Observability for the Public Sector: Greater Visibility for a More Resilient Digital Future

Observability continues to prove its worth. In The State of Observability 2023, the annual research report Splunk created in partnership with the Enterprise Strategy Group, we share the characteristics that set the observability leaders (those with a mature observability practice) apart from the rest. In brief, observability leaders across all sectors report:

• One-third the number of outages per year as beginners (those with a still-nascent observability practice)
• Minutes to resolve downtime or serious issues — not hours or days
• Four times the confidence in their ability to meet reliability and performance requirements than beginners

For organizations across the public sector, observability may still be a relatively new practice, but that hasn’t stopped leaders from increasingly investing in observability in pursuit of more secure, reliable and trustworthy digital experiences for every community and citizen. 

In the report, we track best practices, trends and challenges across the observability landscape, highlighting standout data points specific to key industries — including the public sector. 

Among the greatest challenges facing the public sector — yet, certainly not unique to the sector: siloed teams and tools, along with staff attrition. The report also indicated that the public sector trails the private sector when it comes to formalizing its stance on resilience, but an increased focus on resilience in the Biden-Harris Administration’s National Cybersecurity Strategy, released in March 2023, could spur the sector to catch up — quickly.

Making Strides Toward a Unified Observability Practice

More tools, more data and more alerts — combined with limited visibility across complex environments — hinder cross-functional collaboration in organizations across all sectors. Observability leaders are using the same tools and data sets to ensure teams are all reading from the same songbook — and working together to identify issues before they affect customer or user experience. 

Our public sector respondents were less likely to report that their APM tools and teams are unified with their observability practice right now. But it might not be too long before the sector catches up. Public sector organizations are more likely than private sector organizations to report that there will be functional convergence in the future across APM and observability (37% versus 25%), as well as AIOps and observability (40% versus 24%). This indicates the sector not only recognizes the importance of functional convergence but is actively working towards it. 

Taking Resilience From Vision to Action 

Across all sectors, resilience emerged as a top priority, with 73% of respondents saying that failure to invest in resilience will cause them to lose customers. However, the report suggests that the public sector trails the private sector when it comes to its stance on resilience. When we conducted our survey in December 2022 and January 2023, we found that while 40% in the private sector had instituted a formal approach to resilience, only 26% in the public sector had done the same.

But this may be poised to change in the wake of the Biden-Harris Administration’s National Cybersecurity Strategy, released in March 2023.

Designed to provide a strategy to secure our digital ecosystem through a coordinated approach, the strategy clearly defines a vision for the country’s digital future: one that is defensible, resilient and values-aligned. The introduction reads: 

“We must make fundamental changes to the underlying dynamics of the digital ecosystem, shifting the advantage to its defenders and perpetually frustrating the forces that would threaten it. Our goal is a defensive, resilient digital ecosystem where it is costlier to attack systems than defend them, where sensitive or private information is secure and protected, and where neither incidents nor errors cascade into catastrophic, systemic consequences.”

To advance toward this vision, the Administration centers resilience as crucial to securing cyberspace and our digital ecosystem — setting out to defend critical infrastructure through new and strengthened partnerships, strengthened cybersecurity requirements and renewed initiatives to develop a national cyber workforce (more on the global cyber workforce shortage below). 

These initiatives complement and enhance the sector’s efforts towards a zero trust security model, laid out in the Administration’s 2021 executive order (EO 14028) on improving the nation’s cybersecurity through better incident readiness and response. In direct response to the EO, the Office of Management and Budget subsequently released a memo (M-21-31) that addresses requirements in section eight of the EO around logging, log retention and log management. The new requirements were established to help improve government visibility before, during and after a cybersecurity incident such as the infamous SolarWinds incident — with the express purpose to help improve the country’s resilience against such attacks.

At the highest level, M-21-31 prescribes an enterprise logging maturity model with four levels (EL0-EL3) and sets deadlines for each level. Each level becomes increasingly sophisticated by requiring more data sources, longer retention and eventually implementing UBA and SOAR capabilities.

To help your organization meet EL 2 Intermediate Tier capabilities, view the Splunk webinar here.  

In light of the Administration’s coordinated efforts around building resilience, it will be interesting to note how the public sector gauges its own approach to resilience in next year’s report. 

Finding and Retaining Talent Is Vital for a Mature Observability Practice 

Organizations from across all industries are in a similar bind: It is increasingly challenging to find and keep IT talent. For the public sector, the issue seems a tad more acute, with more respondents reporting instances of “brain drain,” where critical staff on the observability team are poached and leave for other positions.

Forty-nine percent report multiple occurrences of brain drain in the past 12 months (versus 34% in other sectors). With a possible recession looming, public sector organizations are more pessimistic: 59% expect that hiring staff with the necessary observability skills will be harder in the event of a recession (versus 43%).  

Seeking Added Capabilities — Sans the Complexity

To conclude on a hopeful note, 74% of public sector organizations report increased functional observability capabilities, without creating a more complex vendor landscape. Seventy-seven percent of respondents report that they haven’t added new observability vendors to their ecosystem (versus 55% across other sectors).

Being able to do more — without the burden of complexity challenges — will be especially handy if skill shortages worsen. As the sector rapidly ramps up its observability practices to meet increasing performance demands and security threats, organizations will have to continue to move away from relying on fragmented tools and processes in lieu of a simplified, unified solution.  

Read the full State of Observability report to discover the characteristics of a successful observability practice — and how to advance your own.