Gov Day Sacramento 2015 - Keynote/Overview
•
3 likes•408 views
Gov Day Sacramento 2015 - Keynote/Overview Snehal Antani, CTO, Splunk
Recommended
Recommended
More Related Content
What's hot
What's hot (19)
Viewers also liked
Viewers also liked (17)
Similar to Gov Day Sacramento 2015 - Keynote/Overview
Similar to Gov Day Sacramento 2015 - Keynote/Overview (20)
More from Splunk
More from Splunk (20)
Recently uploaded
Recently uploaded (20)
Gov Day Sacramento 2015 - Keynote/Overview
- 1. Copyright © 2015 Splunk Inc. Splunk Overview Snehal Antani, CTO, Splunk
- 2. Commercial Intensity Market Speed Earning a seat at the table
- 3. We should be running the agency in real time! Why am I making decisions on last month’s data?
- 4. Data from the past Realtime Data Statistical Forecast T – a few days T + a few days Security Operations Center IT Operations Center Business Operations Center Descriptive (BI Tools, Data Lakes) Grey space Predictive (Models)
- 5. Security Operations IT Operations Business Operations SAME DATAOf the Asking different QUESTIONS Different PEOPLE
- 6. Fast-feedback loop for actionable commercial insights Responsibly Move at Market Speed PROGRAM MANAGERS DEVELOPERS IT BUSINESS APPLICATION PLATFORM HOW IS OUR: • Security? • Quality? • Stability? • Performance? HOW IS OUR: • Market Launch? • Feature Usage? • Marketing Changes? • Prioritization?
- 7. IoT WORKLOADS Blurring the Lines Between Digital & Physical Security Ops Center Business Ops Center IT Ops Center CLOUD WORKLOADS ENTERPRISE IT WORKLOADS ADVANCED CORRELATION HYBRID DEPLOYMENT SINGLE PANE OF GLASS
- 8. 2. Focus on the foundation 3. Divide, empower, and deliver 4. Ignore the “Eeyores” 1. Define your outcomes • Development Velocity • Failed Customer Interactions • Compliance Response Time App Teams App Platform Hybrid Cloud Continuous Delivery Continuous Insights But how do you get there? 5. Dreamers, Debaters, & Executers 6. Better to be infamous than unknown
- 9. Install App Servers Install OS’ Install Physical Servers Configure network Configure security Debug! Servers Storage Networking Virtualization Management Security Middleware Patterns Automated Deployment Applications 1. Hybrid Cloud Fewer “moving parts” for speed & stability Get out of the “IT integration business” Challenge: People & processes, not tech
- 10. 2. Continuous Delivery Sonar code quality Static Security Scans Build cloud Developer checks in code Automated Acceptance Tests Dynamic Security Scans Test Cloud “Chaos Monkey” tests Automated Deploy = = X X Production Cloud QA Prod Pattern Automated Deploy Pattern Library
- 11. Dev/Test Cloud Dev Pattern QA Prod Pattern Production Cloud QA Prod Pattern Enterprise Architecture Pattern LibraryDeveloper Dev, QA, & Prod provisioned in minutes Speed, Consistency, & Repeatability with Patterns
- 12. Real-time Dashboards Ensure Transparency • Best / worst developers • Custom training programs • Best / worst outsourced providers
- 13. • Visualize • Analyze • Take Action … quickly … automatically 3. Continuous Insights: Proactive, not reactive QA Prod Pattern
- 14. How? Web CoE Middleware CoE DB CoE CoE Specific KPI’s & Dashboards Business Transaction KPI’s & Dashboards “Canary” Thumbs up / down “Band-aids” Document – Script – Trust – Auto-execute “War Room” Collaborative Troubleshooting & Post-mortem IT Operations Center
- 15. Detect Potential Failed Constituent Interactions… Service Status
- 16. … and do something about it!
- 17. Operational Intelligence Platform Web Logs App Logs Network Logs Endpoint Logs Identity Logs Wearables Vehicles … Industrial Control SCADA … IT DATA IOT DATA OT DATA Time HOTWARM Data Aging Policy COOLCOLD Historical Near Real-time Predictive High-speed Data Ingest T0 PREDICTALERTSEARCH VISUALIZE ANALYZEDEVELOPEnrich ACT
- 18. Investigate the data in real-time • Define Static schema • ETL into Schema • Enrich at write • New data = new columns • New questions = new columns Ideal for asking the same question repeatedly • Schema-on-the-fly • Data in native format • Enrich on read • New data = no changes needed • New questions = no changes needed Ideal for investigation & exploration 150.128.102.148 - - [07/Aug/2014:00:59:52 +0000] "GET /images/web/2009/banner.png HTTP/1.1" 200 52315 "http://www.semicomplete.com/blog/articles/week-of-unix- tools/day-1-sed.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36 vs. Schema-on-write Schema-on-read
- 19. Establish a culture of Continuous Improvement
- 20. Pivot & improve with Continuous Insights Program Managers identify new opportunities Continuously delivered to market … and Auditors are “happy” Fast-feedback enables Market Speed
- 21. With a Strong IT foundation, and the right culture… Commercial Intensity + Market Speed = Resources of an Enterprise, Agility of a startup
- 22. Thank You
Editor's Notes
- With that, I’d like to introduce our first presenter, Snehal Antani, CTO Splunk JASON – PASS THINGS OVER TO SNEHAL
- IS THIS WHERE YOU DISCUSS YOUR PREVIOUS ROLE? WANT TO ENSURE WE DON’T LOSE AUDIENCE WITH COMMERCIAL AND MARKET – NEED TO TIE TO GOVERNMENT
- CHANGED BUSINESS TO AGENCY – BUT WILL CHANGE BACK IF THIS IS ANECDOTAL --------- Tera – it would be great if we can have two options for this slide Option 1 ) – just have the two pieces of text in nice fonts Option 2 ) have simple icons one representing a reactive vs real time (The narrative here being that – don’t run your business reactively on stale data when you can run the business in real time) Real time – use clock Icon for reactive
- MAYBE MAKE COMMENT ABOUT BUSINESS AND GOV BEING DIFFERENT – BUT MAKE CONNECTION THAT THEY STILL HAVE BUSINESS PROCESSES THAT NEED TO BE EXECUTED TO KEEP THE AGENCY RUNNING JUST TO ADDRESS THAT THIS IS NOT A COMMERCIAL AUDIENCE
- Culture: Bold Ideas Lean Startup Focused on customer outcomes
- JUST BECAUSE YOU AREN’T RUNNING A BUSINESS DOESN’T MEAN THAT THE CONSTITUENTS YOU SERVICE DON’T EXPECT YOU TO MOVE AT MARKET SPEED. BUT IT’S EVEN MORE IMPORTANT TO DO SO RESPONSIBLY, GIVEN THE SENSITIVE INFORMATION YOU’RE ENTRUSTED WITH AS A GOVERNMENT AGENCY. CHANGED PRODUCT MANAGERS TO PROGRAM MANAGERS HOW IS OUR: Market Launch? Feature Usage? Marketing Changes? Prioritization? CHANGED TO: HOW IS OUR: Program Launch? Services Usage? Engagement Changes? Prioritization?
- -------------- Tera – For the cloud workloads we can show the company logos (please add AWS) (We also had done a version of the slide – please see next slide) For IOT workloads – we can use the IoT icons (can pull from slide 20) For Enterprise workloads – we can use standard IT icons – don’t need a special one for mainframes. As for the treatment of the three bullets – we could do something similar to what we did in Nate’s ES deck.
- Challenge isn’t technology, we have best-in-class products from multiple vendors; it’s people + processes. Integrated Systems serve as a catalyst for breaking the existing processes, kingdoms, and culture; and creates an opportunity to rebuild for the future Before: Self-integrated, 10+ teams, manual QA + Prod deployed in 3-6 months Compliance reports in 3-6 months After: Pre-integrated, 1 team, fully-automated QA + Prod deployed in < 60 minutes Compliance reports in < 10 minutes MENTION THIS CASE STUDY: The CISO of the City of LA built an Integrated Security Operations Center, analyzing 14 million+ events per day, using Splunk Cloud and the Splunk App for Enterprise Security. The City was able to accelerate its deployment by pursuing a cloud-based approach to SIEM and enhanced cybersecurity collaboration between internal and external stakeholders.
- PROGRAM Manager goal: identify next opportunity/requirements IT Ops goal: Reduce FCI’s Pro-actively identify Visualize Collect & Analyze Take pro-active actions Engage MTTR from hours to minutes FCI’s reduced TIE TO NEED FOR AGENCY EFFICIENCY
- PROGRAM Manager goal: identify next opportunity/requirements IT Ops goal: Reduce FCI’s Pro-actively identify Visualize Collect & Analyze Take pro-active actions Engage MTTR from hours to minutes FCI’s reduced
- Detect Potential Failed Customer Interactions… CHANGED TO: Detect Potential Failed CONSTITUENT Interactions… OR: TALK ABOUT INTERNAL CUSTOMERS? Pro-actively identify service (INSTEAD OF BUSINESS) issues Visualize the source of the issue Collect & Analyze diagnostics data automatically Take pro-active actions to mitigate the problem Engage the right people immediately Proactively Identify: Stuck deals are identified before the call is made to support Visualize: Business Activity Monitoring tracks deals; Yellow indicates where the deal is stuck. Red would indicate a catastrophic system failure.
- Collect & Analyze: All relevant logs from application servers, network devices, Siebel, Oracle, etc are retrieved and analyzed via Splunk
- CONSTITUENT Interactions Insights into successful/failed/degraded CONSTITUENT interactions Prevent regrettable attrition Improving cost or impact of interactions Business Process Analytics Reduce CONSTITUENT friction Hunt & eliminate tribal processes Simplify existing processes Commercialization Product usage/adoption Optimize SERVICES Improve business performance ($) Customer Interactions Insights into successful/failed/degraded customer interactions Prevent regrettable attrition Improving cost or impact of interactions Business Process Analytics Reduce customer friction Hunt & eliminate tribal processes Simplify existing processes Commercialization Product usage/adoption Optimize marketing Improve business performance ($)
- Customer Interactions Insights into successful/failed/degraded customer interactions Prevent regrettable attrition Improving cost or impact of interactions Business Process Analytics Reduce customer friction Hunt & eliminate tribal processes Simplify existing processes Commercialization Product usage/adoption Optimize marketing Improve business performance ($)
- Culture: Bold Ideas Lean Startup Focused on customer outcomes