Security is paramount in any organization, and methods to secure employee access to applications and resources are evolving as cloud migration accelerates and employees are increasingly working from anywhere. Too often, the processing overhead created by robust security implementations can slow remote user access speeds to the point that applications become unusable. When this happens, security is often prioritized, and user experience is sacrificed in the tradeoff. But this doesn’t have to be the case.
It’s complicated
The rapidly increasing adoption of cloud, SaaS applications, and work-from-anywhere (WFA) initiatives are causing enterprise networks to extend out over the internet. In parallel, web security solutions continue to evolve to adapt to the changing landscape. In addition to traditional secure web gateways (or proxies), new Zero-Trust approaches utilize a Secure Access Service Edge (SASE) model to provide a secure doorway to the internet for a safe and productive user experience. With the move to distributed security models, organizations often have a mix of on-premises and cloud deployments and must ensure visibility across these hybrid environments to identify performance impacts no matter where they occur.
Users' expectations for consistent, responsive direct-to-web access remain high despite all of these challenges, so moving to a SASE approach that negatively affects user experience is not the answer. This is the rub. When pushed to make a tradeoff, organizations will typically prioritize security over user experience. Yet most don't have a clear understanding of what is being sacrificed because they are unable to measure the user experience before, during, and after SASE transformations. Why is this?
Knowing what you are sacrificing
There is often a gap between what IT sees and actual user experience, and blind spots can exist with traditional monitoring tools in modern environments. Traditional monitoring tools provide visibility into on-premises network experience and can extend to SD-WAN environments that support branch locations or remote offices. But for employees working-from-anywhere (i.e., outside corporate-controlled networks), traditional network monitoring may not have visibility for new approaches such as SASE that help safeguard and secure the user experience.
This is where Digital Experience Monitoring (DEM) can extend visibility to SASE and help IT operations see the end-to-end user experience. DEM can actively measure the user experience across end-to-end network paths, no matter the network being used (enterprise, internet, 3rd party, ISP, home). With DEM, organizations can clearly understand any impact that security layers may have on user experience.
Stop the finger pointing
Network issues elsewhere in the end-to-end experience are frequently misperceived as "SASE" problems, resulting in longer Mean Time to Identification (MTTI) or "Innocence," as some would say. In these large, complex networks, unintended changes or changes outside the control of network security administrators can be an all-too-common and self-inflicted wound. For example, when a simple DNS server adds network latency. Without end-to-end network visibility, a cloud secure web gateway may be blamed when the root cause lies elsewhere. It’s critical that network operations teams have complete visibility into these evolving environments. Adopting DEM can help.
Solving the right problems
When a performance issue arises, the first question is usually whether it affects a business-critical service or application and causes a user experience issue that needs to be prioritized. Once the business impact is confirmed, the next question is typically whether it's an app or network problem. In the complex environments that IT now supports, getting the answer can be difficult. With apps now on-premises, in the cloud, or entirely outside IT's control being delivered over a mix of internal and third-party networks, traditional monitoring cannot provide the comprehensive view of end-user experience required to identify the root cause. Modern approaches to isolate issues must incorporate continuous application and network performance in order to understand where problems stem from, when they occurred, and what can be done to fix them.
To manage end-user experience today, monitoring must include traditional tooling for internal apps and networks, as well as go beyond the firewall with active measurements that provide a full end-to-end picture of performance. This includes testing through any security measures to understand the impact on end-user experience. With both active and passive testing in place for the full app and network delivery path, IT can efficiently isolate the root cause of performance issues. To achieve this level of visibility, new approaches and solutions are necessary.
Digital Experience Monitoring is a critical capability for successful transformation
By delivering proven visibility for cloud, SASE, and modern networks, DEM helps organizations ensure a positive digital experience and accelerate digital transformation. DEM can provide complete network and application visibility that enables quick troubleshooting for cloud, hybrid, and on-premises network architectures, extending visibility beyond traditional and SASE deployments, even for networks that are not owned by an enterprise. DEM enables monitoring beyond the edge, extending coverage to SaaS and cloud delivery networks not under enterprise control, offering complete end-to-end visibility.
By focusing on digital experience and understanding the source of any impacts to users, organizations can deliver both secure and performant access to the applications that enable their productivity.
David Hardman is part of the NetOps Product Team at Broadcom Software.
Related articles: