In 2026, Most CDN Teams Still Find Out About Outages From Customers First

Eduardo Rocha Senior Sales Engineer and Security Analyst
7 Min read

This post is based on a live panel webinar co-hosted by GlobalDots, Hydrolix, and AWS, where engineers and go-to-market leaders across CDN, edge, and agentic AI operations discussed what actually happens when delivery infrastructure breaks. Just five people on the call talking about where visibility fails today, and what changes once agents start watching the infrastructure too.

Watch instead. Prefer to watch the full conversation? Full Webinar/Demo

Book a demo today to see GlobalDots is action.

Optimize cloud costs, control spend, and automate for deeper insights and efficiency.

Book a demo today to see GlobalDots is action.

Most CDN Teams Find Out About Outages From Outside Their Own Stack

The default state for most delivery infrastructure teams is reactive, not because engineers are careless, but because the observability layer underneath them was never built to be holistic. Eduardo Rocha, senior sales engineer and enterprise security architect at GlobalDots, describes the pattern plainly: teams lack real-time visibility that ingests every relevant source and correlates events, so a traffic spike from a legitimate marketing campaign, a scraping run against limited flight or ticket inventory, and an AI crawler hammering the same endpoint can all look identical. Without that correlation, infrastructure and security teams end up pinging each other reactively instead of triaging with any real confidence, and the risk cuts both ways: block too aggressively and you turn away real customers during a real event, wait too long and the thing you missed takes the infrastructure down.

Multi-CDN Stacks Turn Fragmented Logs Into Fragmented Judgment

The problem compounds for any organization running more than one CDN, which, per Rocha, is very common. Each platform in a multi-vendor delivery stack logs with its own fields and its own rule IDs. Analyze each platform’s logs in isolation, and the bigger picture disappears before anyone can act on it. Aggregating and normalizing that data across platforms isn’t a nice-to-have; it’s the only way to keep the decision about what’s actually happening from getting made too late.

The Gap Between a Signal and a Rule Is Measured in Hours. The Adversary Isn’t.

Christopher Jen, who leads go-to-market for AWS edge services and is moving into an agentic-focused role, names the second half of the problem: alert fatigue. Security teams across EMEA are managing more signal with less headcount, and cost constraints mean teams often can’t even afford to keep every signal they’d want. Jen described one customer where a new signal took about six hours from first appearing to someone analyzing it and putting a rule in place. Set that against adversaries that move at machine speed, and a six-hour human loop stops being an inconvenience and starts compounding like a snowball. The instinct to solve this by removing humans entirely is the wrong fix. Jen’s own answer keeps a human in the loop for trust, because assuming a team can hand-build all the correlation tooling itself on top of raw logs “is just not sustainable” at the scale this is heading toward.

Sampling Was Never a Design Choice. It Was a Cost Ceiling

The industry’s standard workaround for that data volume problem, sending only a fraction of real telemetry into the observability layer, was never a preference. Rory McVicar, Hydrolix’s director of partnerships, saw exactly why it became the default when he was a product manager at Level 3 Communications, home at the time to the internet’s largest network. Working with a large French broadcaster ahead of a football match expected to draw a third of the country’s population, his team turned on full log streaming to the observability provider handling the event. The infrastructure buckled: the data volume landing at that layer was, by his account, roughly 100 times what the system was built to absorb. The signal didn’t get noisy. It disappeared right when the critical viewing window mattered most.

McVicar’s takeaway has stayed consistent across the trouble ticket threads he’s worked on: someone always eventually says “I wish we had the data,” whether the domain is security, streaming, or user experience. The instrumentation to capture that data exists. What doesn’t exist, without an expensive backend rebuild, is a cost-efficient way to keep all of it. So teams adapted by getting efficient at working from a sliver, closer to 1% of the real picture, instead.

A Sampled Data Set Doesn’t Just Limit Visibility. It Breaks the Agent’s Decision

That workaround, tolerable when a human was reading a dashboard, stops working the moment an AI agent is the one making the call. Jen is direct about the mechanism: an agent working from sampled data isn’t getting a smaller version of the truth; it’s making the wrong decision, full stop. Token cost sharpens the problem, since agents are charged for the compute they use, and every cycle spent re-deriving context that a properly wired data layer should have already handed over is time and money an agent can’t spare at machine speed. Osmar Bento, a Hydrolix solutions architect focused on media and streaming, makes the same point from the analytics side: building a good agent requires answering the same foundational questions as building a good dashboard: what needs to be seen, what decision it’s meant to support. Skip that groundwork, and the agent doesn’t solve the data problem; it just fails faster. Rocha confirms the same shift from GlobalDots’ side of the stack: sampling and short retention windows, once an acceptable trade-off, become a liability the moment GlobalDots builds MCP components and applications directly on top of that same customer data.

The Fix Is Structural: Storage and Compute Have to Stop Sharing Infrastructure

Hydrolix’s architecture addresses this at the level McVicar frames as decoupling. Storage separates from compute entirely, so ingest and query stop competing for the same resources. Data lands in an S3-compatible model, compressed by roughly 95%, which is what turns keeping the full dataset from a cost fantasy into something financially ordinary. Older observability platforms tightly coupled storage and compute around scheduled, context-specific analytics jobs, a model built for a human asking a question at a known point in time, not for an agent reasoning asynchronously against the whole dataset on demand.

The second structural piece is MCP. Instead of data living inside one walled environment that only its own interface can query, Hydrolix exposes it through an MCP layer that tools like Bedrock AgentCore, Claude Code, or other agents can query directly, correlating across sources rather than being handed one system’s slice at a time. GlobalDots’ role in that stack is the implementation and operations layer, pulling in data from every source a customer needs and building the applications on top of it, exactly the services-partner work Rocha describes GlobalDots doing with Hydrolix inside real enterprise deployments.

A Fully Wired Data Layer Lets an Agent Finish a Root-Cause Analysis Before a Human Approves the Fix

Bento’s live demonstration showed exactly what that looks like in practice: a coordinator agent runs a reason-and-act loop across a media pipeline’s contribution, processing, distribution, and player layers, connected to the underlying tools through an MCP gateway. Two triggers set the workflow in motion: a component alarm, or anomaly detection tuned to short windows, a 10-second check for throughput cliffs, and a 30-second check for buffer starvation. Either one kicks off a root-cause analysis before a human approves any resulting action, such as swapping a source or isolating a node.

Two capabilities are worth naming directly. Pointed at the media pipeline, the system pulls a set of ten thumbnails and runs them through a computer-vision pass to catch visible problems a human would otherwise have to eyeball manually. Pointed at the CDN layer, asked something like why the 403 error rate is climbing, and it returns analysis broken down per edge location rather than a single aggregate number. The target, in Bento’s framing, is replacing the 3 a.m. call that starts with an engineer walking through logs from zero with a report that already exists by the time anyone picks up the phone.

An Agent Earns Autonomy. It Doesn’t Start With It

None of this holds up without deliberate limits on what the agent is allowed to do unsupervised. Jen’s framing for responsible design keeps a human in the loop, both for explainability to the business and to contain the blast radius while an agent is still proving itself. His comparison: treat a new agent like a new intern, don’t send it out unsupervised, watch its work, and let it earn more autonomy as its memory and learning function make it demonstrably more reliable over calls. AWS built guardrails into Agent Core for exactly this reason, including proxies that constrain what an agent’s output can do and the practice of having a separate model monitor another agent’s output, useful precisely because the same prompt can produce a different answer on a second run.

Moderator Jess Ramos extended the same metaphor separately: an intern also shouldn’t get access to everything with no instructions or context, a reminder that scoping applies to what an agent can reach, not only to what it’s allowed to decide on its own.

Every piece of this traces back to the same root cause: telemetry that was sampled, siloed, or too expensive to keep in full. Fixing that is a decision about the data foundation everything else, human or agentic, has to run on, not a tooling swap.

The question worth putting to your own infrastructure and security teams: if an agent looked at your CDN data, would it see the full picture, or the sliver built for a person to skim? That’s a conversation worth having before a customer has to start it for you.

Latest Articles

From Alert to Action: A CDN & Edge Practitioners Summit

Most teams still learn about a CDN problem from a customer rather than from their own monitoring stack.In this panel, GlobalDots, Hydrolix, and AWS break down why that keeps happening and what it takes to fix it: full-fidelity data instead of sampled logs, and AI agents that can actually act on it. Full Webinar: Demo […]

Eduardo Rocha
15th July, 2026
How NetRefer Cut Observability Costs by €96,000 Per Year in Just 3 Months with GlobalDots

Overview NetRefer, a leading iGaming affiliate marketing platform, utilized Azure cloud-native monitoring tools. Shortcomings needed to be resolved, and the business required next-generation observability.  Problems that needed to be solved: Through GlobalDots’ expertise in selecting and implementing the right observability solution, NetRefer achieved €96,000 in annual savings and gained real-time observability across their entire platform […]

Ganesh The Awesome
24th July, 2025
MVP to Production-Grade: How to Fix Scaling Bottlenecks Before They Break You

This webinar & podcast are built for founders, CTOs, and VPs navigating the critical shift from MVP to production-grade infrastructure. Learn how to avoid scaling pitfalls, build resilient systems without over-hiring, and make the right decisions now to support rapid, sustainable growth. Join us to unlock practical strategies and real-world lessons from companies that have […]

Ganesh The Awesome
12th June, 2025
Migrating Volumez RedHat VMs into Amazon Linux 2 for higher effective discounts rate of Saving Plan

A cloud data infrastructure company relied on extensive use of multiple instance types to test its products. But this made it difficult to optimize costs – a fact which had begun to impact their ability to scale the business.   The GlobalDots team helped the company identify and implement a new infrastructure configuration that both saved […]

Itay Tal
19th September, 2024

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services

    GlobalDots guided our migration to Cloudflare, implemented SSL for SaaS, eliminated certificate maintenance, and remained highly responsive throughout.

    Chris Cutajar
    Chris Cutajar

    Infrastructure Eng. & Security Manager