This is a contributed article by Neil Miller, Director of Solutions Engineering EMEA at Cisco ThousandEyes.
As employers and employees alike settle into a new normal of hybrid work and a new corporate edge emerges, businesses are increasingly looking to move their edge security controls to a cloud-delivered model that can meet the demands of this new enterprise reality.
With 88% of businesses now using cloud infrastructure of some form, for many companies, it’s a logical next step to explore putting their edge security measures in the cloud. The pandemic forced many organisations to take the plunge, but this trend has not slowed since. As companies increasingly consider how best to ensure their remote employees have access to the now distributed network services they require, this transition is only set to continue.
While the cloud makes sense for many businesses, as with any new technology, it does provide its own challenges. Organisations lack control over key functions such as cloud access security brokers and VPNs, which can directly affect the running of critical services and applications on which remote employees depend. With applications now assuming the mantle of key provider of services for employees, both businesses and workers themselves increasingly rely on a smooth application experience. And with downtime now having potentially detrimental effects - a single hour of downtime potentially costing over £80,000 for 98% of businesses - it’s more important than ever to avoid it wherever possible. So, how can organisations take the necessary steps to ensure these functions run as smoothly as possible, even with an increased dependence on the cloud?
Visibility through the fog of the cloud
Combining network and security functions, also known as secure access service edge (SASE), into one cloud-based platform makes things simpler and easier for the end-user. But this new network architecture also brings with it a plethora of additional business considerations and dependencies, including cloud access security brokers (CASB), secure web gateways (SWG), and zero trust network access (ZTNA) - and the list is expanding. Businesses need to ensure that these dependencies work alongside the security policies they enforce to provide an uninterrupted digital experience.
Despite being centrally controlled, these policies will be increasingly implemented at the edge. So while employees are distributed, the architecture on which they rely - and which in turn relies on networks from both the cloud and the Internet - faces a barrage of complex interdependencies. Traditional monitoring solutions flatline outside of the four walls of the enterprise, leaving IT teams blind to any performance issues within these cloud-based functionalities that are impacting employee experience and productivity. Visibility into the entire digital supply chain and end-to-end infrastructures is now a must-have, and this applies for any cloud-based service, be it security or otherwise. Businesses need to have an understanding of how the underlying network is managed in order to monitor performance, spot, and resolve issues as quickly as possible, and ensure that robust resilience measures are in place to avoid impacting the usability of the worker.
The cloud on which SASE relies
How, then, can businesses have visibility over the SASE architecture in this way? The key is for IT teams to lean on monitoring and verification tools which enable them to pre-empt the effects of any suggested security updates, as well as to verify how an application is being delivered. And this needs to be a continued effort in order to ensure consistent levels of performance.
ThousandEyes
Typical enterprise network connectivity pattern
It is at this point that synthetic monitoring steps in, providing the end-to-end visibility required by network and application teams to see through any potential blind spots created by a cloud-centric architecture. The process involves simulating user interactions with an application or website via scripts to see how it performs from a user’s point of view, allowing organisations an unparalleled level of visibility.
In addition, synthetic monitoring gives businesses a deeper understanding of an application’s underlying network in SASE - including security functions such as VPN and SWG. This is enabled by testing user interactions across different points in the user experience and from user-relevant locations - a particularly important feature which allows organisations to spot any bottlenecks, which can then be used to develop performance enhancing strategies. This allows businesses to understand if external issues, such as an inactive DNS server or a configuration error from a downstream Internet service provider, are to blame for poor performance.
Migrating to the cloud is an inevitability today to drive business-critical agility, and SASE is no exception. But with cloud agility, IT loses visibility. Negotiating on security posture isn’t an option, but neither is disrupted performance, and end-to-end visibility from user to application will be imperative to quickly resolve issues and maintain connectivity - all while delivering a secure and always-on app experience.
Neil Miller is Director of Solutions Engineering for EMEA North, Central and UK&I at Cisco ThousandEyes. Since joining the company in 2014, he has been responsible for spearheading growth in the EMEA region, transitioning into a leadership role where he now hires and supports talent within the Solutions Engineering team. With over a decade of experience, Miller has supported a number of start-up businesses through acquisition, while also holding senior roles at the likes of Oracle and most recently Cisco.