Thursday, May 04, 2017

How to Make Network Compliance Reporting Bearable

By: Stephen Nowicki   Categories:Network and Security

How to Make Network Compliance Reporting Bearable
What is your Network Compliance Story?

 

More and more customers are challenged with incorporating the requirement to provide compliance reporting into their business.  This is primarily driven by audit, regulations, standards, etc. However, many customers have deployed their network components at different times, with different hardware based upon best product availability and price.  Furthermore, standards were not defined on configurations and oftentimes each unit was configured separately.  

How easy is it to provide a report of compliance to standards? Is there a way to be sure that all devices meet requirements without manually going to each node?

A common complaint from network administrators is that there isn’t enough time to keep up with the changes and maintain accurate documentation.  Code levels aren’t updated regularly, so you will typically find that organizations will address this by – ‘if it isn’t broken, don’t fix it’.  Legacy approaches are still popular; login to individual network components, upgrade manually, configure separately, document separately.  

However, there are two trends that are making this a challenge to IT departments.  Firstly, with constrained budgets, network and system administrators are having to do a lot more with less.  Secondly, convergence in the data center is causing convergence in IT department staffing where organizations are looking to system admins to also manage network components.

Additional concerns are voiced about the way infrastructure works together to protect your IT assets.  We all understand that a weak link can lead to vulnerability.

When management asks for a network compliance report, where do you start?
Software management schemes are the key to automating compliance reporting.  While there is a push in the industry to move hardware functions into software such as Software Defined Networking (SDN) and Network Function Virtualization (NFV), the reality is that this approach will take some time to move to maturity and adoption into the mid market enterprise will likely follow even later.  The two key approaches depend upon the state of your current infrastructure from a technology and accounting standpoint. 

Traditional Network Components: Time and effort approach
For customers with extensive investment in traditional network appliances and no budget to consider upgrades, the best approach usually involves trying to put a wrapper around your technology by finding a centralized management and reporting platform.  The ease of success of this endeavor will depend upon the strategy that has been deployed to date in designing and setting standards with legacy network equipment.  The two main approaches to support legacy management and reporting are:

1) On-premise Network Management System
2) Cloud Based Network Management System

With either solution, a common complaint, is the amount of time to be spent on configuration for SNMP, logging, reporting and alerting.  Additionally, setup is required for configuration management and setup of automation of configuration tasks.  The value this solution provides to your organization is directly related to the amount of effort spent in the initial setup and ongoing management.

What other option is there?
For customers that have an opportunity to consider replacing and upgrading network infrastructure they could leverage network cloud managed technology that is purpose built for the cloud and can be deployed, managed, reported upon, upgraded within a central portal for convenience and benefit.

Sound great? 

Well, here are some of the most common complaints we hear regarding these solutions. 

  1. I don’t want to have to pay for licensing to use the cloud forever.  I prefer the set and forget and pay only once leveraging lifetime maintenance options that exist for some products.
  2. I don’t get the best of breed features because cloud portal feature sets are not as broad as traditional feature sets.
  3. Cloud Managed Solutions have Vendor lock in. 

Cloud Managed Solutions — Are they the right fit for you?
Do you think cloud managed solutions are too expensive? I suggest you look carefully at the operational benefits to understand that there is real value in the cloud licensing model. 

It saves time and effort on deployment and makes troubleshooting much easier than an unmanaged solution and often provides improved visibility between network components.   When comparing costs, deploying standalone management systems is an expensive option in time and money. 

Organizations that don’t want to pay for cloud portals, there are new options for you too.

Cloud Managed solutions don’t always provide best of breed components since the inherent vendor lock-in.  The key consideration for many businesses is to determine if the features are adequate to meet the requirements.  Most vendors are continually upgrading capabilities so the gap is shrinking.  Also, have you noticed that most Enterprise Networking Vendors are building their infrastructure to be cloud manageable.  There are compelling reasons for this. 

How do you get from where you are to where you are going?
The best way to go about planning is to develop a roadmap.  Determine your current investment, products’ lifecycle and whether you’re facing an opportunity to upgrade.  If upgrading is not a feasible option, then you need to find a tool (on-premise or cloud) that will enable you to manage your existing IT investments as optimally as possible.

Talk to your network architect and determine the best value option for your business - and that is spending your company’s money wisely.

If you do not have all the answers, getting a security assessment is the first step to planning your strategy. Feel free to get in touch with me to get a conversation started.

Stephen Nowicki
Network Practice Lead at Sentia
905.508.8489 ext.318
View My Profile On LinkedIn

SNowicki

Stephen Nowicki

Stephen Nowicki has over 20 years’ experience in IT with a focus on Networking. Other posts by Stephen Nowicki
Contact author Full biography

CategoryID: