How Data-Driven Continuous Intelligence Benefits Aid the Development and Management of Modern Applications
How Data-Driven Continuous Intelligence Beneﬁts Aid the
Development and Management of Modern Applications
Transcript of a discussion on how modern applications are different and what is needed to make
them more robust, agile and responsive.
Listen to the podcast. Find it on iTunes. Get the mobile app. Sponsor: Sumo
Dana Gardner: Welcome to the next edition of BrieﬁngsDirect. I’m Dana Gardner, Principal
Analyst at Interarbor Solutions, your host and moderator.
Today, more than ever, how a company's applications perform equates with how
the company itself performs and is perceived. From airlines to retail, from
ﬁnding cabs, to gaming, how the applications work deeply impacts how the
business processes and business outcomes work.
We’ll now explore how new levels of insight and intelligence into what really
goes on underneath the covers of modern applications ensure that apps are built,
deployed, and operated properly.
A new breed of continuous intelligence emerges by gaining data from systems infrastructure logs
-- either on-premises or in the cloud -- and then cross-referencing that with intrinsic business
Access the Webinar
On Gaining Operational Visibility
We’re here with an executive from Sumo Logic to learn how modern applications are different,
what's needed to make them robust and agile, and how the right mix of data, metrics and
machine learning provides the means to make and keep apps operating better than ever.
With that, please join me in welcoming our guest, Ramin Sayar, President and CEO of Sumo
Logic. Welcome to BrieﬁngsDirect, Ramin.
Ramin Sayar: Thank you very much, Dana. I appreciate it.
Gardner: There’s no doubt that the apps make the company, but what is it about modern
applications that makes them so difﬁcult to really know? How is that different from the
applications we were using 10 years ago?
Sayar: You hit it on the head a little bit earlier. This notion of always-on, always-available,
always-accessible types of applications, either delivered through rich web mobile interfaces or
through traditional mechanisms that are served up through laptops or other access
points and point-of-sale systems are driving a next wave of technology
architecture supporting these apps.
These modern apps are around a modern stack, and so they’re using new platform
services that are created by public-cloud providers, they’re using new
development processes such as agile or continuous delivery, and they’re expected
to constantly be learning and iterating so they can improve not only the user
experience -- but the business outcomes.
Gardner: Of course, developers and business leaders are under pressure, more than ever before,
to put new apps out more quickly and to then update and reﬁne them on a continuous basis. So
this is a never-ending process.
Sayar: You’re spot on. The obvious beneﬁts around always on is centered on the rich user
interaction and user experience. So, while a lot of the conversation
around modern apps tends to focus on the technology and the
components, there are actually fundamental challenges in the
process of how these new apps are also built and managed on an
ongoing basis, and what implications that has for security. A lot of
times, those two aspects are left out when people are discussing modern apps.
Gardner: That's right. We’re now talking so much about DevOps these days, but in the same
breath, we’re taking about SecOps -- security and operations. They’re really joined at the hip.
Sayar: Yes, they’re starting to blend. You’re seeing the technology decisions around public
cloud, around Docker and containers, and microservices and APIs, and not only led by
developers or DevOps teams. They’re heavily inﬂuenced and partnering with the SecOps and
security teams and CISOs, because the data is distributed. Now there needs to be better visibility
instrumentation, not just for the access logs, but for the business process and holistic view of the
service and service-level agreements (SLAs).
Gardner: What’s different from say 10 years ago? Distributed used to mean that I had, under my
own data-center roof, an application that would be drawing from a database, using an application
server, perhaps a couple of services, but mostly all under my control. Now, it’s much more
complex with many more moving parts.
Sayar: We like to look at the evolution of these modern apps. For example, a lot of our
customers have traditional monolithic apps that follow the more traditional waterfall approach
for iterating and release. Often, those are run on bare-metal physical servers, or possibly virtual
machines (VMs). They are simple, three-tier web apps.
We see one of two things happening. The ﬁrst is that there is a need for either replacing the front
end of those apps, and we refer to those as brownﬁeld. They start to change from waterfall to
agile and they start to have more of an N-tier feel. It's really more around the front end. Maybe
your web properties are a good example of that. And they start to componentize pieces of their
apps, either on VMs or in private clouds, and that's often good for existing types of workloads.
The other big trend is this new way of building apps, what we call greenﬁeld workloads, versus
the brownﬁeld workloads, and those take a fundamentally different approach.
Often it's centered on new technology, a stack entirely using microservices, API-ﬁrst
development methodology, and using new modern containers like Docker, Mesosphere, CoreOS,
and using public-cloud infrastructure and services from Amazon Web Services (AWS), or
Microsoft Azure. As a result, what you’re seeing is the technology decisions that are made there
require different skill sets and teams to come together to be able to deliver on the DevOps and
SecOps processes that we just mentioned.
Gardner: Ramin, it’s important to point out that we’re not just talking about public-facing
business-to-consumer (B2C) apps, not that those aren't important, but we’re also talking about all
those very important business-to-business (B2B) and business-to-employee (B2E) apps. I can't
tell you how frustrating it is when you get on the phone with somebody and they say, “Well, I’ll
help you, but my app is down,” or the data isn’t available. So this is not just for the public facing
apps, it's all apps, right?
It's a data problem
Sayar: Absolutely. Regardless of whether it's enterprise or consumer, if it's mid-market small
and medium business (SMB) or enterprise that you are building these apps for, what we see from
our customers is that they all have a similar challenge, and they’re really trying to deal with the
volume, the velocity, and the variety of the data around these new architectures and how they
grapple and get their hands around it. At the end of day, it becomes a data problem, not just a
process or technology problem.
Gardner: Let's talk about the challenges then. If we have many moving parts, if we need to do
things faster, if we need to consider the development lifecycle and processes as well as ongoing
security, if we’re dealing with outside third-party cloud providers, where do we go to ﬁnd the
common thread of insight, even though we have more complexity across more organizational
Sayar: From a Sumo Logic perspective, we’re trying to provide full-stack visibility, not only
from code and your repositories like GitHub or Jenkins, but all the way through the components
of your code, to API calls, to what your deployment tools are used for in terms of provisioning
We spend a lot of effort to integrate to the various DevOps tool chain vendors, as well as provide
the holistic view of what users are doing in terms of access to those applications and services.
We know who has checked in which code or which branch and which build created potential
issues for the performance, latency, or outage. So we give you that 360-view by providing that
full stack set of capabilities.
Gardner: So, the more information the better, no matter where in the process, no matter where
in the lifecycle. But then, that adds its own level of complexity. I wonder is this a ﬁre-hose
approach or boiling-the-ocean approach? How do you make that manageable and then
Sayar: We’ve invested quite a bit of our intellectual property (IP) on not only providing
integration with these various sources of data, but also a lot in the machine learning and
algorithms, so that we can take advantage of the architecture of being a true cloud native
multitenant fast and simple solution.
So, unlike others that are out there and available for you, Sumo Logic's architecture is truly cloud
native and multitenant, but it's centered on the principle of near real-time data streaming.
As the data is coming in, our data-streaming engine is allowing developers, IT ops
administrators, sys admins, and security professionals to be able to have their own view, coarse-
grained or granular-grained, from our back controls that we have in the system to be able to
leverage the same data for different purposes, versus having to wait for someone to create a
dashboard, create a view, or be able to get access to a system when something breaks.
Gardner: That’s interesting. Having been in the industry long enough, I remember when logs
basically meant batch. You'd get a log dump, and then you would do something with it. That
would generate a report, many times with manual steps involved. So what's the big step to going
to streaming? Why is that an essential part of making this so actionable?
Sayar: It’s driven based on the architectures and the applications. No longer is it acceptable to
look at samples of data that span 5 or 15 minutes. You need the real-time data, sub-second,
millisecond latency to be able to understand causality, and be able to understand when you’re
having a potential threat, risk, or security concern, versus code-quality issues that are causing
potential performance outages and therefore business impact.
The old way was hope and pray, when I deployed code, that I would ﬁnd something when a user
complains is no longer acceptable. You lose business and credibility, and at the end of the day,
there’s no real way to hold developers, operations folks, or security folks accountable because of
the legacy tools and process approach.
Center of the business
Those expectations have changed, because of the consumerization of IT and the fact that apps
are the center of the business, as we’ve talked about. What we really do is provide a simple way
for us to analyze the metadata coming in and provide very simple access through APIs or through
our user interfaces based on your role to be able to address issues proactively.
Conceptually, there’s this notion of wartime and peacetime as we’re building and delivering our
service. We look at the problems that users -- customers of Sumo Logic and internally here at
Sumo Logic -- are used to and then we break that down into this lifecycle -- centered on this
concept of peacetime and wartime.
Peacetime is when nothing is wrong, but you want to stay ahead of issues and you want to be
able to proactively assess the health of your service, your application, your operational level
agreements, your SLAs, and be notiﬁed when something is trending the wrong way.
Then, there's this notion of wartime, and wartime is all hands on deck. Instead of being alerted
15 minutes or an hour after an outage has happened or security risk and threat implication has
been discovered, the real-time data-streaming engine is notifying people instantly, and you're
getting PagerDuty alerts, you're getting Slack notiﬁcations. It's no longer the traditional helpdesk
notiﬁcation process when people are getting on bridge lines.
Because the teams are often distributed and it’s shared responsibility and ownership for
identifying an issue in wartime, we're enabling collaboration and new ways of collaboration by
leveraging the integrations to things like Slack, PagerDuty notiﬁcation systems through the real-
time platform we've built.
So, the always-on application expectations that customers and consumers have, have now been
transformed to always-on available development and security resources to be able to address
Gardner: It sounds like we're able to not only take the data and information in real time from
the applications to understand what’s going on with the applications, but we can take that same
information and start applying it to other business metrics, other business environmental impacts
that then give us an even greater insight into how to manage the business and the processes. Am I
overstating that or is that where we are heading here?
Sayar: That’s exactly right. The essence of what we provide in terms of the service is a platform
that leverages the machine logs and time-series data from a single platform or service that
eliminates a lot of the complexity that exists in traditional processes and tools. No longer do you
need to do “swivel-chair” correlation, because we're looking at multiple UIs and tools and
products. No longer do you have to wait for the helpdesk person to notify you. We're trying to
provide that instant knowledge and collaboration through the real-time data-streaming platform
we've built to bring teams together versus divided.
Gardner: That sounds terriﬁc if I'm the IT guy or gal, but why should this be of interest to
somebody higher up in the organization, at a business process, even at a C-table level? What is it
about continuous intelligence that cannot only help apps run on time and well, but help my
business run on time and well?
Need for agility
Sayar: We talked a little bit about the whole need for agility. From a business point of view, the
line-of-business folks who are associated with any of these greenﬁeld projects or apps want to be
able to increase the cycle times of the application delivery. They want to have measurable results
in terms of application changes or web changes, so that their web properties have either
So, we're able to help the developers, the DevOps teams, and ultimately, line of business deliver
on the speed and agility needs for these new modes. We do that through a single comprehensive
platform, as I mentioned.
At the same time, what’s interesting here is that no longer is security an afterthought. No longer
is security in the back room trying to ﬁgure out when a threat or an attack has happened. Security
has a seat at the table in a lot of boardrooms, and more importantly, in a lot of strategic initiatives
for enterprise companies today.
At the same time we're helping with agility, we're also helping with prevention. And so a lot of
our customers often start with the security teams that are looking for a new way to be able to
inspect this volume of data that’s coming in -- not at the infrastructure level or only the end-user
level -- but at the application and code level. What we're really able to do, as I mentioned earlier,
is provide a unifying approach to bring these disparate teams together.
Download the State
Of Modern Applications
In AWS Report
Gardner: And yet individuals can extract the intelligence view that best suits what their needs
are in that moment.
Sayar: Yes. And ultimately what we're able to do is improve customer experience, increase
revenue-generating services, increase efﬁciencies and agility of actually delivering code that’s
quality and therefore the applications, and lastly, improve collaboration and communication.
Gardner: I’d really like to hear some real world examples of how this works, but before we go
there, I’m still interested in the how. As to this idea of machine learning, we're hearing an awful
lot today about bots, artiﬁcial intelligence (AI), and machine learning. Parse this out a bit for me.
What is it that you're using machine learning for when it comes to this volume and variety in
understanding apps and making that useable in the context of a business metric of some kind?
Sayar: This is an interesting topic, because of a lot of noise in the market around big data or
machine learning and advanced analytics. Since Sumo Logic was started six years ago, we built
this platform to ensure that not only we have the best in class security and encryption
capabilities, but it was centered on the fundamental purpose around democratizing analytics,
making it simpler to be able to allow more than just a subset of folks get access to information
for their roles and responsibilities, whether you're security, ops, or development teams.
To answer your question a little bit more succinctly, our platform is predicated on multiple levels
of machine learning and analytics capabilities. Starting at the lowest level, something that we
refer to as LogReduce is meant to separate the signal-to-noise ratio. Ultimately, it helps a lot of
our users and customers reduce mean time to identiﬁcation by upwards of 90 percent, because
they're not searching the irrelevant data. They're searching the relevant and oftentimes occurring
data that's not frequent or not really known, versus what’s constantly occurring in their
In doing so, it’s not just about mean time to identiﬁcation, but it’s also how quickly we're able to
respond and repair. We've seen customers using LogReduce reduce the mean time to resolution
by upwards of 50 percent.
Our core analytics, at the lowest level, is helping solve operational metrics and value. Then, we
start to become less reactive. When you've had an outage or a security threat, you start to
leverage some of our other predictive capabilities in our stack.
For example, I mentioned this concept of peacetime and wartime. In the notion of peacetime,
you're looking at changes over time when you've deployed code and/or applications to various
geographies and locations. A lot of times, developers and ops folks that use Sumo want to use log
compare or outlier predictor operators that are in their machine learning capabilities to show and
compare differences of branches of code and quality of their code to relevancy around
performance and availability of the service and app.
We allow them, with a click of a button, to compare this window for these events and these
metrics for the last hour, last day, last week, last month, and compare them to other time slices of
data and show how much better or worse it is. This is before deploying to production. When they
look at production, we're able to allow them to use predictive analytics to look at anomalies and
abnormal behavior to get more proactive.
So, reactive, to proactive, all the way to predictive is the philosophy that we've been trying to
build in terms of our analytics stack and capabilities.
Gardner: How are some actual customers using this and what are they getting back for their
Sayar: We have customers that span retail and e-commerce, high-tech, media, entertainment,
travel, and insurance. We're well north of 1,200 unique paying customers, and they span anyone
from Airbnb, Anheuser-Busch, Adobe, Metadata, Marriott, Twitter, Telstra, Xora -- modern
companies as well as traditional companies.
What do they all have in common? Often, what we see is a digital transformation project or
initiative. They either have to build greenﬁeld or brownﬁeld apps and they need a new approach
and a new service, and that's where they start leveraging Sumo Logic.
Second, what we see is that's it’s not always a digital transformation; it's often a cost reduction
and/or a consolidation project. Consolidation could be tools or infrastructure and data center, or
it could be migration to co-los or public-cloud infrastructures.
The nice thing about Sumo Logic is that we can connect anything from your top of rack switch,
to your discrete storage arrays, to network devices, to operating system, and middleware, through
to your content-delivery network (CDN) providers and your public-cloud infrastructures.
As it’s a migration or consolidation project, we’re able to help them compare performance and
availability, SLAs that they have associated with those, as well as differences in terms of delivery
of infrastructure services to the developers or users.
So whether it's agility-driven or cost-driven, Sumo Logic is very relevant for all these customers
that are spanning the data-center infrastructure consolidation to new workload projects that they
may be building in private-cloud or public-cloud endpoints.
Gardner: Ramin, how about a couple of concrete examples of what you were just referring to.
Sayar: One good example is in the media space or media and entertainment space, for example,
Hearst Media. They, like a lot of our other customers, were undergoing a digital-transformation
project and a cloud-migration project. They were moving about 36 apps to AWS and they needed
a single platform that provided machine-learning analytics to be able to recognize and quickly
identify performance issues prior to making the migration and updates to any of the apps rolling
over to AWS. They were able to really improve cycle times, as well as efﬁciency, with respect to
identifying and resolving issues fast.
Another example would be JetBlue. We do a lot in the travel space. JetBlue is also another AWS
and cloud customer. They provide a lot of in-ﬂight entertainment to their customers. They
wanted to be able to look at the service quality for the revenue model for the in-ﬂight
entertainment system and be able to ascertain what movies are being watched, what’s the quality
of service, whether that’s being degraded or having to charge customers more than once for any
type of service outages. That’s how they're using Sumo Logic to better assess and manage
customer experience. It's not too dissimilar from Alaska Airlines or others that are also providing
in-ﬂight notiﬁcation and wireless type of services.
The last one is someone that we're all pretty familiar with and that’s Airbnb. We're seeing a
fundamental disruption in the travel space and how we reserve hotels or apartments or homes,
and Airbnb has led the charge, like Uber in the transportation space. In their case, they're taking a
lot of credit-card and payment-processing information. They're using Sumo Logic for payment-
card industry (PCI) audit and security, as well as operational visibility in terms of their websites
Gardner: It’s interesting. Not only are you giving them beneﬁts along insight lines, but it sounds
to me like you're giving them a green light to go ahead and experiment and then learn very
quickly whether that experiment worked or not, so that they can ﬁnd reﬁne. That’s so important
in our digital business and agility drive these days.
Sayar: Absolutely. And if I were to think of another interesting example, Anheuser-Busch is
another one of our customers. In this case, the CISO wanted to have a new approach to security
and not one that was centered on guarding the data and access to the data, but providing a single
platform for all constituents within Anheuser-Busch, whether security teams, operations teams,
developers, or support teams.
We did a pilot for them, and as they're modernizing a lot of their apps, as they start to look at the
next generation of security analytics, the adoption of Sumo started to become instant inside AB
InBev. Now, they're looking at not just their existing real estate of infrastructure and apps for all
these teams, but they're going to connect it to future projects such as the Connected Path, so they
can understand what the yield is from each pour in a particular keg in a location and ﬁgure out
whether that’s optimized or when they can replace the keg.
So, you're going from a reactive approach for security and processes around deployment and
operations to next-gen connected Internet of Things (IoT) and devices to understand business
performance and yield. That's a great example of an innovative company doing something
unique and different with Sumo Logic.
Gardner: So, what happens as these companies modernize and they start to avail themselves of
more public-cloud infrastructure services, ultimately more-and-more of their apps are going to be
of, by, and for somebody else’s public cloud? Where do you ﬁt in that scenario?
Data source and location
Sayar: Whether you’re running on-prem, whether you're running co-los, whether you're
running through CDN providers like Akamai, whether you're running on AWS or Azure, Heroku,
whether you're running SaaS platforms and renting a single platform that can manage and ingest
all that data for you. Interestingly enough, about half our customers’ workloads run on-premises
and half of them run in the cloud.
We’re agnostic to where the data is or where their applications or workloads reside. The beneﬁt
we provide is the single ubiquitous platform for managing the data streams that are coming in
from devices, from applications, from infrastructure, from mobile to you, in a simple, real-time
way through a multitenant cloud service.
Gardner: This reminds me of what I heard, 10 or 15 years ago about business intelligence (BI),
drawing data, analyzing it, making it close to being proactive in its ability to help the
organization. How is continuous intelligence different, or even better, and something that would
replace what we refer to as BI?
Sayar: The issue that we faced with the ﬁrst generation of BI was it was very rear-view and
mirror-centric, meaning that it was looking at data and things in the past. Where we're at today
with this need for speed and the necessity to be always on, always available, the expectation is
that it’s sub-millisecond latency to understand what's going on, from a security, operational, or
user-experience point of view.
I'd say that we're on V2 or next generation of what was traditionally called BI, and we refer to
that as continuous intelligence, because you're continuously adapting and learning. It's not only
based on what humans know and what rules and correlation that they try to presuppose and
create alarms and ﬁlters and things around that. It’s what machines and machine intelligence
needs to supplement that with to provide the best-in-class type of capability, which is what we
refer to as continuous intelligence.
Gardner: We’re almost out of time, but I wanted to look to the future a little bit. Obviously,
there's a lot of investing going on now around big data and analytics as it pertains to many
different elements of many different businesses, depending on their verticals. Then, we're talking
about some of the logic beneﬁt and continuous intelligence as it applies to applications and their
Where do we start to see crossover between those? How do I leverage what I’m doing in big data
generally in my organization and more speciﬁcally, what I can do with continuous intelligence
from my systems, from my applications?
Sayar: We touched a little bit on that in terms of the types of data that we integrate and ingest.
At the end of the day, when we talk about full-stack visibility, it's from everything with respect to
providing business insights to operational insights, to security insights.
We have some customers that are in credit-card payment processing, and they actually use us to
understand activations for credit cards, so they're extracting value from the data coming into
Sumo Logic to understand and predict business impact and relevant revenue associated with
these services that they're managing; in this case, a set of apps that run on a CDN.
At the same time, the fraud and risk team are using us for threat and prevention. The operations
team is using us for understanding identiﬁcation of issues proactively to be able to address any
application or infrastructure issues, and that’s what we refer to as full stack.
Full stack isn’t just the technology; it's providing business visibility insights to line the business
users or users that are looking at metrics around user experience and service quality, to
operational-level impacts that help you become more proactive, or in some cases, reactive to
wartime issues, as we've talked about. And lastly, the security team helps you take a different
security posture around reactive and proactive, around threat, detection, and risk.
In a nutshell, where we see these things starting to converge is what we refer to as full stack
visibility around our strategy for continuous intelligence, and that is technology to business to
Try Sumo Logic for Free
To Get Critical Data and Insights
Into Apps and Infrastructure Operations
Gardner: Very good. I’m afraid we will have to leave it here. You've been listening to a
sponsored BrieﬁngsDirect discussion on how modern applications are different and what's
needed to make them more robust, agile, and responsive. We've heard how new levels of insight
and intelligence of what really goes on underneath the covers of modern apps across your
lifecycle can ensure that those apps are built, deployed, and operated properly.
So, please join me in thanking our guest, Ramin Sayar, President and CEO of Sumo Logic.
Thank you so much.
Sayar: Thank you very much.
Gardner: I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator
for this ongoing series of BrieﬁngsDirect discussions. A big thank you to our sponsor today,
Sumo Logic, and a big thank you as well to our audience. Please come back for our next edition.
Listen to the podcast. Find it on iTunes. Get the mobile app. Sponsor: Sumo
Transcript of a discussion on how modern applications are different and what is needed to make
them more robust, agile and responsive. Copyright Interarbor Solutions, LLC, 2005-2017. All
You may also be interested in:
• How lastminute.com uses machine learning to improve travel bookings user experience
• Fast acquisition of diverse unstructured data sources makes IDOL API tools a star at
• Veikkaus digitally transforms as it emerges as new combined Finnish national gaming
• WWT took an enterprise Tower of Babel and delivered comprehensive intelligent search
• How Software-deﬁned Storage Translates into Just-In-Time Data Center Scaling
• Big data enables top user experiences and extreme personalization for Intuit TurboTax
• Feedback loops: The conﬂuence of DevOps and big data
• Seven Secrets to Highly Effective Procurement: How Technology, Data, and Business
Networks Fuel innovation and Transformation
• SAP Ariba's chief strategy ofﬁcer on the digitization of business and future of technology
• Business in the Cloud: How Efﬁcient Networks Help the Smallest Companies Do Brisk
• A Hit with Consumers, Digital Payments Now Catching On Across the Business World
• How new technology trends disrupt the very nature of business
• How New Technology Trends Disrupt the Very Nature of Business