerability assessment and remediation, and controlled use of administrative privileges. Observability solutions can absolutely facilitate these initiatives, but this requires both the proper tooling and telemetry and the organizational discipline to use them.
“Is our security posture improving? I think our posture is improving in that we now have a broader team who understands the tools we use to manage our security.”
n = 912, Source: IDC’s Gigamon Deep Observability Study, June 2022
Observability solutions have much to contribute to the management, protection, and evolution of digital infrastructure, and this contribution occurs in two ways. First, as a primary observability solution focused on a specific IT management domain or even select functions within a domain, a solution should provide for leading-edge capabilities (e.g., data management, actionable insights, ease of use, trend analysis). Second, no matter how specialized its primary focus, an observability solution must contribute to adjacent and overarching observability efforts and tools. The survey results certainly highlight the effective use of network-derived intelligence and insights in security management. Sharing network data and analysis and promoting the shared use of network observability tools with SecOps, DevOps, and AIOps presents many tactical and strategic benefits to the IT organization and the business.
“The problem with machine learning, you need a massive amount of data to train the model — and that massive amount of data is network traffic.”
Survey respondents indicated the importance for observability solutions to contribute to both domain-specific management and broader integration efforts. In support of specific domains (e.g., networking, cloud, security, etc.), capabilities such as cloud visibility, deep packet inspection of encrypted traffic, AI/ML-driven analysis, predictive analytics, complex correlations, anomaly detection, root cause analysis, and forensic histories are prioritized. In support of integration efforts, enabling systemwide observability, leveraging industry standards, linking to automation efforts, and unifying data collection gain strong consideration (see Figure 9, next page).
n = 912, Source: IDC’s Gigamon Deep Observability Study, June 2022
In this always-on, hyper-connected, and ever-threatened digital business environment, the heightened visibility and control offered by observability solutions certainly raise concerns for organizations, most prominently security vulnerability (blind spots). The staff, operational, and budget demands of observability solutions add further concerns as organizations build out the data sets, tools, talent, and practices designed to take full advantage of a concerted observability effort (see Figure 10, next page). Observability is intended to simplify and solidify digital infrastructure management. However, it does this over time, and it requires organizations to take the right steps along the path to completion.
“A lot of our security threats ride in through the network. So how our threats have happened, it starts with the network. We needed a holistic approach to security and network management.”
n = 912, Source: IDC’s Gigamon Deep Observability Study, June 2022
Owing to the many potential benefits associated with specialized and systemwide observability efforts, survey respondents indicate increased investment, particularly across key focal points for digital infrastructure buildout.
We did not do a reorganization around cloud, but we did a rewiring of people’s brains. You have to retool and retrain people for a cloud world.”
Over the next two years, spending on observability will increase for 68% of the organizations that responded to IDC’s Deep Observability Survey. And close to half of these organizations indicated they will be increasing their observability budget by more than 10%.
Where is this increasing investment in observability aimed? The top 3 areas of investment match the top responses relating to observability solution attributes (cloud/multicloud), current use (IT operations and service management), and expected benefits (security), respectively. Reflecting the changing nature of network infrastructure and connected users and devices in this post-pandemic and accelerating digital business environment, network observability investment is distributed across major network subdomains, with wireless ranked highest, at number 4. To show how far and how fast the observability movement has progressed over the last two years, DevOps and application performance management — the longtime singular focal point for observability solutions and efforts — are ranked a distant number 5 in the top investment areas for observability (see Figure 11, next page).
n = 912, Source: IDC’s Gigamon Deep Observability Study, June 2022
As we see from the survey results, organizations cite many targets, capabilities, benefits, and concerns with their observability efforts.
The appendix includes select survey data for the following countries: Australia, France, Korea, Malaysia, Philippines, Singapore, and United Kingdom, as well as the financial services and manufacturing sectors.
| Australia | Korea | Malaysia | Philippines | Singapore | United Kingdom | France | Financial Services | Manufacturing | |
|---|---|---|---|---|---|---|---|---|---|
| Security vulnerabilities (blind spots) | 26.3 | 32.5 | 28.0 | 28.0 | 30.0 | 32.5 | 19.5 | 23.5 | 24.2 |
| Limited visibility into cloud services use, performance, and costs | 26.3 | 29.9 | 20.0 | 34.0 | 20.0 | 10.4 | 29.5 | 24.1 | 22.5 |
| Integration burden limits solution access, exchanges, interactions, and impact | 21.1 | 29.9 | 28.0 | 30.0 | 32.0 | 26.0 | 14.3 | 19.9 | 31.7 |
| Lack of in-house expertise constrains solution utilization and benefit realization | 28.9 | 14.3 | 40.0 | 22.0 | 24.0 | 24.7 | 32.5 | 25.3 | 25.8 |
| Vendor lock-in, limiting use and impact of observability functions across the digital infrastructure | 18.4 | 22.1 | 28.0 | 24.0 | 20.0 | 24.7 | 19.5 | 24.7 | 20.8 |
| High costs and difficult to calculate and prove ROI | 23.7 | 31.2 | 28.0 | 42.0 | 28.0 | 20.8 | 16.9 | 21.1 | 28.3 |
| IT culture refuses to accept a shared single source of data and insights | 25.0 | 31.2 | 18.0 | 26.0 | 28.0 | 27.3 | 19.5 | 24.1 | 15.8 |
| Lack of focus on customer success and life-cycle management by the solution vendor | 32.9 | 22.1 | 26.0 | 14.0 | 16.0 | 18.2 | 23.4 | 19.9 | 23.3 |
| Slow and, possibly, mismatched technology road map development | 27.6 | 16.9 | 12.0 | 18.0 | 32.0 | 22.1 | 23.4 | 19.3 | 20.8 |
| Limited support for open source and industry standards relating to observability | 22.4 | 18.2 | 24.0 | 20.0 | 14.0 | 20.8 | 19.5 | 20.5 | 19.2 |
| Difficulty in tying observability intelligence and insights to automation efforts | 18.4 | 19.5 | 30.0 | 28.0 | 30.0 | 19.5 | 23.4 | 21.7 | 24.2 |
| Other | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 |
| Unweighted Valid n | 76 | 77 | 50 | 50 | 50 | 77 | 77 | 166 | 120 |
| Australia | Korea | Malaysia | Philippines | Singapore | United Kingdom | France | Financial Services | Manufacturing | |
|---|---|---|---|---|---|---|---|---|---|
| Eliminate dwell time that an adversary can live off the land in the network | 35.5 | 27.3 | 34.0 | 26.0 | 36.0 | 33.8 | 40.3 | 33.1 | 36.7 |
| Can quickly tell if an alert is a network, security, or application problem | 52.6 | 51.9 | 48.0 | 46.0 | 42.0 | 51.9 | 48.1 | 42.2 | 52.5 |
| Able to express indicators of compromise within the MITRE ATT&CK framework | 32.9 | 28.6 | 34.0 | 30.0 | 30.0 | 35.1 | 29.9 | 39.8 | 31.7 |
| Have data enriched in such a way as to correlate with current threats in the wild | 31.6 | 49.4 | 26.0 | 42.0 | 42.0 | 29.9 | 44.2 | 38.0 | 32.5 |
| Our observability platforms must be deeply integrated with our other tools such as firewall, SIEM, EPP/EDR, etc. | 47.4 | 42.9 | 58.0 | 56.0 | 50.0 | 49.4 | 37.7 | 47.0 | 46.7 |
| Unweighted Valid n | 76 | 77 | 50 | 50 | 50 | 77 | 77 | 166 | 120 |
| Australia | Korea | Malaysia | Philippines | Singapore | United Kingdom | France | Financial Services | Manufacturing | |
|---|---|---|---|---|---|---|---|---|---|
| Yes | 77.6 | 90.9 | 92.0 | 86.0 | 86.0 | 84.4 | 87.0 | 73.5 | 79.2 |
| No | 22.4 | 9.1 | 8.0 | 14.0 | 14.0 | 15.6 | 13.0 | 26.5 | 20.8 |
| Unweighted Valid n | 76 | 77 | 50 | 50 | 50 | 77 | 77 | 166 | 120 |
| Australia | Korea | Malaysia | Philippines | Singapore | United Kingdom | France | Financial Services | Manufacturing | |
|---|---|---|---|---|---|---|---|---|---|
| Most observability tools serve narrow requirements and fail to enable a complete view into current operating conditions | 65.8 | 49.4 | 62.0 | 50.0 | 64.0 | 63.6 | 59.7 | 60.2 | 65.0 |
| My organization plans to converge previously siloed IT teams (e.g., NetOps and SecOps) and tools (e.g., NPM, APM, SIEM) to improve our overall approach to observability | 73.7 | 67.5 | 72.0 | 68.0 | 66.0 | 71.4 | 57.1 | 61.4 | 72.5 |
| Observability is critical to delivering the best possible digital experiences for customers and employees | 85.5 | 74.0 | 88.0 | 76.0 | 78.0 | 80.5 | 61.0 | 68.1 | 80.0 |
| Observability is critical to forming a strong security posture and mitigating threats fast and effectively | 69.7 | 64.9 | 84.0 | 74.0 | 86.0 | 74.0 | 72.7 | 67.5 | 78.3 |
| Detailed cloud service measurements are critical to the success of observability tools and efforts | 81.6 | 55.8 | 80.0 | 68.0 | 82.0 | 80.5 | 71.4 | 72.3 | 77.5 |
| My organization uses or plans to use observability solutions to support our IT automation efforts | 73.7 | 76.6 | 82.0 | 72.0 | 82.0 | 76.6 | 61.0 | 75.9 | 80.0 |
| AI/ML technologies must be incorporated within observability solutions for them to fully deliver on their promise | 67.1 | 72.7 | 82.0 | 82.0 | 78.0 | 79.2 | 63.6 | 69.3 | 70.8 |
| A single source of truth must be established for use by all mission-critical IT management tools | 73.7 | 61.0 | 80.0 | 72.0 | 70.0 | 64.9 | 64.9 | 66.3 | 70.8 |
| When IT teams use the same observability tools across technology domains, it fosters teamwork and operational success | 78.9 | 74.0 | 80.0 | 70.0 | 84.0 | 71.4 | 70.1 | 69.9 | 82.5 |
| No rated in top 2 box | 1.3 | 1.3 | 0.0 | 0.0 | 0.0 | 0.0 | 3.9 | 2.4 | 0.8 |
| Unweighted Valid n | 76 | 77 | 50 | 50 | 50 | 77 | 77 | 166 | 120 |
| Australia | Korea | Malaysia | Philippines | Singapore | United Kingdom | France | Financial Services | Manufacturing | |
|---|---|---|---|---|---|---|---|---|---|
| Shift from reactive to proactive operations | 19.7 | 16.9 | 16.0 | 18.0 | 18.0 | 23.4 | 18.2 | 16.9 | 15.0 |
| Drive faster mean time to resolution (MTTR) | 14.5 | 22.1 | 30.0 | 18.0 | 24.0 | 20.8 | 23.4 | 24.7 | 24.2 |
| Improve digital experience for customers and employees | 25.0 | 19.5 | 32.0 | 36.0 | 28.0 | 31.2 | 26.0 | 21.7 | 24.2 |
| Accelerate digital innovation | 22.4 | 22.1 | 30.0 | 28.0 | 14.0 | 22.1 | 19.5 | 21.7 | 25.0 |
| Ability to track individual users and machines across multiple environments | 25.0 | 29.9 | 28.0 | 34.0 | 34.0 | 18.2 | 16.9 | 22.9 | 25.8 |
| Improve IT staff productivity and collaboration | 25.0 | 35.1 | 40.0 | 38.0 | 22.0 | 31.2 | 24.7 | 30.7 | 32.5 |
| Helps provide governance over multicloud/heterogeneous environments | 27.6 | 27.3 | 28.0 | 34.0 | 34.0 | 24.7 | 24.7 | 22.9 | 23.3 |
| Assure business resiliency and continuity | 26.3 | 28.6 | 22.0 | 18.0 | 26.0 | 24.7 | 16.9 | 16.3 | 25.8 |
| Strengthen cybersecurity posture and practices | 44.7 | 32.5 | 34.0 | 38.0 | 40.0 | 35.1 | 33.8 | 31.3 | 31.7 |
| Reduce/contain operational costs | 21.1 | 28.6 | 22.0 | 12.0 | 20.0 | 13.0 | 22.1 | 23.5 | 21.7 |
| Proves complaint practices to regulators | 25.0 | 11.7 | 8.0 | 20.0 | 20.0 | 18.2 | 16.9 | 20.5 | 20.0 |
| Unweighted Valid n | 76 | 77 | 50 | 50 | 50 | 77 | 77 | 166 | 120 |
| Australia | Korea | Malaysia | Philippines | Singapore | United Kingdom | France | Financial Services | Manufacturing | |
|---|---|---|---|---|---|---|---|---|---|
| Unifies data collection and correlation | 26.3 | 28.6 | 22.0 | 32.0 | 26.0 | 24.7 | 26.0 | 18.7 | 29.2 |
| Captures actionable intelligence from a full spectrum of sources | 23.7 | 23.4 | 20.0 | 26.0 | 26.0 | 23.4 | 29.9 | 31.9 | 21.7 |
| Uses synthetic transactions to measure the end-user experience | 19.7 | 16.9 | 18.0 | 12.0 | 14.0 | 10.4 | 20.8 | 16.3 | 16.7 |
| Leverages AI/ML to identify root causes, anomalies, and threats | 22.4 | 18.2 | 18.0 | 20.0 | 24.0 | 26.0 | 16.9 | 19.3 | 22.5 |
| Couples analytics and automation to optimize deployments and operations | 25.0 | 39.0 | 28.0 | 14.0 | 26.0 | 23.4 | 14.3 | 22.9 | 26.7 |
| Ability to provide deep inspection and insights into encrypted traffic | 23.7 | 23.4 | 28.0 | 32.0 | 26.0 | 29.9 | 29.9 | 24.1 | 23.3 |
| Supports data and insights for cloud services and multicloud environments | 23.7 | 32.5 | 28.0 | 38.0 | 38.0 | 35.1 | 22.1 | 25.9 | 30.0 |
| Supports systemwide observability across the entire digital infrastructure | 35.5 | 22.1 | 40.0 | 32.0 | 26.0 | 20.8 | 23.4 | 28.9 | 27.5 |
| Support for industry standards in data formats, exchange mechanisms, and API-enabled access | 23.7 | 20.8 | 28.0 | 34.0 | 28.0 | 27.3 | 23.4 | 24.7 | 23.3 |
| Maintains historical records for later forensic analysis | 22.4 | 22.1 | 20.0 | 30.0 | 16.0 | 16.9 | 22.1 | 18.1 | 19.2 |
| Supports predictive analysis to aid forecasting and problem avoidance | 27.6 | 24.7 | 36.0 | 28.0 | 30.0 | 27.3 | 15.6 | 22.9 | 27.5 |
| Unweighted Valid n | 76 | 77 | 50 | 50 | 50 | 77 | 77 | 166 | 120 |
| Australia | Korea | Malaysia | Philippines | Singapore | United Kingdom | France | Financial Services | Manufacturing | |
|---|---|---|---|---|---|---|---|---|---|
| Not difficult at all | 10.5 | 14.3 | 8.0 | 10.0 | 8.0 | 11.7 | 10.4 | 15.7 | 10.0 |
| Sometimes difficult | 55.3 | 27.3 | 40.0 | 32.0 | 32.0 | 42.9 | 27.3 | 42.2 | 45.8 |
| Very difficult | 25.0 | 49.4 | 48.0 | 52.0 | 46.0 | 31.2 | 37.7 | 27.1 | 35.8 |
| Extremely difficult | 9.2 | 6.5 | 4.0 | 6.0 | 14.0 | 13.0 | 19.5 | 14.5 | 7.5 |
| Not sure | 0.0 | 2.6 | 0.0 | 0.0 | 0.0 | 1.3 | 5.2 | 0.6 | 0.8 |
| Top 2 Box | 34.2 | 55.8 | 52.0 | 58.0 | 60.0 | 44.2 | 57.1 | 41.6 | 43.3 |
| Bottom 2 Box | 65.8 | 41.6 | 48.0 | 42.0 | 40.0 | 54.5 | 37.7 | 57.8 | 55.8 |
| Unweighted Valid n | 76 | 77 | 50 | 50 | 50 | 77 | 77 | 166 | 120 |