What is Operational Intelligence? Level 1
It is probably a bit late to say “Happy New Year” so maybe “Happy New Blogging Year” might be more appropriate. As part of last year’s research with analyst company Quocirca, we looked into the fastest growing concerns for European business and the role Operational Intelligence plays in addressing them. The three main concerns from the research were security threats, data chaos from IT systems and poor customer experience. The idea of this blog series was to explain the four levels of Operational Intelligence and how they map to each of the three main concerns. To give you an introduction to the four adoption levels of OI, it looks a little something like this:
Let’s get started with OI level 1:
When it comes to IT Operations and Application Delivery, you’re likely to be collecting data from a number of sources and using it to search for errors and investigate the cause of potential IT performance issues. This data may include web infrastructure logs, network data, application diagnostics and cloud service information. At Operational Intelligence (OI) level 1, this helps organisations react and respond to incidents, outages and other issues. You’re probably looking to correlate different sources of data to find where a performance bottleneck is occurring and troubleshoot the issue. At the next stage of OI adoption, organisations move on to become more proactive and deliver flexible monitoring and alerting across the entire IT and application estate.
You’re likely to be using your machine data to react to some form of security incident or attack. You’ll be identifying, collecting and storing the security relevant data you need. This security data is likely to be in its own silo. Once you’ve done this you’ll probably be using the data to search for security events from four main classes of data; log data, binary data, threat intelligence data and contextual data. There is a good chance that you are starting to conduct some form of forensic investigation to look for the signs of recent attacks and examine a trail of evidence left in the data. This incident investigation in response to an attack will consist of looking for threats inside a certain time window, and will likely be conducted by a security analyst. Security teams need an infrastructure wide view of activities in order to identify, understand and stop attackers. At the next level of OI adoption, organisations start to benefit from a real-time security posture and advanced monitoring and correlation to spot unusual behaviour and potential threats. Organisations will also start to include some form of context around security data.
You’re probably using the machine data that is captured for IT use cases for some ad hoc analysis. Most organisations at OI level 1 use this machine data to react to variances in business performance. You may be searching a customer’s interaction history for a failed order to respond to degraded customer engagement, a drop in ecommerce conversion or inbound customer complaint calls. You may also be conducting ad hoc investigations into customer drop off trends and identifying technical issues that impact customer experience. At the next level of OI adoption, most organisations start to monitor customer experience end-to-end and build in proactive alerting around key customer satisfaction metrics.
I’ll be back tomorrow with (no surprise) OI level 2. See you then!