Delivering smarter SaaS performance and security with the hybrid network

Cloud services growth shows no sign of abating as businesses continue to flock to on-demand technology to drive their digital transformation initiatives. Gartner, the analyst group, predicts that the worldwide market for public cloud services will hit $204 billion in 2016, up 16.5% from last year. Infrastructure as a service (IaaS) is up 38.4%, followed cloud management and security, up 24.7%, and software as a service (SaaS), which has grown by 20.3%.

Companies see SaaS as an ideal solution to help them reduce spending on data centers and software, while increasing flexibility and scalability. Although there’s little doubt of these benefits for companies, the cloud also creates new security and performance challenges.

While consumers can directly access cloud applications seamlessly in their homes via their broadband internet connection with little trouble, the situation with enterprises is far more complex. Microsoft Office 365, Salesforce and other SaaS solutions store customer data in a data center closest to where the IT team registered for the service. If you work on the other side of the world, this is a problem.

The speed of light is finite and application latency increases with the distance to the end user. This means simple tasks, such as opening a large PowerPoint file, can take minutes if you are in Australia and being provisioned from Europe or the US. As a “best effort network” the Internet can’t even be relied on to deliver predictable cloud application performance if you’re local. In addition, cloud data security over public links is also a major concern everywhere in the world.

Lack of visibility and control

Although the IT department is held accountable for poor application performance, its hindered by a lack of visibility into what is actually running on their network. IT teams are unable to see the end-to-end SaaS workflows from the data center, across the network and to the end-users in their global branch offices. This makes it difficult to gain a true picture of response times for users and pinpoint the components that cause delays or interrupt processing. Increasing adoption of shadow IT by line-of-business departments is also a problem.

The first step, therefore, is to understand what is running on the network and what impact each application, including SaaS, is having on the infrastructure and each other. This then allows IT departments to prioritize business-critical applications and determine the best approach for optimization.

In addition, some “chatty” cloud applications are not architected particularly well for over-the-Internet delivery, which means that latency can make performance grind to a halt. By optimizing these transmission and receipt messages, such as by eliminating redundant information, you can reduce network latency significantly.

Dynamically choosing networks

It’s now possible to enhance Internet performance and make it faster and more reliable for SaaS traffic in a variety of ways. For example, Orange Business uses the global Akamai Intelligent Platform, which is an overlay network that includes nearly 200,000 servers across more than 110 countries and includes advanced optimization technologies. The servers are able to test the performance of different Internet routes and send the traffic down the one with the least congestion and latency. This can increase cloud application performance by up to 10x in the most extreme cases.

Another option is SD-WAN, which Orange offers using Cisco SP-IWAN platform, enhanced with best-in-breed Riverbed and Zscaler optimization and security plug-ins. This enables multiple Internet links – or an Internet link and a MPLS and Internet link – to be used dynamically as one circuit, depending on real-time traffic.

In some cases, it might even be preferable for SaaS traffic not leave the corporate network at all with direct, private connectivity into the cloud data center. This is possible via Business VPN Galerie, which offers  a private high speed direct link into over 50 leading cloud services, meaning that no Internet transport at all is required. This also provides the highest level of security for business-critical traffic.

Plugging security gaps

In addition to creating performance challenges, the growing use of cloud and Internet applications also demands a rethink of traditional IT security. Enterprises no longer have a “front door” that they can defend against attack using appliances such as firewalls and intrusion presentation. By assessing cloud applications and allowing potentially confidential information to travel over the Internet, users are essentially punching large holes in the perimeter of their network.

Your choice of Internet gateway to and from your private corporate network and the Internet has a big role to play here. Enterprises have three choices depending on the risk profile of the data.

A cloud-based security platform – provisioned from regional distributed Internet gateways – can inspect this encrypted traffic at high speed. It protects smartphones, tablets, PCs and servers with continuous updates in response to emerging threats. In contrast, traditional branch office appliances are unable to support deep content inspection due to the latency created by the distance to the data center. These legacy solutions leave mobile devices vulnerable to attack and are time consuming to update and scale.

Dedicated gateways eliminate the risks associated with shared infrastructures. While local Internet gateways keep low-risk traffic private until it reaches cost-effective, local break-out points using secure IPSec tunneling. Sensitive data, such as customer records in Salesforce, can also be encrypted and tokenized before being moved across Internet network and stored in private sovereign data centers or a virtual private cloud for added security.

The key in all of this is to have the flexibility to choose the best network dynamically based on the application, network performance and criticality. Enterprises should no longer see their security as separate from the network. Instead they need to consider a hybrid network strategy that secures enterprise networks, the Internet and cloud holistically. In addition, this needs to be centrally managed, so that consistent policies and updates can be applied across the entire infrastructure.

Ultimately, cloud transformation has the potential deliver massive benefits to companies. However, without adequate attention paid to both performance and security, cloud initiatives will fail. Employees demand at least as good performance from the cloud as from existing on-premise applications. Without adequate visibility and control this will be impossible to deliver for multinational companies.

To find out more about how the hybrid network can help deliver the performance and security that the cloud deserves, download our latest insight guide: The next steps in your digital journey. This offers actionable advice and practical steps to optimizing your IT and network infrastructure.

Anthony Plewes

After a Masters in Computer Science, I decided that I preferred writing about IT rather than programming. My 20-year writing career has taken me to Hong Kong and London where I've edited and written for IT, business and electronics publications. In 2002 I co-founded Futurity Media with Stewart Baines where I continue to write about a range of topics such as unified communications, cloud computing and enterprise applications.