Earlier this month, Auvik Networks released their 2021 Network Field Report which revealed widespread gaps in basic network management activities. The study takes an in-depth look at how in-house IT administrators manage their networks, and how knowledgeable and confident they are in their networks.
To gain a better understanding about this report and its findings, VMblog reached out to Steve Petryschuk, Technology Advocate at Auvik Networks.
VMblog: The latest edition of "The Network Field
Report" reveals the current state of network management practices. Can you give
us some of the key takeaways? And were there any surprises?
Steve Petryschuk: The Network Field Report
provides great insight into the minds of IT professionals as it relates to
network management practices.
To
answer your last question first, there were a couple surprises. The big one
that stands out to me is the high
confidence in the network with relatively low network knowledge. Unpacking this further, more than half of IT
professionals have incomplete knowledge of how their networks are configured,
but 77% of the respondents indicated that they are highly confident or very
confident in their networks. I'm a "trust but verify" type of person, meaning
that I'd be confident in the network too - but I definitely want to get the
network insights to back up this confidence.
A
couple of other key takeaways that stood out were:
- Only 36% of
organizations back up their network device configurations daily or weekly,
despite additional data showing that configuration changes are frequent.
What is an acceptable window for an out of date backup? How can we
decrease this window and increase the frequency of backups to match the
frequency of changes?
- More than half (52%)
of an IT pro's time is spent on projects they hate or tolerate. Nearly
half (45%) say that "not enough time" is the primary reason for not doing
the projects that interest them. This is a big problem if organizations
want to retain the best IT professionals. There needs to be a better
balance between the time spent on interesting projects, and ones that are
mundane, uninteresting, or just hated. What tasks can be automated to free
up time for more interesting and engaging projects?
VMblog: What are blind spots and why are they so significant?
Petryschuk: Blind spots can really be
interpreted by the business as areas of risk. These are areas where there is a
gap between best practices, and what has been implemented. Or where there is a
gap between what an IT pro thinks, and reality. We call them blind spots as
they are very similar to a blind spot in your car; if you change lanes and
don't see the car sitting in your blind spot, some pretty severe consequences
can ensue. Same thing here - if these blind spots aren't checked, the
organization is vulnerable. The great news is, like with the blind spot in your
car, for most network blind spots there is a remedy. First you need to be aware
that a blind spot exists and once the blind spot is acknowledged, getting
visibility into that blind spot is often as simple as tweaking an existing
process, tuning a tool, or education (ie, it can be as simple as a "shoulder
check" into your blind spot when driving!).
VMblog: Why do you think these network management weaknesses and inefficiencies exist?
Petryschuk: The IT industry moves at a
very quick pace. Going back to the car analogy, it's natural for many IT
professionals to be always in a "pedal to the metal" mode, where we are always
on and running at or near capacity. It becomes natural then for us to get
blinders on, and focus solely on moving as quickly as we can - either building
new systems or putting out fires. It's rare in IT to have enough time to pause,
reflect, and ensure we're all doing the right things. Even if you do this pause
and reflect today, I bet you wish you had a bit more time to do it.
VMblog:
What best practices should IT pros follow to mitigate the risk involved with
their network vulnerabilities?
Petryschuk: This is really a
collaborative effort between the IT, business continuity, and security teams.
Traditional network vulnerabilities, like required firmware updates, should be
handled by the same risk management framework that the security team uses
across the board. The non-traditional vulnerabilities, like lack of network
visibility and out-of-date configuration backups, can be addressed by first
defining policies around these items. What should the organizational policy for
configuration backups be? How often should the business be ensuring the network
topology maps are up to date? Once the policy around these items is defined,
organizations can then look to understand whether there is the team capacity to
do these things manually, or if there are existing tools within the
organization that can automate these functions. If there is no capacity, and no
existing tools to automate, the teams can go to the market and understand what
solutions can help them solve these blindspots, such as Auvik.
VMblog: When comparing the results of this report to the one Auvik conducted in 2015,
many of the metrics improved. What does this tell us?
Petryschuk: This is a very positive
story. First, the report highlights that metrics around confidence in the
organization's network have improved, indicating that IT teams have taken
action over the past six years to improve the capabilities of both their
networks and their teams. Both of these items have contributed to improved
confidence.
Second,
the report highlights a very positive change in the workweek of a typical IT
professional, where the percentage of IT pros working more than 50 hours a week
has declined. This can be attributed to an increase in proactive maintenance
and network management, reducing the reactive ‘firefighting' that IT pros often
find themselves in. The report highlights the most gains toward proactive
management and monitoring happened in the largest organizations, meaning
there's still some room for improvement in the shift towards proactive management
in small and mid size (<1000 employee) organizations.
VMblog: Does the survey give you any insights of how the pandemic may have impacted IT
organizations?
Petryschuk: One of the things I find
most interesting about the report is the percentage of time IT pros have spent
on items like maintaining the existing network, implementing new systems, and
researching new systems. In the 2021 report, we can see that 58% of time per
week is spent on researching and implementing new systems, up from 39% in 2015.
This means that about 40% of time is spent on maintaining existing systems in
2021, compared to 61% in 2015. It is clear that digital transformation
initiatives have been accelerated and IT professionals are being tasked with
enabling the organization in the post-COVID world!
VMblog:
Is there risk that the improvements over 2015 have stagnated? For example, if
IT pros continue as-is and we don't continue to see improvements, what kind of
implications could this have and at what kind of scale?
Petryschuk: Sure, there's always risk that improvements have
stagnated. I personally don't believe that's the case and that we'll continue
to see gains in these areas. There are still improvements to be had in network
confidence and improving on the reactive / proactive work mix.
There
is a law of diminishing returns here though, meaning that there is a practical
limit to how much IT professionals can avoid reactive firefighting. At the end
of the day, we can put all the tools, technical guardrails, and user education
in place, but one of your users will inevitably find a way to break something!
It keeps things interesting, even if it does add a bit of grey hair.
If
we take the contrarian view here and say - "Yes, improvements have stagnated",
then I don't think it will be long until we start seeing some metrics move back
to 2015 numbers, for things like typical workweeks, reactive / proactive
mix, and network confidence. If we don't continue to be proactive and stay on
top of network management, then we'll quickly lose control and be back to the
old way of doing things.
##