With the growing number of cloud services and applications, companies are becoming more concerned about these applications absorbing their Internet connections. This is creating a need for improved cloud service monitoring solutions. IT departments want to know how they can reliably monitor these applications and answer questions such as, “how much bandwidth is each application consuming?” or “why is performance poor?” The infrastructure needed to answer questions like these are already in place on most networks, but it can’t be done with SNMP, ping utilities, or packet probes as these solutions don’t scale. We need to take advantage of a smarter, deeper analysis, architecture and we need to know how to leverage it.  Allow me to reveal five best practices for:

  • Learning what applications are in the cloud
  • Verifying business applications receive priority treatment
  • Obtaining performance metrics
  • Pinpointing the source of a poor connection
  • Monitoring devices for odd behavior patterns

Learning what applications are in the cloud

In order to determine what cloud applications are consuming your network resources you need a solution that will provide you with 100% of the network traffic data, to and from the Internet, for any given timeframe. By exporting Cisco NBAR details, we can have our routers discover these applications for us; unknown cloud applications can often be manually defined in the flow reporting tool.

Verifying business applications receive priority treatment.

Once we are clear on the business cloud applications, that need priority, we can go about making sure that the router is prioritizing the traffic. By being able to look at all the data, you will be able to see what applications are taking priority DSCP values, and, therefore, what applications are taking up the most resources. You can then optimize network priorities via QoS or firewall rules to prevent potential rogue cloud applications from taking over your network.

Obtaining performance metrics

One way to obtain application performance details is by utilizing Cisco AVC. With AVC you can gain more information regarding not only what applications were being used, but also the round trip time, and packet loss, per connection.

Pinpointing a poor connection

Once you have identified your cloud applications and have them prioritized, problems will inevitably arise. Being able to pinpoint the problem is another benefit of having 100% of your network traffic data. When a user is experiencing poor call quality, the first one to be pointed at is the network administrator. With the correct solution, the network administrator can easily see the true source of the problem and work to correct it. In the example below, I used a filter to see all the connections from the PBX ordered by calls with most jitter. As such, I can drill in to see which phone/user was involved.cloud services

When every layer of the network is being monitored, i.e. switches, routers, and firewalls, then you can easily detect at what level the problem began.

Monitoring devices for odd behavior patterns.

Finally, with the great number of cloud applications, comes an even greater possibility for network vulnerability. While your network may be secure from outside threats, users on your network, using various applications, could prove a dangerous mix. Unless the devices are locked down to prevent the installation of applications (unlikely, especially with smartphone and other BYOD devices), the security of the network partially resides with the security of the users’ devices. If someone has given a great amount of access to their device via a cloud application, then that cloud application may be given free access to the network. In order to prevent problems with these applications, the network should be monitored for strange behavior, e.g. excessive new flows. A good NetFlow solution can also help solve problems by sending alarms to network admins after specific devices are accessed by non-authorized devices or by alerting them to suspicious traffic after a threshold is reached.

Keeping your network secure can seem like a daunting task, but by maintaining best practices you can prevent data exfiltration and security breaches from cloud applications.

To learn more about how our NetFlow solutions can protect you from rogue cloud applications, try it for 14 days.


Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Jett, a graduate of the University of Maine at Farmington, is an avid learner of all things security, with a particular interest in TLS and DNS attacks.