Navigating internet complexity: Leveraging tech for business security
Image via Unsplash
Regardless of industry, the modern business world is increasingly distributed, interconnected, service-oriented and complex. Several departments, often led by security and IT, are critical for protecting businesses’ online presence as tech evolves. While enterprises have no choice but to embrace the Internet, its infrastructure was designed a long time ago and many foundational, underpinning systems create major risk for new applications today. Despite a heavy reliance on the Internet, it is far more precarious and complex than many business leaders realize. And unfortunately, examples such as OpenAI's major outage on June 4, 2024 demonstrate exactly how impactful that fragility can be. Amid an increasingly complex Internet Stack and soaring expectations for security and IT departments, evolving technology plays a vital role in not only reducing the burden of monitoring but proactively enhancing performance.
The impact of internet stack disruptions on enterprises
The Internet Stack is the collection of technologies, systems, and services that make possible and impact every digital user experience. This powerful term encompasses the public Internet, their points of interconnection, critical API endpoints, and everything in between. Core Internet systems like DNS, security technologies like SASE, and protocols like TCP/IP, QUIC or BGP are also critical components. With so many components in flux, it’s not a matter of if — but when — the business will face a disruption or full-blown outage, whether from bad actors in a DDoS attack or a simple configuration change gone awry.
In fact, many business leaders take for granted that their Internet Stack will remain reliable and performant — until disaster strikes. And when that happens, the business sees negative impacts across operations, revenue and reputation. According to a recent survey of Site Reliability Engineers, 71% and 84% of SREs respond to dozens or hundreds of non-ticketed and ticketed incidents a month, respectively. A full-blown network disruption could render remote employees unable to complete work, cause customers to abandon carts while online shopping, and result in a devastating loss of customer trust and damage to brand reputation, ultimately costing an enterprise millions. In fact, a 2023 Forrester survey reported 39% of respondents estimated that their company lost up to one million dollars due to disruptions in the preceding month. For better or for worse, the pressure is on DevSecOps teams to proactively prevent and mitigate the impact of a network disruption. According to the same SRE survey, more resources likely mean more opportunity to dedicate a particular unit to incident response work. Only 3% of small organizations have this kind of dedicated initiative in place compared to one third of companies with more than 1,000 employees.
Doing more with less due to the tech talent shortage
In parallel with these increasing pressures, the tech talent shortage presents additional hurdles for IT and security teams. According to Korn Ferry, by 2030 more than 85 million jobs could go unfilled because there aren’t enough skilled people to take them. This issue is particularly pervasive in cybersecurity, with the cybersecurity workforce shortage rising to a record high of just under 4 million in 2023. Finite talent resources, in combination with an increasingly complex digital environment, means IT leaders are being asked to do more with less, integrating teams while maintaining high performance and productivity. Thus, security and DevOps teams are more and more frequently being merged and giving rise to DevSecOps. In the face of finite resources and increased collaboration, implementing evolving tech tools into practice can be the difference between proactivity catching an issue, and spending hours resolving a disruption.
Leveraging tech tools to bridge the gap
Implementing tech tools can streamline security operations, reduce manual efforts, and relieve strain on DevSecOps teams. The tools available in this space are rapidly evolving, with advancements designed to counter Internet Stack disruptions, mitigate areas of vulnerability and reduce mean time to identify (MTTI) and mean time to resolve (MTTR). The latest advancements even extend beyond the capabilities of Application Performance Monitoring (APM) for a deeper look at Internet Performance Monitoring (IPM). Such tools enhance proactive threat identification and go beyond alerts to develop detailed, automatic, and interactive maps that simplify troubleshooting for DevSecOps. They visualize external dependencies beyond the visibility of APM. These tools can leverage real-time data and AI to automatically generate dependency maps for critical services and applications: a live check-up into application health.
The ideal monitoring strategy for a DevSecOps team involves end to end visibility; tracking the health of networks in real-time and providing useful insights that will help optimize the application and protect the DNS Providers, CDNs, Partner/Vendor APIs, Cloud Providers, and others we rely on. With leadership supporting cross-collaboration and the adoption of new-age tech tools as part of the strategy, DevSecOps teams can monitor what matters, from where it matters, continuously improving cybersecurity and IT strategy to reduce the risk of any negative impact on end-user experience and business outcomes. Additionally, with talent so tight, companies must consider using the latest tech for teams to approach monitoring from a proactive angle and empower new team members to navigate issues regardless of years of training. The Internet is complex, but by keeping up with tech, businesses can ensure their operations run smoothly.
Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!
.webp?height=200&t=1668187948&width=200 "tim-mossholder-sxb8StmTfaw-unsplash (1).jpg")
