Lack of network scrutiny causes business continuity headaches

Get free weekly news by e-mailBy Mark Holmes; line of business director for Network Integration, Dimension Data UK.

When we think of business continuity, security attacks, power failures and terrorists instantly spring to mind. While we are all aware of the importance of our organization’s IT and communications network to the day to day work of employees, most of us don’t often think of network maintenance, configuration and upgrades as a vital part of business continuity.

For the vast majority of companies, the network is now the engine of their business. Consequently network downtime results in an inability to operate and therefore an enormous loss of productivity and revenue.

This was underlined by the results of the recently published annual Network Barometer Report from Dimension Data. The study, which assessed 235 networks in companies around the world, highlighted issues and vulnerabilities of networks and shows that some IT managers are now taking the necessary steps to secure and solidify their network assets.

The report revealed several prominent factors at the heart of networking issues facing managers today:

* Configuration issues and violations are the main cause of network disruption and resultant business continuity issues. Each network configuration error represents a chance of downtime and most networks have hundreds of configured devices on them. The report shows that on some networks in Europe, a device holds up to 88 networking configuration issues. This is due to the fact that demands of business activity outweigh those of IT service, meaning networks are not set up correctly. More emphasis should be placed on correctly configuring a network before it is made live to help rectify potential downtime issues.

* The recession has meant that IT infrastructure has not been upgraded but instead, recycled and repaired to extend its milestone expectancy. However 24 percent of products on a network have surpassed their last day of support (LDoS) lifecycle. This increases the chances of downtime that could be prevented by implementing a suitable lifecycle management policy.

* Perhaps somewhat surprisingly, the report has showed that 38 percent of networks have security violations compared with 73 percent in last year’s report. Companies are realising that their hardware is still up to the job and there is a vested interest in making equipment last longer.

* Small and medium sized businesses (SMBs) are still falling behind larger organizations with their networks producing far more configuration and security violations. Compared with an average of 40 configuration issues per device, SMBs have 180. They are therefore 4.5 times more like to experience business downtime as a result of their IT network, than large companies are.

It is worth examining these in more detail:

Configuration:

The Network Barometer Report indicates that an average of 40.7 configuration violations per network device were found. Due to either a security attack or human error, this translates to 40 chances for downtime to occur per device. An average of 30 of these 40 violations, are AAA (Authentication, Authorisation and Accounting) issues. This indicates a serious problem for business continuity, network and security managers. Not knowing who is and has accessed your network leaves IT managers with the difficult problem of trying to track how a potential hack came into the system. Perhaps more importantly, not knowing how an attack entered the system also means that the hole cannot be plugged to prevent the same attack taking place again.

There is also another important point that business continuity managers need to be aware of. More often than not, it is the pressure of the business environment that leaves network managers unable to correctly set up, secure and maintain their network. Business demands dictate that availability of the service comes before the correct implementation of a network. It seems that many network managers are using short cuts and skipping correct setup guidelines in order to bring the service online as fast as possible. This scenario results in a network that has potential security vulnerabilities and configuration issues being made live and used for business, which in turn makes the network more vulnerable, impacting upon business continuity.

To combat this problem, business continuity managers need to ensure that network managers liaise with security teams. In fact all three roles need to be more involved in the configuration process of a network as early as possible. Network managers also seem to opt to configure equipment from scratch. Most networks can be configured using tried, tested and correct templates which can save on 80 percent of the work needed to implement a new system. Using a template allows fewer opportunities for human error to be a cause for network violations as less configuration work is needed.

Lifecycle management:

The report has indicated that lifecycle milestones of IT assets are not being managed efficiently. Constrained budgets have meant that many businesses had to reassess their integration of proposed networks and IT infrastructure. Nearly 1 in 4 products on a network are beyond their Last Day of Support (LDoS) lifecycle. Consequently, they will not be maintained by the vendor. This represents a downtime risk as equipment that is not supported can be the subject of lengthy and costly repairs.

Business continuity managers, working with their IT colleagues need to better ascertain what the business uses of their system’s products are, when that product needs to categorically be replaced and what implications risky infrastructure could have on the system. Having a lifecycle management policy in place improves system management can reduce the risk of downtime. For example, even if a product surpasses its LDoS phase, third party support could be arranged to maintain the product. This not only makes sure that business is able to utilise a suitable asset, but also means that costs can be conserved – especially during the downturn period.

SMB issues:

SMBs are shown to have more networking violations compared to larger organizations. Smaller businesses have an average 140 more configuration and network violations per device. SMBs have fewer employees than their larger counterparts with many of the workforce having to take on multiple roles. This results in less time being dedicated within the IT department to tend to the through management of the network infrastructure. To ease the strain and make networks more secure a third party company can be brought in. This can mean that configuration issues decrease as dedicated personnel are observing and maintaining the system.

Security:

Security violations have lowered over the past 12 months as companies are becoming more aware of the impact that downtime can have on their business. Coupled with the fiscal pressures, security officers are becoming more aware, structured and resourceful in their approaches to securing and maintaining their networks efficiently. Once a company is at a stage where its network is safe and secure, implementation of lifecycle management processes and network assessments are needed. Doing so will reduce network downtime, products going into their LDoS and also being susceptible to attack.

Business continuity managers need to understand and appreciate that network integration is not just a one-off activity. It needs dedicated time and effort to make sure data, users and infrastructure are secure. IT departments cannot deal with vulnerabilities unless they are known about. Assessments therefore need to continuously be carried out so as to be sure that the infrastructure is as free as possible from violations.

Whilst many companies are taking the necessary steps to safeguard and protect their network, there is still room for improvement. Due to the recession, there has been a vested interest for investing in existing hardware on networks. Whilst this has benefits, products are nearing the end of their LDoS. Ensuring your company has an appropriate lifecycle management process in place, and that your network managers continually accesses the infrastructure, will ultimately reduce the possibilities for downtime to occur.

Minimising the risk of network downtime

Business continuity managers looking to minimise the risk of network downtime and resulting business disruption should follow these five rules of best practice:

1. Work closely with the network manager to ensure you have at least a basic understanding of network configuration.
2. Advise the network manager to conduct a network lifecycle assessment. Your organization can’t fix or protect what it doesn’t know about.
3. Work with the network manager or the IT department to create a lifecycle plan for dealing with network devices as they approach and pass Last Day of Support.
4. Try to ensure that the network manager has enough time and resource to correctly implement new devices and upgrades to the network.
5. Consider working with a specialist consultancy. Employing a third-party, expert company to manage your networks can mean that configuration issues can be decreased and less strain is put on the already busy IT personnel.

About the author

Mark Holmes is responsible for Dimension Data’s Network Integration in the UK.

Dimension Data is a specialist IT services and solution provider, that helps clients plan, build, support and manage their IT infrastructures. It applies its expertise in networking, converged communications, security, data centre and storage, Microsoft and contact centre technologies and its unique skills in consulting, integration and managed services to create customised client solutions.

http://www.dimensiondata.com/

•Date: 2nd June 2010 • Region: UK/World •Type: Article •Topic: IT continuity
Rate this article or make a comment - click here





Copyright 2010 Portal Publishing LtdPrivacy policyContact usSite mapNavigation help