The operations and systems administration staff of a 250-employee medical device manufacturer were tasked with maintaining the company's cloud-based applications to understand usage patterns, resource consumption, and to protect against unauthorized use of unsanctioned applications.
The IT team didn't know all applications in use, the total amount of traffic consumed by their cloud and SaaS based applications, had no visibility into end-user performance, and didn't have the visibility to segment on-premises from cloud-based applications. They depended exclusively on their SaaS and cloud providers for performance information, found troubleshooting difficult, and had significant concerns regarding compliance and data loss through applications like file sharing services. They also found capacity planning a challenge because they lacked a comprehensive picture of application resource consumption.
- A simple way to discover and measure SaaS and cloud-based applications
- Information that would definitively show resource consumption by type
- A means for continuous observation to prevent unsanctioned applications
- Information on SaaS user performance and usage for better SLA management
The IT department realized that these cloud applications posed a serious vulnerability of data leakage, a vulnerability completely out of their hands. They needed to proactively investigate this shadow IT issue but without causing disruption to employees.
The company deployed the ExtraHop platform behind a proxy that could decrypt their SaaS-based applications. Extending ExtraHop's Cloud Application Bundle, they quickly began measuring total transactions, performance, and bandwidth consumption on a per application as well as a per cloud category perspective.
The teams created cloud- and SaaS-specific dashboards correlated with internally observed behavior, creating a central source of information that exposed not only all requests, bytes, error codes and rates, but also provided definitive evidence showing performance from their users' perspective, not the SaaS provider's perspective. They modified their dashboards to be able to view end-user performance today compared to seven days ago, so they had an early warning system if their SaaS applications and end-user experience was trending positively or negatively.
They did the same with their on-premises based applications so they could compare and contrast resource consumption by application type. Not only could they diagnose top consumers that could be causing congestion and performance issues but they now had the trend data to inform future capacity needs.
Finally, they added a list of unsanctioned applications to their ExtraHop bundle as a proactive means to identify and act on any unauthorized activity. The compliance team and the CSO were relieved to know that they now had a proactive means to identify and act on any unauthorized activity.
Instead of reactively responding to performance issues and being wholly dependent upon the SaaS provider, they were now in control and could hold their providers accountable which the CIO found invaluable. For the first time they had a means to definitively eliminate their own environment as the source of the problem and could identify the specific resources (URIs) that were degraded and correlate that with their overall network performance and utilization by all other applications.
The Director of IT Operations estimated that they've saved over 200 personnel hours annually in unproductive SaaS troubleshooting efforts. The manufacturer was able to demonstrate that 80 users accessed this application only a few times a year so they were able to reduce several of their SaaS application license counts, saving an estimated $20,000 per year. Usage information provided by one of their SaaS providers was used to determine the annual license fee which was, "a bit like the fox guarding the hen house" as the Director of IT said. With ExtraHop's trending data the Director of IT said he feels 12 months ahead on their planning curve. They have a complete understanding of their capacity needs as they grow and can prepare more accurate budgets based on both performance and usage. They can also audit all user, network and application activity to be sure employees are using only authorized cloud file-sharing services.
They have started to expand ExtraHop's security monitoring capabilities—identifying and correlating anomalous behavior focusing first on all engineering file access by client, directory, file, frequency, and volume and correlating that information with other user behavior like outbound activity. Not only do they have a solid perimeter and internal controls for protection, now they can perform real-time internal activity surveillance, putting them in a much stronger position to protect their intellectual property.