Growing Your Application Monitoring Practice with Your Company

Patrick Wiseman

It’s 10 PM, do you know what’s going on with your application?

This is actually a question you need to ask at all hours of the day, because one of the most important elements of creating good software is making sure that it’s working as intended.

That’s where monitoring comes in. Monitoring is an essential function for any software to ensure it’s running properly and delivering the expected experience for end users.

However, not all monitoring is equal – nor should it be. As the complexity of your product and the number of users increases, the sophistication of your monitoring needs to increase along with it.

With that in mind, we’ve broken down what monitoring should entail at four key stages of product and organizational complexity.

1) Personal stage

If you have a small personal project or website, you really only need to focus on uptime monitoring. This monitoring is as simple as setting up a tool that checks your site once a minute to make sure it’s still there. If your site doesn’t respond for 2-3 checks, you should have the tool notify you that the site is down. Uptime monitoring is the simplest possible check you can do, and there are a variety of tools (like Pingdom) that offer this type of service.

2) Early stage

If you’re building a product and have a handful of customers, uptime monitoring is still critically important, but it’s no longer the only thing to which you need to pay attention. Now you’re also delivering code to environments, and you need to know if those environments go down so that you can fix them. As a result, you also need to monitor the status of those delivery environments.

Perhaps most importantly, this is the stage at which you need to define the key performance indicators (KPIs) for your company and build logging, metrics and dashboards around those KPIs. Determining these business health metrics and what they look like on a normal basis is important so that you know what “unusual” looks like and can start to flag incidents more easily. For example, at Flowerwork one of our KPIs is customer deliveries per week, so if we see it’s at zero on a Tuesday, we know something is wrong and can start trying to figure out what that is and how we can fix it.

3) Growth stage

As you move into the growth stage, you need to look beyond just business health metrics to start monitoring system health as well. This means if you have a product made up of more than one service, you need to know how those services are interacting, what’s the expected throughput and how they should process under normal circumstances.

Overall, it’s a good practice to not just look at the health of your own platform but also the health of any systems with which you integrate. Knowing the health of those external systems becomes increasingly important as you grow your customer base because issues with those systems can affect certain portions of your users but not others. Consider the case of an authentication issue that only affects users who authenticate through Microsoft. If you can keep tabs on Microsoft’s health, you can more easily determine why only a certain set of users are experiencing authentication issues.

At the same time, moving into the growth stage means you’ll have a large influx of customers using your product and you need to make sure that influx doesn’t degrade your user experience. As a result, monitoring application performance also becomes critical at this stage. This type of monitoring should look at elements like how long API calls and database queries take. From there, you can develop policies and procedures for not only evaluating those metrics regularly, but also responding to correct issues when anything is out of balance.

4) Compliance stage

As your company and customer base continue to grow, you’ll reach the point where you need certifications like SOC 2 or ISO 27001 to maintain a compliant product. Both of these compliance certifications require you to have insight into who accessed what and when – for which you need close monitoring.

While it’s common to minimize the amount of people with direct access to certain resources by introducing a bastion host, you need to make sure that everything people can access has access control procedures built in so that you can report and audit those instances as needed. This type of reporting and auditing capability is particularly important if your product has a user impersonation mode that allows support and operations team members to “impersonate” users to better understand what they’re experiencing and replicate issues, something that’s particularly common among SaaS products.

At this stage it’s also critical to start being more proactive about how you monitor security, including:

  • Security incident handling: Keeping close tabs on when a vulnerability was first reported to a CDE list, when you were ultimately able to fix it, how long it typically takes you to roll out a security fix and what the sources are for collecting all of that information.
  • Penetration testing: Introducing an automated system that can proactively detect anomalies in how your product gets used to fight off bad actors. This is particularly important if you offer free compute hours, as that type of offering tends to get abused by Bitcoin miners.

Of course these are just two examples of many types of detection systems for security monitoring that can give you a leading edge on knowing when your product is vulnerable or being misused so you can mitigate those issues quickly.

Ready to get started?

Overall, monitoring is critical for launching and maintaining a successful product. The right monitoring can make all the difference when it comes to catching issues early on, resolving them quickly and even preventing certain catastrophe scenarios. It can also help provide valuable feedback on your product that can lead to long term growth. As a result, it’s essential to understand what’s right for your team and product from a monitoring standpoint at any given point in your organization’s lifecycle.

Interested in learning more about how you can introduce the best monitoring for your application? Contact Flowerwork today to discover how we can help.