Network Barometer Report 2015 A gauge of global networks readiness to accelerate business
The Network Barometer Report 2015 can be downloaded at: dimensiondata.com/networkbarometer About Dimension Data Founded in 1983, Dimension Data plc is a global ICT services and solutions provider that uses its technology expertise, global service delivery capability, and entrepreneurial spirit to accelerate the business ambitions of its clients. Dimension Data is a member of the NTT Group. It has designed, built, and manages over 9,000 networks worldwide to enable more than 13 million users to connect to their organisations networks. Dimension Data has delivered over 2,000 Technology Lifecycle Management Assessments to date. Visit dimensiondata.com Copyright notice and disclaimer Dimension Data 2009 2015 Copyright and rights in databases subsist in this work. Any unauthorised copying, reproduction, or other dealing in this work, or any part thereof, without the prior written consent of the copyright owner, is an act of copyright infringement. Copying of certain portions of this work, such as tables, graphs, and certain extracts, is permissible subject to the conditions that (1) such portions do not constitute a substantial reproduction of the work (or a section) as a whole and (2) the following notice accompanies all such portions: Dimension Data Network Barometer Report 2015, Dimension Data 2009 2015. Any unauthorised copying, communication to the public, reproduction, or other dealings in this work, or any part thereof, renders the person who is responsible for such acts liable for civil law copyright infringement and, under certain circumstances, liable for criminal prosecution. All rights of the copyright owner are reserved. The data and information contained in the Network Barometer Report are for information purposes only. While the commentary and hypotheses in this Report are based on rigorous data analysis and market experience, the Report also contains opinion. Furthermore, while reasonable steps are taken to ensure the accuracy and integrity of the data and information provided, Dimension Data accepts no liability or responsibility whatsoever if such data or information is incorrect or inaccurate, for whatsoever reason. Dimension Data does not accept liability for any claims, loss, or damages of any nature arising as a result of the reliance on, or use of, such data or information by any individual or organisation.
Executive summary 7 Results Dimension 1: Technology lifecycle management How old are today s networks? 14 This year s results 15 How we interpret the results 19 Summary 20 Dimension 2: Support services What causes today s networks to fail and how well are those incidents handled? 22 This year s results 23 How we interpret the results 28 Summary 30 Dimension 3: Security How vulnerable are today s networks? 32 This year s results 33 How we interpret the results 36 Summary 38 Dimension 4: Architecture Are organisations preparing their networks for enterprise mobility and the Internet of Things? 40 This year s results 42 How we interpret the results 45 Summary 46 Recommendations 48 Appendix A: Sample distribution 54 Appendix A.1: Technology lifecycle, type, and vulnerability data 54 Appendix A.2: Services data 57 Appendix B: Top 10 PSIRTs 58 List of figures and tables 59
Executive summary
5
About the 2015 Network Barometer Report Technology data gathered from technology assessments discovered devices 5 regions 11 industries Support services data gathered from Global Service Centres: Boston Frankfurt Bangalore Johannesburg A sample of more than 175,000 service incidents A sample size of 105 countries We investigated 4 dimensions technology lifecycle management support services security architecture * See Appendix A for a detailed breakdown
Executive summary Remote monitoring and automated management drastically reduce network support time The Network Barometer Report 2015 gauges the readiness of today s networks to support business. The Report is based on network discovery data gathered from Dimension Data s Technology Lifecycle Management Assessments conducted for organisations around the world. We combined this with information from our Global Service Centres, which relate to support service requests, or incidents, logged against organisations devices managed by us. The result is a multidimensional view of today s networks. This year, we added four new aspects to our enquiry: services data to compare how devices managed on Dimension Data s remote infrastructure management platform fare in terms of the average time they take to troubleshoot and repair when they fail, compared with devices not managed by us an analysis of the configuration errors that occur most commonly on network devices across the categories of access management, intrusion management, network services, session management, and system settings a detailed breakdown of the number of network devices across different models to gain a better view of organisations readiness for enterprise mobility an analysis of IPv6 adoption across networks in order to determine how well prepared corporate infrastructures are to accommodate the Internet of Things Our interpretation of the results is influenced by our strategic focus on ICT services, and our extensive experience in monitoring, maintaining, supporting, managing, and outsourcing our clients networks. Our overall conclusion: Overall, our data suggests that there s a growing need for more effective day-to-day network management across all corporate infrastructures. Remote monitoring and automated management are the most effective ways to improve network service levels by drastically reducing support time. We reached this conclusion by investigating and comparing four dimensions of network management and strategy: 1. technology lifecycle management 2. support services 3. security 4. architecture 7
Remote monitoring and automated management drastically reduced the time to troubleshoot and repair all devices, compared with devices that weren t managed in this way. Dimension 1: Technology lifecycle management How old are today s networks? Networks have aged for the fifth year in a row. Organisations tend to focus technology refresh initiatives on obsolete devices, and sweating ageing equipment. Our results show that: Of all devices, 53% are now ageing or obsolete up from 51% in our last Report. The percentage of ageing devices has grown by four points, while the percentage of obsolete devices has dropped marginally by two points. Over the past few years, the percentage of ageing and obsolete devices has steadily increased. The conventional assumption was that a technology refresh cycle was imminent. However, our data shows that organisations are refreshing mostly obsolete devices, and are clearly willing to sweat ageing devices for longer than expected. Possible causes of this strategy are: a sustained focus on cost savings, particularly evident in reduced capex budgets, which may have disrupted normal refresh patterns the growing availability and uptake of as-a-service ICT consumption models which reduce the need for organisations to invest in their own IT infrastructure the introduction of programmable, software-defined networks which may be causing organisations to wait and see before selecting and implementing new technology a factor we expect will become more influential in the next 18 to 36 months (also see About software-defined networking in our Recommendations section.) Dimension 2: Support services What causes network devices to fail and how well are such incidents handled? There s been a sharp increase in the proportions of both hardware and software failures across devices since last year. However, most incidents are still caused by factors that would fall outside the terms of a conventional support services contract. Current devices again took longer to repair than both ageing and obsolete devices. Remote monitoring and automated management drastically reduced the time to troubleshoot and repair all devices, compared with devices that weren t managed in this way. Our results show that: The largest proportion of service incidents (55%) aren t device-related, but are caused by factors that fall outside the remit of a conventional support contract. Organisations would have to handle these incidents by themselves. Avoidable human error causes almost one-third of all incidents. Dimension Data s remote network monitoring and automated management reduce the time to troubleshoot faulty devices by a massive 75%, and the time they take to repair by 32%, compared with devices not managed by us. 8
Dimension 3: Security How vulnerable are today s networks? While networks are marginally less vulnerable than last year, the percentage of devices with security vulnerabilities has remained relatively stable over the last four years. Networks are therefore not improving their security status significantly. Ageing devices are more vulnerable than current or obsolete devices. In addition, the highest number of security advisories were published for data centre switches and edge/branch office devices. However, security advisories affected a larger proportion of wireless access points and data centre switches, which makes them the most vulnerable parts of networks today. Our results show that: Of all devices, 60% have at least one security vulnerability down from last year s 74%. Over the last four years, the average percentage of devices with at least one security vulnerability has remained relatively stable at 60%. Ageing devices are more prone to having vulnerabilities than current or obsolete devices. Data centre switches and edge/branch office routers had the most published security advisories. However, security advisories for data centre switches and wireless access points had the highest penetration rate across all device types. Dimension 4: Architecture How well are networks prepared for enterprise mobility and the Internet of Things? Despite the general tendency to sweat assets, organisations are slowly expanding the wireless capabilities of their network access points. However, 74% of wireless access points are still older models (802.11g and older) that don t support a sound mobility strategy. In addition, the majority of devices are not IPv6-capable yet, many of which require a simple software upgrade to be so. Combined, these factors point to organisations not giving the impact of enterprise mobility and the Internet of Things on the network due strategic consideration yet. Enterprise mobility requires pervasive wireless connectivity which, in turn, requires at least three basic features in access ports: power-over-ethernet, gigabit Ethernet on the client side, and 10-gigabit uplinks. This year, we found that: 65% of all ports support power-over-ethernet up by 14 percentage points since last year 25% of switches support 10-gigabit uplinks up by 2 percentage points 37% of ports support gigabit Ethernet down by 8 percentage points We maintain that this slight improvement is a reaction to the increased number of mobile devices used in the workplace, rather than the result of a planned and proactive strategy to prepare for enterprise mobility. 9
Only 21% of all network devices are currently IPv6- enabled, while 48% need a simple software upgrade to become IPv6-ready. In addition to the impact of enterprise mobility on corporate networks, The Internet of Things will see an increasing number and variety of business-enabling and enhancing technologies interconnecting via networks. Non-human objects will be able to gather data from their environment, interact with one another, and make intelligent decisions, all without human intervention. To leverage the benefits this will offer, organisations will need to adopt IPv6 more broadly across their infrastructures, as the number of potentially connected devices will increase exponentially. Public IPv4 addresses are becoming a rare commodity; in fact, in some parts of the world they re already depleted. Here too, we re seeing strong adoption of public IPv6 address space, especially driven by legislation in certain regions and proactive architectural changes in others. Organisations with mostly IPv4-based networks, which haven t architected the underlying environment with IPv6 in mind, have limited visibility of, and control over, IPv6-enabled technologies. This exposes them to unnecessary risk, as they won t be able to monitor and manage those devices, nor control the traffic flow, as well as in an IPv4-based environment. We found that: Only 21% of all network devices are currently IPv6-enabled, while 48% need a simple software upgrade to become IPv6-ready. What we recommend To ensure their networks are able to support business in the most effective, efficient, and secure way possible, organisations should consider four steps to raise the maturity of their operational support environments: 1. Achieve visibility of the entire networking estate through an accurate and well-maintained inventory. 2. Standardise the types of technologies used in the network and their configurations as much as possible. This will shorten the time to repair and reduce support costs, when devices fail. 3. Automate as many of day-to-day management tasks as possible through outsourced managed services or software-defined networking. 4. Monitor networking devices more closely, either in-house or through remote monitoring services, to reduce the time it takes to troubleshoot and repair faulty devices. For more detailed advice, see our Recommendations section. 10
About the Network Barometer Report The Network Barometer Report 2015 presents the aggregate data gathered from Dimension Data s Technology Lifecycle Management Assessments conducted for clients around the world in 2014. It also contains data relating to service incidents, logged at our Global Service Centres, for client networks that we support. Dimension Data compiles, analyses, compares, and interprets the data in order to gauge the readiness of today s networks to support business. About the Technology Lifecycle Management Assessment This ICT assessment service from Dimension Data discovers installed assets on the network, identifies their lifecycle statuses, determines maintenance coverage, and flags potential security vulnerabilities. The Assessment assists organisations to align their IT infrastructure with best practices for configuration, security, and patch management, thereby ensuring that they re not exposing themselves to unnecessary risk. The technology lifecycle data used in this Report comes from these automated Assessments, not from a survey. Click here for more information. 11
Results
13
Dimension 1: Technology lifecycle management How old are today s networks? About technology lifecycles In order to establish the age and viability of technology assets, most vendors have standardised milestones through which they progress their products towards obsolescence. For example, Cisco uses six technology lifecycle milestones. These run from future-end-of-sale, the announcement of the lifecycle milestone dates; to last-day-of-support, the date after which Cisco s Technical Assistance Center will no longer support the product. Common to all vendors are end-of-sale and end-of-support. To normalise the data for this Report, we ve defined three lifecycle categories: Current These devices are presently shipping and have full access to vendor support services. Ageing Vendors have announced that these devices are past end-of-sale. The devices haven t passed end-ofsupport yet, but vendor support decreases gradually as the device ages further. Obsolete These devices are past end-of-support. Table 1 lists these three categories, and the maintenance and support requirements typical of each. Table 1: Technology lifecycle stages, associated risk levels, and required support environment maturity Lifecycle status Time (years) Risks Required support environment maturity Current 0 3 settling period during which product bugs and hardware stability issues are identified organisation s support teams learn new features of the device Ageing 3 5 increased support costs with some vendors decreasing support later in this stage (for example, no more software bug fixes) Obsolete 5+ no, or limited, access to spares no, or limited, vendor support for complex issues controlled introduction into the environment, requiring mature release and deployment processes new and/or advanced technology requires updated, technology-specific training mature change management processes needed to handle updates and patches, as required all business-as-usual processes apply, including capacity and change management some local sparing might be required for laterstage equipment logistics and change management relating to local spares warehousing 14
This year s results Figure 1: Percentage of ageing and obsolete devices, global average 45 48 51 53 38 Global 2010 2011 2012 2013 2014 For the fifth consecutive year, the devices in today s networks have aged slightly in terms of their lifecycle status. Of all devices, 53% are now ageing or obsolete up by a marginal two percentage points from last year. Figure 2: Percentage of ageing and obsolete devices by region 38 37 44 60 40 44 44 54 50 34 40 53 51 48 38 56 41 52 55 38 55 59 53 52 38 45 51 53 48 22 Americas Asia Pacific Australia Europe Middle East & Africa Global 2010 2011 2012 2013 2014 15
In Asia Pacific, Australia, and Middle East & Africa, there are slightly fewer ageing and obsolete devices than last year. The global increase is mainly due to higher percentages of ageing and obsolete devices in two regions: the Americas, which rose by a significant 16 percentage points; and Europe, which increased modestly by two percentage points. In Asia Pacific, Australia, and Middle East & Africa, there are slightly fewer ageing and obsolete devices than last year. A closer analysis of the data gathered from the Americas revealed that the 16-point increase in ageing and obsolete devices in that region came from a single assessment conducted for a large organisation in the government sector. However, normalising the data by removing this assessment from this region s sample set didn t make a significant difference: the percentage of ageing and obsolete devices still showed a 9-point increase. This highlights the trend we ve seen in relation to the lack of, or delay in, spending on technology refresh in the public sector of the Americas, attributable to widespread budget cuts and a delayed reaction to the global economic crisis. Figure 3: Percentage of ageing and obsolete devices by industry 79 77 60 55 41 4039 49 40 43 34 44 50 43 32 28 27 54 54 38 35 35 67 61 56 48 34 57 50 50 46 38 34 51 51 44 54 48 48 44 40 44 40 22 59 47 47 37 35 29 41 37 66 61 49 38 53 45 4851 Automotive and manufacturing Business services Construction and real estate Consumer goods and retail Financial services Government health care and education Mediaentertainment and hospitality Resources utilities and enegy Service providers and telecommunications Technology Travel and transportation Overall 2010 2011 2012 2013 2014 16
Figure 4: Percentage of devices by lifecycle stage, 2012 2014 2012 8 52 This indicates that organisations focus their refresh initiatives mostly on technology that has reached critical lifecycle stages when vendor support is no longer available. 40 2013 11 Current Ageing Obsolete Figure 4 compares the percentage of discovered devices by lifecycle category over the last three years. While we ve seen a slight drop in the percentage of obsolete devices down to 9% from last year s 11% the percentage of ageing devices has increased by 4 points. This indicates that organisations focus their refresh initiatives mostly on technology that has reached critical lifecycle stages when vendor support is no longer available. In general, organisations are sweating ageing assets, while the percentage of current devices is at its lowest in three years. 40 49 Current Ageing Obsolete During the seven-year history of the Network Barometer Report, organisations average tolerance level for obsolete devices in their networks has always been in the region of 10%. Rarely do organisations allow this to increase beyond 11% before they refresh the relevant devices. Historically, there s been a greater degree of yearly fluctuation in the percentages of current and ageing devices, than in obsolete devices. We ve correlated this figure with services information gathered from devices under Dimension Data s management to investigate these tolerance levels in networks monitored and managed by us. 2014 9 47 44 Current Ageing Obsolete 17
Figure 5: Percentage of devices by lifecycle stage, when Dimension Data manages the devices, 2013 2014 2013 2014 9 5 46 49 45 Current Ageing Obsolete 46 Current Ageing Obsolete Figure 6: Percentage of devices by lifecycle stage, per region, when Dimension Data manages the devices 57 46 47 46 49 49 46 49 46 37 7.4 5.5 5.3 5.7 5.4 Americas Asia Pacific Europe Middle East & Africa Global Current Ageing Obsolete Of the more than 1.5 million devices managed by Dimension Data on behalf of its clients, only 5% were obsolete this year a significant decrease from last year s 9%.This reduction correlates with the emphasis organisations have placed on refreshing mainly obsolete devices over the last year. Although Dimension Data may be managing the devices on behalf of its client, the decision to purchase replacement technology remains with the client. The smaller proportion of obsolete devices also shows that Dimension Data has a lower tolerance for these devices in the networks it manages than client organisations would have if they manage their networks themselves. This is because Dimension Data is familiar with the risks involved in managing obsolete devices which are no longer subject to vendor support. However, at 46%, the proportion of ageing devices is larger in networks managed by Dimension Data than in clientmanaged environments. This indicates a stronger tendency to sweat assets for which vendor support is limited. The combination of maintenance best practices and available, if limited, vendor support allows Dimension Data a greater degree of confidence in its ability to manage ageing devices. 18
How we interpret the results Today s networks are again marginally older than in previous years. In last year s Network Barometer Report, we argued that it s a sound strategy to sweat ageing assets for as long as possible and not to refresh technology simply for the sake of doing so. The caveats to this approach are still that the organisation should: have an accurate inventory of its entire network estate including each device s product lifecycle stage, which is often not the case understand the function of each device and how critical it is to the network s uptime the more critical the device, the more urgent the need to keep it up to date have the appropriate operational support strategy in place to resolve any performance issues or outages that may occur, as vendor support will be either limited or unavailable during later lifecycle stages ensure that the device s capabilities aren t constraining architectural changes, which have driven upgrades in other areas of the network This year s results show that organisations are following this approach but, although they re focusing refresh efforts mostly on obsolete devices, they still have a greater appetite for the risks involved in keeping such devices in the network. Mature monitoring, support, and maintenance processes would allow for a higher tolerance of ageing devices in the network. As seen from the data gathered from devices managed by Dimension Data, mature monitoring, support, and maintenance processes would allow for a higher tolerance of ageing devices in the network. This proves the viability of managing an older network overall. That is, provided that there s sufficient visibility of the lifecycle status of all devices, an understanding of their risk profile depending on their criticality to the infrastructure as a whole, and the proactive management of that risk. These questions remain, though: Why and when do devices most often fail, and how well are those incidents handled? 19
How old are today s networks? Networks have aged for 5 consecutive years. 53% fewer are obsolete than last year BUT more are ageing We recommend... of devices are now ageing or obsolete (-2 ) points (+4 percentage percentage points Organisations have a higher tolerance of obsolete devices than Dimension Data has when managing networks on clients behalf. Sweating your assets is okay, BUT... ) Know your devices and their lifecycle stages Understand potential network impacts if devices fail Manage the risk of device failure proactively 20
Today s networks are again marginally older than in previous years In last year s Network Barometer Report, we argued that it s a sound strategy to sweat ageing assets for as long as possible and not to refresh technology simply for the sake of doing so. This year s results show that organisations are following this approach but, although they re focusing refresh efforts mostly on obsolete devices, they still have a greater appetite for the risks involved in keeping such devices in the network. 21
Dimension 2: Support services What causes today s networks to fail and how well are those incidents handled? This year, we analysed over 175,000 service incidents or trouble tickets handled by Dimension Data s Global Service Centres. While the number of devices under our management has grown since last year, we also had access to a greater data set, which contributed to the increase in the number of incidents analysed. We wanted to understand the types of incidents encountered while maintaining our clients networks and how these relate to device lifecycle data. (Please refer to Appendix A for detailed information and commentary on the sample size of our services data.) About Dimension Data s Global Service Centres Dimension Data s Global Service Centres are organisational hubs situated at eight central locations in five regions around the world: Americas: Boston, US; and Santiago, Chile Asia Pacific: Auckland, New Zealand; Bangalore, India; and Singapore Australia: Melbourne, Australia Europe: Frankfurt, Germany Middle East & Africa: Johannesburg, South Africa At these Centres, Dimension Data s service delivery and technical support experts receive calls from clients and resolve technical service tickets, requests, and problems in 13 local languages (depending on location). The Centres receive over a million such requests from 10,000 clients every year, which translates to more than 2,500 incidents each day. Dimension Data s Global Service Centres are organisational hubs situated at eight central locations in five regions around the world. 22
This year s results Figure 7: Root causes of incidents, 2013 2014 2013 2014 28 1 5 0 3 18 Application issue Asset capacity Cable fault 3 1 14 2 1 0 11 7 Application issue Asset capacity Cable fault 1 3 25 16 Configuration error Environmental Hardware failure Other human error Scheduled outage Software bug Telco failure 19 42 Configuration error Environmental Hardware failure Other human error Scheduled outage Software bug Telco failure Table 2: Root causes of incidents Root cause Application issue Asset capacity Cable fault Configuration error Environmental Hardware failure Other human error Scheduled outage Software bug Telco failure What it means The device failed due to an error in an application that runs on the device itself, other than the core operating system, or due to an error in relaying information from an application that runs remotely. The device failed due to network traffic requiring a higher capacity than device is able to handle. Failure owing to damage to the cable of some kind, for example, the cable was severed between floorboards or cut by mistake. The device failed owing to an incorrect or sub-optimal configuration. This includes failures due to power cuts, cooling problems, flooding, and so on, either within the immediate or wider environment of the device. This includes all failures related to the device chassis itself, or to modules added to it to extend or change its functionality. Mistakes made by people, such as incidents logged incorrectly, duplication of support calls, incidents logged against devices not managed by Dimension Data, and so on. This includes all planned and predictable routine maintenance downtime. The device failed due to an error in its core operating system, excluding application software. Failures due to outages in the wide area network that connects the corporate network to telecom service provider networks. 23
The largest percentage of incidents a total of 55% across all networks would need to be handled and remedied by organisations themselves. Figure 7 shows the breakdown of incidents by resolution category. The most obvious change from our last results is the dramatic increase in the proportion of hardware failures compared to other root causes, which rose by 26 percentage points. The larger proportion of hardware incidents is due to a general increase in devices managed by Dimension Data, in combination with an overall reduction in obsolete devices, which are less prone to failure. However, when comparing only the number of incidents per device on a like-for-like basis, the number of hardware failures has remained relatively stable compared to our last Report. Adding to the larger proportion of hardware failures we ve seen this year, are the decreases in the proportion of telco failures (-14 percentage points), environmental factors (-11 percentage points), and other human errors (-6 percentage points). However, the proportion of incidents caused by configuration errors and software bugs has increased by eight and two percentage points respectively. The larger proportion of incidents caused by software bugs may be due to a slight increase in current devices managed by Dimension Data. The earlier the device is in its lifecycle, the more prone it would be to software problems that haven t been identified and solved yet during its shorter lifespan. Counting together other human errors and configuration errors, mistakes made by people account for 30% of all failures, which shows that nearly onethird of incidents are still potentially avoidable. Of all root causes, only software bugs (3%) and hardware errors (42%) would fall within the terms of a basic support contract, adding up to a total of 45%. This implies that the largest percentage of incidents a total of 55% across all networks would need to be handled and remedied by organisations themselves. That is, if they don t have network monitoring, support, and management services in place. Delving deeper into the types of configuration errors over the last year, we noted a slight increase in critical errors in voice gateways and industrial switches. This is concerning, as voice gateways are often exposed to external parties and therefore more open to attack. Given the criticality of keeping industrial manufacturing environments up and running without interruption, we d also expect to see more rigorous controls in relation to the configuration of underlying infrastructures in this type of environment. We also analysed the most common configuration errors seen in networks today. These can be broadly grouped into two categories of device configuration: network services and system settings; and access management. Network services and system settings allow for the remote management and basic functioning of the device. Of all discovered wireless devices, routers, and switches, 31% had critical configuration violations, which will allow a malicious user to gain unauthorised access to the device, or misuse or bypass security controls for network traffic. As far as access management configurations are concerned, over 49% of analysed networks don t have a centralised authentication strategy in place. System administrators would have to manually maintain authentication details for each device, as there s no central policy to manage and audit configuration changes. This, in turn, hinders the organisation s ability to maintain visibility of changes in the network and secure the environment against unauthorised configuration changes that may cause downtime. In almost all cases, a lack of centralised access management increases the cost of managing the network. There's a strong correlation between the application of configuration standards and best practices in the network and an organisation s ability to reduce the duration and impact of network device outages. The combination of organisations allowing critical configuration violations to remain within a productive environment, and not centrally managing network assets, points towards a broader concern: networks aren t as well maintained as they ought to be. There s also a correlation between the failures caused by devices and their lifecycle stage. 24