Edge / IoT / Monitoring / Security / Sponsored / Contributed

Tips For Monitoring the Secure Edge for App Performance

14 May 2021 8:22am, by

Mike Hicks
Mike is a principal solutions analyst at ThousandEyes, a part of Cisco, and a recognized expert with more than 30 years of experience in network and application performance.

The adjustment to a new permanently hybrid workforce has created a wave of investment and tooling to secure the new edge of the corporate network.

Companies are increasingly exploring ways of moving their edge security controls to a cloud-delivered model, including cloud native security functions that seek to verify users’ identity, enforce organizational policies and prevent malicious traffic. This trend accelerated throughout 2020, and will only continue to increase as businesses rethink the way they connect their remote workers to the distributed network resources and services they need.

However, with network and security infrastructures becoming more dependent on the cloud, how can organizations ensure that functions like VPNs and cloud access security brokers don’t impact the performance of applications and services that remote employees rely on? Applications have become the key mechanism employees use to access the services they need to be productive, so any disruption to the application experience can be business-critical.

The Cloud-Sized Visibility Gap 

Secure access service edge, or SASE, describes the move to cloud-based network architecture that combines network and security functions into a single platform. While this consolidation of functions presents a simplified experience for the end user, underpinning the new cloud-centric architecture is a growing list of components and dependencies such as secure web gateways (SWG), cloud access security brokers (CASB), and zero trust network access (ZTNA). All of which need to interact in line with the security policy to deliver the seamless secure experience for the end user.

These policies, although centrally controlled, will be enforced at the edge, which in effect turns every employee into a branch office of one. In this highly distributed architecture, reliant on cloud and internet-centric networks, a complex web of interdependencies emerge. To maintain reliable connectivity, organizations can no longer rely on traditional monitoring solutions to see and troubleshoot any issues that sit beyond the four walls of the enterprise.

As with any cloud-delivered service, be it security or otherwise, visibility into external networks and an understanding of the different components that make up the underlying network become critical in order to track performance, catch degradations and avoid blind spots that ultimately risk impacting users’ digital experience.

Seeing the Cloud that SASE Runs On

So, just how does a company ensure continued performance and application delivery across the SASE architecture? Monitoring and verification is critical. Application and network teams will need ways to verify the impact of proposed security updates before they can verify performance, and it will need to be done on an ongoing basis.

Typical enterprise network connectivity pattern.

To overcome the operational blind spots that cloud and internet-centric environments create, synthetic monitoring delivers the end-to-end visibility that IT needs. At its core, synthetic monitoring uses scripts to emulate the expected workflow and path that an end-user would take through an application. Paired with intuitive network visualization, modern synthetics provides an understanding of how users experience an application. It also provides the deeper perspective required to see the characteristics of an application’s underlying network — including security functions in SASE such as VPN and SWG — and diagnose if performance degradation is caused by external issues such as a latent DNS server or a downstream internet service provider that has made a configuration error.

For example, by creating a synthetic test that verifies the connectivity and performance of the DNS service, coupled with a test that assures the proxy service is available and able to pass traffic in accordance with required policies, teams are able to verify not just connectivity to the secure edge service, but also the digital experience of business services running across it. In addition, these tests can create a baseline of tangible metrics observing the secure edge environment and proactively alerting to any disruption for faster resolution.

The move to cloud infrastructures is ubiquitous and SASE is but one example where app owners are faced with increasingly complex environments in their efforts to ensure optimized app performances. Negotiating on security posture isn’t an option, but neither is disrupted performance. After all, if a poorly performing VPN connection causes users to turn it off, both security and user experiences will be compromised. In the modern enterprise stack, end-to-end visibility from user to application will be critical to quickly remediate issues and maintain connectivity, all while providing a secure and always-on application experience.

Lead image via Pixabay.

A newsletter digest of the week’s most important stories & analyses.