Cloud Monitoring

When we talk about monitoring for performance, security, and business rules, we often refer to monitoring of infrastructure or Platform as a Service mechanisms. But how do you monitor Software as a Service? Do you just tally the dollars spent for the service, or can you look at application performance, security issues, or even your business rules today? Or do you trust the SaaS to provide data?

As many companies move from “roll-your-own” IaaS solutions to higher-performance SaaS solutions for various web-hosting properties, we see an increase in the need to monitor the performance of these SaaS solutions. Yes, there is a growing trend of SaaS services replacing common web services presented by IaaS solutions. There are SaaS solutions available for most content management systems, even for specialized niches like physicians with MyChart, among others. Many of these solutions are cheaper than IaaS solutions, but what you lose may be too much to handle, unless the SaaS itself provides the monitoring data you need.

This is a major shift for monitoring tools. It’s very difficult to peer into clouds to get the monitoring data you need to make informed decisions today. Zenoss, Xangati, New Relic, AppNeta, Dynatrace, and the like all need access to the underlying infrastructure, code, etc. to provide usable data in today’s world. So, as we move from IaaS to SaaS, we end up losing details that we use today.

It becomes even more interesting as we know the services we want to use employ these tools daily to monitor their own stacks, so that they can make their own decisions using the data gathered. However, since the tools are not multi-tenant, there is no way for this information to be seen by the SaaS tenants for their own use. Now, this often occurs by choice, but the same data could be valuable to the tenants as well. We, as tenants using a SaaS, also need to know when slow queries happen, who performed the queries, and why the queries were slow.

This is another area that the Cloud Access Security Broker (CASB) could tackle or even provide data to. Since web services are accessed via the web, we can use existing security tools to extract performance data, such as how long a particular query takes to complete. In the past, I have written about using APM for security reasons, but now perhaps we can use security tools for APM reasons. To delve into per-tenant performance issues, we need to improve our experience within a SaaS.

Currently, we put very fast web application firewalls (WAFs), caching content delivery networks (CDNs), and CASBs in front of our SaaS services. These solutions record usable data that could be fed into APM tools, so that you would get a view of how each query performs. Granted, going this route won’t necessarily reveal the reasons for performance issues, but you will get a feel for what queries are causing issues. Ultimately, you still need to go to the code, but you now have a query that you can use to reproduce the problem on a development machine or two where the appropriate tools are running.

Application Performance Management is often the early-warning system for security issues, but now we can use security tools as an early-warning system for SaaS performance issues as well. The marriage between these tools depends entirely on systems that can ingest log files created by the other or that send and receive data from each other. Data platforms such as Zenoss, SolarWinds, Splunk, Elasticsearch, and others make this much easier to integrate. We have too much data on our hands not to find ways of using it for all parts of our business.

There is no longer a divide between security and monitoring. The security operations center and the network operations center share so much data that they are really just an operations center with different types of incident response. Share the data and improve your incident response.

Posted in IT as a Service, SecurityTagged , , , ,