Dimension Data announced the results of its Network Barometer Report for 2012. The findings of the report have been taken from 294Technology Lifecycle Management” (TLM) assessments of enterprise organizations.

TLM review a networks’ readiness to support business by reviewing network device across four distinct areas:-

  1. Security vulnerabilities
  2. Configuration variance from best practice
  3. IOS Version Management
  4. End-of-Life status

The report has a concentrates mainly on Cisco products as they form the largest vendor in the Dimension Data installed support base.

Key finding of the report

  • 75% of network devices are carrying at least one known security vulnerability, in line with the 73% in 2011.
  • A single vulnerability was responsible for this high PSIRT penetration. PSIRT 10944, identified by Cisco in September 2009, was found in 47% of all the devices analysed during 2011 (A PSIRT is a software vulnerability that has been identified by Cisco’s Product Security Incident Response Team)
  • While the number of configuration errors per device increased from 29 to 43, security related configuration errors such as AAA Authentication continue to dominate
  • The percentage of devices that entered the obsolescence phase increased from 38% to 45%
  • Of those devices, the percentage that were End-of-Sale (EoS) jumped from 4.2% in 2011 to 70% in 2012. The percentage of devices that were either EoSW maintenance EoCR dropped a similarly dramatic amount from 86.2% to 20.8%.
  • A third of all Wireless access points discovered during the calendar year 2011 were 802.11n-capable. This is nearly triple the 12% 802n penetration from last year. This adoption will also drive refresh in the underlying routing and switching infrastructure
  • After peaking at 64 new PSIRTS in 2007, the announcements had tapered off in the 45 to 50 range for the past three years, before spiking again to 60 in in 2011
  • On average, 40% of all devices have been past EoS for the past four years. That said, there have been small year–on-year increases over the past three years – 3% from 2010 to 2011 and 7% from 2011 to 2012.

The report states

“While the overall percentage of devices carrying at least one known security vulnerability stayed constant, the data also shows that an increasing number of organisations have been successful in their security vulnerability management.

During 2010, 14% of all the assessments performed showed networks that were completely clear of security vulnerabilities. This figure increased to 25% of all assessments performed during 2011.

Repeat Technology Lifecycle Management Assessment clients fared even better – during 2010, 18% of all assessments showed no security vulnerabilities, a number that doubled to 37% for 2011.

In fact, repeat users of the TLM Assessment performed better than the general population with 59% of all devices carrying at least one known security vulnerability when compared to 75% for the entire sample set. This would seem to confirm that on going network visibility is a crucial component of successful vulnerability management.” 

Dimension Data’s Conclusion of it report is below.

With the on going changes in the way IT services are consumed, in some cases driven by user demand, it has become more important than ever to take an architectural approach to network design. The adoption of enterprise mobility, virtualisation and cloud will place more pressure on an already stretched network and if it is not managed proactively will impact business agility, efficiency and ability to remain competitive.

Effective infrastructure management and network planning ensures that IT is able to meet the needs of the organisation at a tactical and strategic level, with additional benefits in terms of cost, asset optimisation and security. Dimension Data concludes that a technology lifecycle management (TLM) approach will address key architecture, security and configuration issues. We recommend this approach include six stages.

INITIATE: Determine the impact of the network technology lifecycle The first stage involves a business discussion about the network’s technology lifecycle, and the organisation’s existing and best fit longer term network architecture, considering risk, cost and strategic factors.

DISCOVER: Gather network data

Incorporates business and technical reviews with the key stakeholders to ensure the relevant information is collected. An asset list is required at this stage and if the organisation does not have an up to date list, a network scan will be required to create one. Dimension Data recommends a TLM Assessment to help identify lifecycle milestones as well as security and configuration issues.

CONSTRUCT: Perform gap analysis and develop recommendations

Here, the discovery data is analysed against security, configuration and end-of-life databases as well as checked for maintenance coverage status. There are automated tools to perform this task and the TLM Assessment service achieves this for Dimension Data clients. A technology roadmap will be created, based on the prioritised recommendations from the analysis. This will include configuration remediations as well as security and maintenance recommendations.

RECOMMEND: Consult and present the recommendations and roadmap

This consultative stage includes sharing the findings of the work done with key stakeholders and determining how to act on recommendations based on risk, cost and strategic factors. This will include a formal report and a collaborative discussion to develop an action plan.

EXECUTE: Execute on recommendations

IT operations will then execute on the recommendations. These may include allocating resources or working with a third party to address the security and network remediations that are required, reviewing maintenance and support contracts, and/or planning for equipment upgrades. As this is a multi-year planning approach, there are likely to be steps executed in future financial periods as the organisation’s needs dictate.

IMPROVE: Execute this discipline on an ongoing basis

Networks and markets are dynamic. Configurations will drift from best practice standards over time and additional products deployed will enter the manufacturer’s obsolescence lifecycle. In order to ensure the benefits of this approach over time, repeat assessments should be considered.

See my summary of the 2011 Dimension Data Barometer Report here.

.

Advertisements