How many alerts do you receive a day?
More importantly, how many do you take action on? And how many events happen in your environment that you can’t even set alerts for?
IT professionals are facing a formidable problem nowadays: Too much data. Too many alerts.
Take Target’s massive 2013 data breach as an example. Target’s security team had actually received–and ignored–urgent warnings from a threat-detection tool about unknown malware on its network, because the alerts were so common. (Target ended up settling with several US banks for $39 million, with Visa for $67 million, and with customers for $10 million.)
This problem is particularly worrisome in multi-SaaS environments. First, just consider the sheer volume of operational data your SaaS applications generate. In G Suite, for example, an audit log entry is created every time your domain’s users view, create, preview, print, update, delete, download, or share Drive content. Multiply that by tens, hundreds, thousands of users. Data begets data. It creates an enormous information sprawl.
“This [SaaS] data ‘sprawl factor’ compromises any organization’s ability to gather proper, trustworthy insight that can help it not only understand, but also manage corporate performance effectively,” writes BetaNews.
You Don’t Know What You Don’t Know
At the heart of this sprawl is a deeper, more disconcerting issue: You can’t remedy what you don’t know is wrong. How do you divine meaning from millions of audit logs? How do you gather proper, trustworthy insight and know what to solve?
Sure, you receive alerts that notify you when something (ostensibly) important happens in your organization.
But to be clear, alerts by themselves don’t give you operational intelligence. Alerts are often false alarms–irrelevant, dismissable. According to CloudExpo Journal, “Large IT organizations can receive up to 150,000 alerts per day from their monitoring systems. How are IT employees supposed to sort through them all to pick out the one or two legitimate threats? It’s simple–they can’t.”
Similarly, Computer Weekly writes: “There is no human who can look at millions and millions of events a day. You need machines that can make decisions.”
You Might Have a Lot of Intelligence Floating Around, But Is It Operational?
Creating operational intelligence out of an endless stream of data and alerts is IT’s white whale: heavily sought after, but elusive. Out of reach.
Operational intelligence goes much deeper than alerting. True operational intelligence is useful, actionable information that draws correlations between disparate events. It’s not limited to the realm of security or compliance, either; it can be around collaboration, administration, and more.
But to extract operational intelligence out of this sea of data, first the data must be centralized and normalized. Otherwise, you’ll be looking through every single alert, one by one, because you’ll have no way to consistently detect patterns at scale.
“All your big data will mean nothing without systems of insight,” writes Computerworld. “Without a systematic way to harness data and turn insight into action, your efforts are doomed.”
Complete Visibility is Impossible Today
IT professionals don’t have true operational intelligence today. When they look at their environment, it’s like looking at an analog TV with snowy reception. It gives them a picture once in a while, but there’s a lot of noise and very little signal. What they need is a new, modern, crystal clear 4K smart TV.
Unfortunately, the depth, breadth, and quality of SaaS insights currently available to IT is woefully lacking. Most tools don’t surface sufficient intelligence as far as management of multi-SaaS environments goes. And that intelligence is essential, considering many environments look like this–a sprawling, jumbled web that doesn’t really provide a clear picture:
Consider these shortcomings with most monitoring and alerting tools:
- Alert fatigue. Getting besieged by noisy alerts all day means that you eventually become desensitized to them. Just take Target’s data breach as an example. Additionally, a 2015 survey of 600+ IT professionals found that the number one pain point of being on-call was “alert fatigue–constantly being paged for non-actionable alerts.” Large organizations using G Suite can easily receive 1,000+ suspicious login alerts every day. The onslaught of alerts can paralyze IT, preventing them from taking meaningful, strategic actions. If everything is important, then nothing is important.
- No context. SaaS alerts are typically in a vacuum–that is, they lack context (i.e., structured metadata). This is problematic. “SaaS metadata, more so than traditional metadata, contextualizes data for humans as well as machine processes… This means understanding metadata is vital for SaaS admins,” writes Spanning. “For SaaS applications that are messaging and collaboration tools–i.e., Google for Work, Office 365–metadata plays a vital role in enabling collaboration and control, as it contains information about sharing settings, labels, tags, and ownership.” For example, you might receive an alert informing you: “A Google Doc has been shared publicly.” Well, who owns the Doc, and what department are they in? Should IT be concerned, or is the Doc meant to be shared publicly? Does it contain sensitive information? Without any context, generalized alerts are meaningless. It makes it difficult, if not impossible, to discern what’s actually critical.
- No remediation options. Alerts notify you when something is happening, but what do you do with that? The information is there, but it’s not converted to anything actionable. How do you know what the best remediation actions are (and how to perform them in multiple admin consoles)? Without any action tied to it, there is little to no value. In a 2016 survey of 800+ on-call professionals, 39% of respondents said lack of remediation information was a problem.
- Residence in disparate apps, in multiple consoles. Native administration becomes unscalable as organizations adopt more SaaS products. If you’ve adopted multiple SaaS applications, there is no way to centralize alerts across them or see everything in one unified view. They are siloed. You must check each application separately to see alerts (and some applications do not even provide alerts natively). Each application also has its own alert types, delivery methods, terminology, and admin interface. This disparity means that you must train your IT team on multiple admin consoles, which can be a time-consuming onboarding burden.
- No cross-app insight. Alerts for one individual SaaS app might be useful, but what’s immensely more valuable to IT is being able to surface cross-app correlations or anomalies. For example, if you saw suspicious log-ins or mass sharing events across multiple applications, that intelligence becomes much more meaningful and valid. That’s operational intelligence. However, there is no way of knowing this using native admin consoles.
How Operational Intelligence Can Transform Your Business
There is a better way to manage and operate multi-SaaS environments. You can avoid meaningless alerts in a vacuum. Imagine having SaaS events correlated intelligently for you, like this:
Imagine what organizations could accomplish if they were armed with operational intelligence:
- Remain compliant with company policies, as well as industry and government regulations, by staying abreast of ever-evolving security risks.
- Surface information and remediate issues by taking action quickly in the same console before they escalate into critical incidents.
- Reduce the friction-to-work ratio. Think of all the “friction” IT encounters every day, like sifting through thousands of irrelevant alerts, or manually pulling disparate reports and running scripts in order to see data in one place. Friction gets in the way of meaningful work. Less friction means more time for higher-value, strategic IT projects.
- Gain full clarity over their environment and have that modern, crystal clear “4K TV” view.
- Readily adopt more SaaS applications and scale faster.
Operational Intelligence is Here
BetterCloud’s advanced alerting capabilities allow you to easily customize the threshold, criticality, and notification settings across multiple SaaS applications. You can generate alerts based not only on what’s happening, but also how it’s happening–e.g., if there’s a high event frequency within a specific time period. Multiple SaaS events are correlated, producing one intelligent alert. No coding or parsing access logs is necessary. You avoid alert fatigue altogether because you only receive the alerts that matter to you. BetterCloud also enhances alerts with context and suggested remediation, making them understandable and actionable. IT can then remediate issues across applications and fix anomalies in their SaaS environment with a single click to take action. These alerts can trigger automated workflows, so that if these issues occur again, they will automatically be fixed.
BetterCloud’s operational intelligence obviates the need to dig through disparate haystacks for critical insights. At last, IT can finally manage and scale their SaaS applications, bridge silos, and gain full clarity over their SaaS environments.
We’ve spent the last two years building the first-ever true unified SaaS management platform, which centralizes and automates the administration of SaaS applications, launching it in December of 2016. Expect more exciting announcements and functionality like this one throughout 2017 as we add on to the platform. To learn more, request a personalized consultation with our team.