By Sajid Awan
Modern enterprise networks have evolved significantly in the last few years; they may span hybrid clouds, virtual overlays and physical underlays, containers, VMs and multi-vendor products. Networks are struggling to keep pace with the agility of compute resource provisioning, and engineers need to deal with larger-scale organizational changes or deploy new technologies such as SDN. A recent survey showed how these factors combine with the human element to lead to network outages and vulnerabilities.
The global study, “Network Complexity, Change, and Human Factors Are Failing the Business,” conducted by Dimensional Research in October this year, surveyed 315 network experts about their experiences with network outages, vulnerabilities and compliance. The goal of the survey was to capture how network professionals balance increased network complexity and required changes with network uptime, availability, security and compliance requirements. Not surprisingly, given the degree to which networks are manually managed, the survey revealed that 97 percent admitted that human factors cause at least some network outages (see figure 1), with a disturbingly large 45% saying these outages are frequent or worse.
In addition, two thirds of respondents said that monitoring solutions – put into place to ensure network uptime – actually fail to predict most issues. Only four out of 10 companies have network segmentation properly implemented. According to 74 percent of those surveyed, network changes significantly impact businesses several times a year or more. (see figure 2)
Manual Processes Are Problematic in an Automated World
The frequency of these outages shows that network complexity is drifting beyond our ability to deal with it. The slightest change to a network might cause widespread vulnerabilities, and engineers have no way of determining whether or not that has happened when they make a change. Growing network complexity exacerbates this risk, as confirmed by the majority of network professionals surveyed (59 percent). Network downtime can cost organizations millions in business revenue within minutes. And when an issue does occur, it can take hours before the issue is reported. And that does not include the number of hours it takes to actually resolve the issue once it has been identified.
The lengthy time-to-resolution is primarily due to the use of manual methods. Despite various innovations in network management, 69 percent of respondents rely on manual processes, such as inspecting devices via the command line interface (CLI), inspecting configurations and performing manual traceroutes or pings, as one of their main solutions. The problem with this approach is that it fails to provide any guarantees, and manual monitoring can only detect problems after they have already begun. Many times, an outage will be undetected for hours after a change, and a segmentation vulnerability may lie undiscovered for months after it has been exploited.
Organizations Have Compliance Requirements but Are Not Sure if They Are 100 Percent Compliant
The survey revealed that three quarters of network professionals claim their organization has compliance requirements in place. However, 83 percent said that their compliance reporting requires manual effort, and 80 percent indicated they lack full confidence in claiming their network is always compliant. (see figure 3)
Even though most network professionals settle for suboptimal manual solutions, they believe the grass is greener on the other side of the enterprise network hill. Interestingly, the vast majority of those surveyed agreed on four traits they would like to see built into their current network solution: They want to be able to predict impending network outages (87 percent), they want to accelerate the resolution of network issues (85 percent), they want to continuously verify and automate compliance reporting (79 percent), and they want to be able to pinpoint segmentation/micro-segmentation vulnerabilities (86 percent).
The report (PDF), which was conducted by Dimensional Research in October 2016, surveyed 315 network professionals at organizations with 1,000-plus employees to capture how they balanced increasing network complexity and required changes while maintaining uptime, availability, security and compliance requirements.
About Sajid Awan
Sajid Awan is vice president of products at Veriflow and brings more than 20 years of experience in product management, systems engineering and operations in the areas of networking, cloud computing, security and information technology.