Security observability, AI require data hygiene in DevSecOps

Cloud-native technology continues to grow in complexity and generate massive volumes of data, but a simple, time-honored adage still applies: Garbage in, garbage out.

Similar to other guests on IT Ops Query Season 2: The State of SecOps, New Relic chief information security officer (CISO) Esteban Gutierrez has witnessed the divergence between network operations and security operations, and the struggle to get these teams back on the same page since then. As an enterprise information security strategist at Intel, part of his mandate was to bridge that divide.

"I started to see that we were treating security too much like warfare -- it was very antagonistic, us versus them, and [a] culture of secrecy," Gutierrez told TechTarget Editorial's Beth Pariseau in this podcast episode. "And I started to think more about what we were trying to do, which is really trying to grow the business and help it be successful."

Esteban Gutierrez

This led to closer collaboration between SecOps and NetOps teams during his Intel tenure, which has continued to grow since he left for a new role as security operations manager at New Relic in 2016. Eight years later, New Relic has brought SecOps data into its observability SaaS, which was originally focused on application performance management. And it's seen the effect that making use of shared telemetry can have on DevSecOps collaboration.

"With better observability comes better governance, better risk management," Gutierrez said. In New Relic's annual Observability Forecast report for 2024, released this month, 58% of 1,700 survey takers said their companies have deployed security monitoring. Security governance, risk and compliance was the second-most-cited driver for observability, reported by 41% of respondents.

"As we see more regulation, federal or government oversight and guidance on critical business and business impact [of cybersecurity], companies are starting to pay attention to that," he said.

The term observability has different meanings to different people, but for Gutierrez it boils down to one thing: The more high-quality data can be used to make decisions in real time, the better.

"My hope is that we can shift everywhere, so that the fullest state context and understanding that we get from observability combined with the security telemetry allows us to give, for instance, a developer who is starting to build a service or an application knowledge that, 'Hey, you might be programming [in] an issue here,'" he said.

AI and machine learning can help with the deluge of data observability entails, but in both AI/ML and DevSecOps environments, data quality and data hygiene are the operative terms, according to Gutierrez.

"One of the main problems I see with AI is … that if you feed it garbage, you're going to get garbage," he said. "It's key to make sure that there's good data going into your AI model, and that the AI model is doing something useful with it as well."

Beth Pariseau, senior news writer for TechTarget Editorial, is an award-winning veteran of IT journalism covering DevOps. Have a tip? Email her or reach out @PariseauTT.