With increasing use of AI, focus is shifting to ensuring application security
Oleh Amit Roy Choudhury
Splunk’s APAC Area VP for South Asia Dhiraj Goklani said observability needs to be embedded in software release cycles.
Splunk’s APAC Area Vice President for South Asia, Dhiraj Goklani said Governments and business leaders have started to look at critical services not just from a business risk perspective but also by considering key performance indicators (KPIs) and applying security risk frameworks to each of these indicators. Image: Splunk
As governments incorporate more artificial intelligence (AI)-enabled features into core applications and critical services, the focus is in ensuring these applications remain secure.
Speaking with GovInsider at this year’s Govware conference, Splunk’s APAC Area Vice President for South Asia, Dhiraj Goklani, said both governments and the private sector understand that it is important to ensure these services remain secure and perform well, especially during critical periods like the election season and in various vital smart city initiatives.
He said government and business leaders should consider critical services not only from a business risk perspective but also by considering key performance indicators (KPIs) and applying security risk frameworks to each of these KPIs.
“What they are finding is that there is a good mash-up between observability and security because business risk also includes security and performance risk,” Goklani said.
Observability refers to the ability to monitor and analyse the internal state of a system by examining its output, while security processes refer to the actual process of securing a service.
Observability needs to be part of code
There is a constant need to release software with more capabilities, “but unless you make observability part of the code and embed it inside your release cycles, it becomes an afterthought,” he said.
Every time organisations do microservices-based architecture on the cloud, that increases their technical debt.
“So Splunk continues to invest heavily in this area because with more and more cloud, and native technologies, we're seeing there's the gap of visibility that is getting higher and higher,” he said.
Splunk’s State of Observability report noted that organisations that have better visibility across their environment experience less downtime. When they do have downtime, they can bounce back swiftly. They also have a lasting impact on the business by enabling their developers to innovate, not drown in drudgery, and launch products faster.
To subscribe to the GovInsider bulletin click here.
Organisations need to look at both observability and security together as much as possible, even though “our people and processes are quite divided,” he added.
Increasingly, organisations are seeing architecture teams and governance teams coming together to improve observability and security in tandem, he said.
Goklani noted that Splunk worked with South Australia Health (SA Health) to achieve one of the largest and most advanced Splunk deployments in Australia.
The implementation comprising Splunk Cloud, Splunk Enterprise Security and Splunk IT Service Intelligence has enabled horizontal service visibility, increased operational efficiencies and a cyber and IT operations skills uplift for approximately 100 staff.
Using AI to predict potential issues
Goklani observed that the government sector is increasingly using AI to predict potential issues and provide early warnings, leveraging large language models (LLMs) and rich data lakes.
From a skills perspective, there is a real push to make sure that analysts can work with AI and harness the power of these LLMs, he added.
However, there is a “big gap right now,” he said.
The challenge, he observed, is that the pace at which new LLMs and AI models are coming out “is much faster than what people can keep up with”. Thus, knowing which LLMs will make a difference will be critical.
Goklani added that with AI and LLMs available to bad actors, the volume and pace of threat activity have also gone up.
DevSecOps to improve code security
To improve the overall cybersecurity posture of apps, Goklani recommends starting as early as possible through a DevSecOps approach.
DevSecOps refers to a framework that integrates security into earlier phases of software development.
This can come down to something as basic as running a vulnerability scan as part of the DevSecOps process, something Splunk emphasises.
“It is important to understand that even in the government, apps are usually written in a very agile DevOps environment.”
To subscribe to the GovInsider bulletin click here.
“The missing piece is implementing the DevSecOps approach. This will make sure that the developer teams are writing secure code, and building observability into the code,” he said.
Cisco and Splunk bring more to the table
Goklani said as Cisco and Splunk come together, there are now Cisco capabilities integrated into Splunk platforms to enable secure code creation and production as well.
“Right now, what's happening is that there is so much more code being generated that there is a need to rethink frameworks in terms of the testing and quality assurance (QA). The good news is that there are tools and technologies with AI to do better testing and QA,” he said.
He noted that Splunk’s ability to handle large datasets and unstructured data positions it well for future challenges.
Talking about the future, Goklani said the focus will be on generative AI (GenAI) and spatial intelligence where applications become self-learning.
There is a need for collaboration across different companies due to a massive increase in data. “Everyone is realising that they have to contribute back to open source,” he said.
Goklani noted that Splunk started contributing to open source about six years back.
“For example, in observability, we contributed our code to the open telemetry framework,” he said.
“I see a lot more of that happening for the greater good of the planet, [where] people contribute to open source, and that will help everybody,” he said.