This article originally appeared on LinkedIn.
No longer do employees work within the confines of an office, or for that matter, a corporate network. Those employees use applications hosted outside of the data center, access them from outside of the office, and do most of their work outside the view of traditional monitoring tools. The new way of work is cloud- and mobile-first, and relying on a “hub-and-spoke” branch-office-to-data-center network architecture and a “castle-and-moat” security perimeter is no longer tenable for IT organizations.
Secure Access Service Edge (SASE) architecture defines the future of network and security at the edge, and extols a thin-branch/heavy-cloud architecture that leverages security functions in the cloud. SASE architecture moves security from the network to the end user, and defines it through policies based on identity and context. The tenets of SASE guarantee depth, performance, and scale for enterprise networks that need agility, performance, and security.
As enterprises start their SASE transformation journey and embrace cloud deployments, mobile connections, and work-from-anywhere users, they will discover that traditional monitoring tools are inadequate. Trying to detect, troubleshoot, and diagnose performance problems using traditional data center-centric monitoring stacks introduces visibility gaps. Instrumentation—the ability to gather network, application, or system data—is a big challenge when apps sit in the cloud and users sit outside the network perimeter. With the internet as the corporate network and the cloud as the data center, legacy monitoring tools cannot see what they cannot instrument.
Traditional monitoring falls into three categories:
When it comes to measuring a cloud- and mobility-centric world, each of the three monitoring tool sets experience instrumentation challenges. For example:
Moving to a SASE architecture forces IT teams to rethink their security focus—away from a security perimeter and on to policies that see user identity and context. Similarly, it forces IT teams to rethink their monitoring perimeter—away from monitoring the data center, application host, or the network connection—to monitoring the end user. Gartner defines this approach as Digital Experience Monitoring (DEM). DEM is a set of monitoring techniques that provides instrumentation from the user to the application irrespective of the network used to connect the two—wherever the user sits and wherever the application is hosted. To be clear, DEM tools don’t replace traditional monitoring tools, but they do fill the visibility gaps created as cloud applications accessed by mobile users continue to gain favor.
DEM tools leverage a combination of real user monitoring, synthetic transaction-monitoring, network path-monitoring, and endpoint device-monitoring to understand the end user experience. Lightweight agents on the end user’s device enable instrumentation for these measurements. When evaluating DEM solutions, it is important to consider which mix of these techniques fill the visibility gaps left by existing tools.
But choosing a good DEM solution is more than just filling in “gaps” in visibility. Instead of checking off a list of features, enterprise CIOs and CISOs must consider strategic context, and evaluate how a DEM is going to integrate with the company’s overarching transformation journey. Enterprises must verify that their DEM solution...
Enterprises must have visibility into all the traffic connecting to all the assets in their distributed network. Traditional monitoring relies heavily on branch-to-data-center models that use perimeter-based security—neither of which adapt well to the new transformation of internet-based networks, cloud-based applications, and work-from-anywhere users. The new SASE model is designed to adapt to the new network and security paradigm. In the same way, digital experience monitoring adapts to the new ways of work to deliver a better visibility model.
DEM solutions fill in the visibility gaps that traditional monitoring tools overlook, and allow for both network teams and security teams to leverage the same data in order to optimize end user experience.
Zscaler, a leading SASE network security vendor, has recently introduced its own DEM solution called Zscaler Digital Experience (ZDX) that is closely tied to its cloud security platform. More information can be found on Zscaler’s website.