Solving Hybrid Work Challenges for NetOps

Heidi Gabrielson

According to Gartner hybrid work is here to stay, with 75% of hybrid or remote knowledge workers say their expectations for working flexibly have increased. If an organization were to go back to a fully on-site arrangement, it would risk losing up to 39% of its workforce. However, hybrid work architectures often leverage tunneling technologies to establish “work from anywhere” environments and these tunnels create blind spots that complicate troubleshooting and problem resolution.

When employees work from an office, the network team is responsible for application access and network transport issues, and has access to a mature toolset to help identify and resolve issues. As work from anywhere proliferates, the responsibility for identifying and troubleshooting remote issues in these new direct-to-cloud environments still falls within the network teams’ domain. Yet, because of the new blind spots, they lack the visibility to be effective.

When it comes to hybrid work, Level 1-2 techs need to be able to identify network access and performance issues for end users accessing business applications. They need to be able to understand:

  • The scope and severity of the issue so that they can prioritize appropriately and understand if they need to escalate to level 3.
  • The impact on end users so that they can document and communicate the incident to the affected end users.
  • The cause of the issue so they can know which resources to call (ISP, CASB supplier, application owner, security team, device issue, etc.) and understand when the issue might be resolved.

However, the problem space has changed. There are several environmental challenges that limit NetOps visibility into application performance.

Hybrid work visibility challenges for NetOps teams

Split Tunnels

Hybrid work is the new norm but there are significant barriers to effective troubleshooting.
Hybrid work is the new norm but there are significant barriers to effective troubleshooting.

In modern hybrid work environments, it’s common to have three different routing options for traffic: direct to internet, VPN, or through a security broker such as a CASB or ZTNA. There are often routing rules established where specific applications use one route (such as the CASB) and other applications go direct to the internet. The routing or tunnel being used can have a significant impact on application performance and end user experience.


CASBs are widely adopted and create a bottleneck for performance while optimizing for security. CASBs are often implemented by the security team. They make it more difficult for the network team to troubleshoot as the tunnels add complexity and reduce visibility through encryption of traffic. In a few ad hoc tests, CASB bandwidth is as low as 3Mbps and there is added security scanning time for an additional slowdown.

Multiple gateways

There are typically multiple gateways being used by each type of tunnel. For example, users in the northeast United States may have CASB traffic tunneled to gateway X, while users in central United States are connecting to gateway Y. If only one gateway is causing problems, it is difficult to determine that. This gateway issue is also applicable to corporate VPNs.

SaaS vs corporate applications

The percentage of companies using SaaS to meet their software needs is steadily increasing, with 80% of companies relying on SaaS apps in 2022. The remaining corporate applications are usually hosted in a data center. Remote user traffic traverses a physical network which can cause additional slowdown. This is still the responsibility of the network team to diagnose.

ISP variables

Remote workers typically use their own ISP. This variability is an additional challenge when trying to identify root cause.

Home network variables

Remote workers are typically responsible for their home network. Variables such as poor Wi-Fi or congestion on the home network are an additional challenge when trying to identify root cause.

Many locations

Finally, in hybrid work environments, location is less specific than with on-premises users. There may be users in a general geographic area that are having issues due to an ISP or gateway, but it is not as easy to use a specific site or location to identify problems.

Riverbed IQ brings visibility to hybrid work

By adding Riverbed Aternity end user experience metrics to Riverbed IQ, Riverbed’s SaaS-based unified observability solution, NetOps teams can gain visibility into traffic that leaves the home computer and goes to a data center or SaaS application.

IT teams can now answer questions like:

  • Which applications are having network performance issues?
  • How many users are impacted, and how severe is the impact?
  • How are the impacted users accessing the application? (VPN, Direct to internet)
  • Which locations are affected?

To learn more about how Riverbed IQ helps organizations shift left, visit this page.

selected img

Selected Country/Language: English