Network Barometer Report 2015
A gauge of global networks’ readiness to accelerate business
The Network Barometer Report 2015 can be downloaded at:
dimensiondata.com/networkbarometer
A
b
o
u
t
Dimension Data
Founded in 1983, Dimension Data plc is a global ICT services and solutions
provider that uses its technology expertise, global service delivery capability, and
entrepreneurial spirit to accelerate the business ambitions of its clients. Dimension
Data is a member of the NTT Group. It has designed, built, and manages over
9,000 networks worldwide to enable more than 13 million users to connect to
their organisations’ networks. Dimension Data has delivered over 2,000 Technology
Lifecycle Management Assessments to date.
Visit dimensiondata.com
Copyright notice and disclaimer
© Dimension Data 2009–2015
Copyright and rights in databases subsist in this work. Any unauthorised copying, reproduction, or other dealing in this work, or any part
thereof, without the prior written consent of the copyright owner, is an act of copyright infringement. Copying of certain portions of
this work, such as tables, graphs, and certain extracts, is permissible subject to the conditions that (1) such portions do not constitute a
substantial reproduction of the work (or a section) as a whole and (2) the following notice accompanies all such portions: ‘Dimension Data
Network Barometer Report 2015, © Dimension Data 2009–2015’. Any unauthorised copying, communication to the public, reproduction, or
other dealings in this work, or any part thereof, renders the person who is responsible for such acts liable for civil law copyright infringement
and, under certain circumstances, liable for criminal prosecution. All rights of the copyright owner are reserved.
The data and information contained in the Network Barometer Report are for information purposes only. While the commentary and
hypotheses in this Report are based on rigorous data analysis and market experience, the Report also contains opinion. Furthermore, while
reasonable steps are taken to ensure the accuracy and integrity of the data and information provided, Dimension Data accepts no liability
or responsibility whatsoever if such data or information is incorrect or inaccurate, for whatsoever reason. Dimension Data does not accept
liability for any claims, loss, or damages of any nature arising as a result of the reliance on, or use of, such data or information by any
individual or organisation.
network barometer report 2015
Executive summary
7
Results
Dimension 1: Technology lifecycle management – How old are today’s networks?
14
This year’s results
How we interpret the results
Summary
15
19
20
Dimension 2: Support services – What causes today’s networks to fail
and how well are those incidents handled?
22
This year’s results
How we interpret the results
Summary
23
28
30
Dimension 3: Security – How vulnerable are today’s networks?
32
This year’s results
How we interpret the results
Summary
33
36
38
Dimension 4: Architecture – Are organisations preparing their networks for
enterprise mobility and the Internet of Things?
40
This year’s results
How we interpret the results
Summary
42
45
46
Recommendations
48
Appendix A: Sample distribution
54
Appendix A.1: Technology lifecycle, type, and vulnerability data
54
Appendix A.2: Services data
57
Appendix B: Top 10 PSIRTs
58
List of figures and tables
59
Executive
summary
5
About
the 2015 Network
Barometer Report
Technology data gathered from
technology
assessments
discovered
devices
5 regions
11 industries
Support services data gathered from
Global
Service
Centres:
A sample of
more than
175,000
service
incidents
Boston
Frankfurt
Bangalore
Johannesburg
A sample
size of
105
countries
We investigated 4 dimensions
technology lifecycle
management
support
services
* See Appendix A for a detailed breakdown
security
architecture
network barometer report 2015
Executive summary
Remote monitoring and automated
management drastically reduce
network support time
The Network Barometer Report 2015 gauges the readiness of today’s networks to support
business. The Report is based on network discovery data gathered from Dimension Data’s
Technology Lifecycle Management Assessments conducted for organisations around the
world. We combined this with information from our Global Service Centres, which relate
to support service requests, or ‘incidents’, logged against organisations’ devices managed
by us. The result is a multidimensional view of today’s networks.
This year, we added four new aspects to
our enquiry:
• services data to compare how devices managed
on Dimension Data’s remote infrastructure
management platform fare in terms of the average time they take to troubleshoot and repair when they fail, compared with devices not managed by us
• an analysis of the configuration errors that
occur most commonly on network devices
across the categories of access management,
intrusion management, network services, session
management, and system settings
• a detailed breakdown of the number of network devices across different models to gain
a better view of organisations’ readiness for
enterprise mobility
Our overall conclusion:
Overall, our data suggests that there’s a growing
need for more effective day-to-day network
management across all corporate infrastructures.
Remote monitoring and automated management
are the most effective ways to improve network
service levels by drastically reducing support time.
We reached this conclusion by investigating and
comparing four dimensions of network management
and strategy:
1. technology lifecycle management
2. support services
3. security
4. architecture
• an analysis of IPv6 adoption across networks in order to determine how well prepared corporate
infrastructures are to accommodate the Internet of Things
Our interpretation of the results is influenced by our
strategic focus on ICT services, and our extensive
experience in monitoring, maintaining, supporting,
managing, and outsourcing our clients’ networks.
7
network barometer report 2015
Remote monitoring and automated management
drastically reduced the time to troubleshoot and
repair all devices, compared with devices that
weren’t managed in this way.
Dimension 1: Technology lifecycle
management – How old are today’s networks?
Networks have aged for the fifth year in a row.
Organisations tend to focus technology refresh
initiatives on obsolete devices, and sweating
ageing equipment.
Our results show that:
• Of all devices, 53% are now ageing or obsolete – up
from 51% in our last Report.
• The percentage of ageing devices has grown by four
points, while the percentage of obsolete devices has
dropped marginally by two points.
Over the past few years, the percentage of ageing
and obsolete devices has steadily increased. The
conventional assumption was that a technology refresh
cycle was imminent. However, our data shows that
organisations are refreshing mostly obsolete devices,
and are clearly willing to sweat ageing devices for
longer than expected.
Possible causes of this strategy are:
• a sustained focus on cost savings, particularly evident
in reduced capex budgets, which may have disrupted
normal refresh patterns
• the growing availability and uptake of as-a-service ICT consumption models which reduce
the need for organisations to invest in their own IT
infrastructure
• the introduction of programmable, software-defined
networks which may be causing organisations to
‘wait and see’ before selecting and implementing
new technology – a factor we expect will become
more influential in the next 18 to 36 months (also
see About software-defined networking in our
Recommendations section.)
8
Dimension 2: Support services
– What causes network devices
to fail and how well are such
incidents handled?
There’s been a sharp increase in the proportions
of both hardware and software failures across
devices since last year. However, most incidents
are still caused by factors that would fall outside the terms of a conventional support
services contract.
Current devices again took longer to repair
than both ageing and obsolete devices. Remote
monitoring and automated management
drastically reduced the time to troubleshoot and
repair all devices, compared with devices that
weren’t managed in this way.
Our results show that:
• The largest proportion of service incidents (55%)
aren’t device-related, but are caused by factors that
fall outside the remit of a conventional support
contract. Organisations would have to handle these
incidents by themselves.
• Avoidable human error causes almost one-third of
all incidents.
• Dimension Data’s remote network monitoring
and automated management reduce the time to
troubleshoot faulty devices by a massive 75%, and
the time they take to repair by 32%, compared
with devices not managed by us.
network barometer report 2015
Dimension 3: Security – How vulnerable are today’s networks?
While networks are marginally less vulnerable than last year, the percentage of devices with security
vulnerabilities has remained relatively stable over the last four years. Networks are therefore not
improving their security status significantly.
Ageing devices are more vulnerable than current or obsolete devices. In addition, the highest number
of security advisories were published for data centre switches and edge/branch office devices. However,
security advisories affected a larger proportion of wireless access points and data centre switches, which
makes them the most vulnerable parts of networks today.
Our results show that:
• Of all devices, 60% have at least one security vulnerability – down from last year’s 74%.
• Over the last four years, the average percentage of devices with at least one security vulnerability has remained
relatively stable at 60%.
• Ageing devices are more prone to having vulnerabilities than current or obsolete devices.
• Data centre switches and edge/branch office routers had the most published security advisories. However, security advisories for data centre switches and wireless access points had the highest penetration rate across all
device types.
Dimension 4: Architecture – How well are networks prepared for
enterprise mobility and the Internet of Things?
Despite the general tendency to sweat assets, organisations are slowly expanding the wireless capabilities
of their network access points.
However, 74% of wireless access points are still older models (802.11g and older) that don’t support a
sound mobility strategy. In addition, the majority of devices are not IPv6-capable yet, many of which
require a simple software upgrade to be so.
Combined, these factors point to organisations not giving the impact of enterprise mobility and the
Internet of Things on the network due strategic consideration yet.
Enterprise mobility requires pervasive wireless connectivity which, in turn, requires at least three basic features in access ports: power-over-Ethernet, gigabit Ethernet on the client side, and 10-gigabit uplinks. This year, we found that:
• 65% of all ports support power-over-Ethernet – up by 14 percentage points since last year
• 25% of switches support 10-gigabit uplinks – up by 2 percentage points
• 37% of ports support gigabit Ethernet – down by 8 percentage points
We maintain that this slight improvement is a reaction to the increased number of mobile devices used in the
workplace, rather than the result of a planned and proactive strategy to prepare for enterprise mobility.
9
network barometer report 2015
Only 21% of all network devices are currently IPv6enabled, while 48% need a simple software upgrade
to become IPv6-ready.
In addition to the impact of enterprise mobility on corporate networks, The Internet of Things will see an
increasing number and variety of business-enabling and –enhancing technologies interconnecting via networks.
Non-human objects will be able to gather data from their environment, interact with one another, and make
intelligent decisions, all without human intervention. To leverage the benefits this will offer, organisations will
need to adopt IPv6 more broadly across their infrastructures, as the number of potentially connected devices will
increase exponentially. Public IPv4 addresses are becoming a rare commodity; in fact, in some parts of the world
they’re already depleted. Here too, we’re seeing strong adoption of public IPv6 address space, especially driven
by legislation in certain regions and proactive architectural changes in others.
Organisations with mostly IPv4-based networks, which haven’t architected the underlying environment with IPv6
in mind, have limited visibility of, and control over, IPv6-enabled technologies. This exposes them to unnecessary
risk, as they won’t be able to monitor and manage those devices, nor control the traffic flow, as well as in an
IPv4-based environment.
We found that:
Only 21% of all network devices are currently IPv6-enabled, while 48% need a simple software upgrade to
become IPv6-ready.
What we recommend
To ensure their networks are able to support business in the most effective, efficient, and secure way possible,
organisations should consider four steps to raise the maturity of their operational support environments:
1. Achieve visibility of the entire networking estate through an accurate and well-maintained inventory.
2. S tandardise the types of technologies used in the network and their configurations as much as possible.
This will shorten the time to repair and reduce support costs, when devices fail.
3. A
utomate as many of day-to-day management tasks as possible through outsourced managed services or
software-defined networking.
4. M
onitor networking devices more closely, either in-house or through remote monitoring services, to reduce
the time it takes to troubleshoot and repair faulty devices.
For more detailed advice, see our Recommendations section.
10
network barometer report 2015
About the Network Barometer Report
The Network Barometer Report 2015 presents the aggregate data gathered from Dimension
Data’s Technology Lifecycle Management Assessments conducted for clients around the
world in 2014. It also contains data relating to service incidents, logged at our Global
Service Centres, for client networks that we support. Dimension Data compiles, analyses,
compares, and interprets the data in order to gauge the readiness of today’s networks to
support business.
About the Technology Lifecycle
Management Assessment
This ICT assessment service from Dimension Data discovers installed assets on the
network, identifies their lifecycle statuses, determines maintenance coverage, and flags
potential security vulnerabilities. The Assessment assists organisations to align their IT
infrastructure with best practices for configuration, security, and patch management,
thereby ensuring that they’re not exposing themselves to unnecessary risk. The
technology lifecycle data used in this Report comes from these automated Assessments,
not from a survey. Click here for more information.
11
Results
13
network barometer report 2015
Dimension 1: Technology lifecycle
management – How old are
today’s networks?
About technology lifecycles
In order to establish the age and viability of technology assets, most vendors have standardised milestones
through which they progress their products towards obsolescence. For example, Cisco uses six technology
lifecycle milestones. These run from future-end-of-sale, the announcement of the lifecycle milestone dates; to
last-day-of-support, the date after which Cisco’s Technical Assistance Center will no longer support the product.
Common to all vendors are end-of-sale and end-of-support.
To normalise the data for this Report, we’ve defined three lifecycle categories:
• Current – These devices are presently shipping and have full access to vendor support services.
• Ageing – Vendors have announced that these devices are past end-of-sale. The devices haven’t passed end-ofsupport yet, but vendor support decreases gradually as the device ages further.
• Obsolete – These devices are past end-of-support.
Table 1 lists these three categories, and the maintenance and support requirements typical of each.
Table 1: Technology lifecycle stages, associated risk levels, and required support environment maturity
Lifecycle
status
Time
(years)
Risks
Required support
environment maturity
Current
0–3
• settling period during which product
• controlled introduction into the environment,
bugs and hardware stability issues
are identified
• organisation’s support teams learn
new features of the device
requiring mature release and
deployment processes
• new and/or advanced technology requires
updated, technology-specific training
• mature change management processes needed
to handle updates and patches, as required
Ageing
3–5
• increased support costs with some
vendors
• all business-as-usual processes apply, including
• decreasing support later in this stage
• some local sparing might be required for later-
(for example, no more software
bug fixes)
Obsolete
5+
• no, or limited, access to spares
• no, or limited, vendor support for
complex issues
14
capacity and change management
stage equipment
• logistics and change management relating to
local spares warehousing
network barometer report 2015
This year’s results
Figure 1: Percentage of ageing and obsolete devices, global average
45
53
51
48
38
Global
2010
2011
2012
2013
2014
For the fifth consecutive year, the devices in today’s networks have aged slightly in terms of their lifecycle status.
Of all devices, 53% are now ageing or obsolete – up by a marginal two percentage points from last year.
Figure 2: Percentage of ageing and obsolete devices by region
60
54
53
50
44
38
37
44
51
52
40
55
55
53
52
48
45
44
40
59
56
38
41
48
51
53
38
38
34
22
Americas
Asia Pacific
2010
Australia
2011
Europe
2012
Middle East & Africa
2013
Global
2014
15
network barometer report 2015
In Asia Pacific, Australia, and Middle East &
Africa, there are slightly fewer ageing and
obsolete devices than last year.
The global increase is mainly due to higher percentages of ageing and obsolete devices in two regions: the Americas,
which rose by a significant 16 percentage points; and Europe, which increased modestly by two percentage points. In Asia Pacific, Australia, and Middle East & Africa, there are slightly fewer ageing and obsolete devices than last year.
A closer analysis of the data gathered from the Americas revealed that the 16-point increase in ageing and obsolete
devices in that region came from a single assessment conducted for a large organisation in the government sector.
However, normalising the data by removing this assessment from this region’s sample set didn’t make a significant
difference: the percentage of ageing and obsolete devices still showed a 9-point increase. This highlights the trend
we’ve seen in relation to the lack of, or delay in, spending on technology refresh in the public sector of the Americas,
attributable to widespread budget cuts and a delayed reaction to the global economic crisis.
Figure 3: Percentage of ageing and obsolete devices by industry
79
77
67
61
60
55
4140
39
40
54 54
50
49
43
34
56
50
48
43
44
32
35 35
38
46
50
38
34
66
61
59
57
51 51
44
54
48
44
48
40
40
44
37
35
34
49
47
47
37
41
48
45
51
53
38
29
2827
22
Automotive
and
manufacturing
Business
services
Construction
and real estate
Consumer
goods
and retail
2010
16
Financial
services
2011
Government
health care
and
education
Mediaentertainment
and
hospitality
2012
Resources
utilities
and enegy
2013
Service
Technology
providers
and
telecommunications
2014
Travel and
transportation
Overall
network barometer report 2015
This indicates that organisations
focus their refresh initiatives
mostly on technology that has
reached critical lifecycle stages
when vendor support is no
longer available.
Figure 4: Percentage of devices by lifecycle
stage, 2012–2014
2012
8
52
Current
40
Ageing
Obsolete
2013
11
49
Current
40
Ageing
Obsolete
Figure 4 compares the percentage of discovered devices
by lifecycle category over the last three years. While
we’ve seen a slight drop in the percentage of obsolete
devices – down to 9% from last year’s 11% – the
percentage of ageing devices has increased by 4 points.
This indicates that organisations focus their refresh
initiatives mostly on technology that has reached critical
lifecycle stages when vendor support is no longer
available. In general, organisations are ‘sweating’
ageing assets, while the percentage of current devices is
at its lowest in three years.
During the seven-year history of the Network Barometer
Report, organisations’ average tolerance level for
obsolete devices in their networks has always been in
the region of 10%. Rarely do organisations allow this to
increase beyond 11% before they refresh the relevant
devices. Historically, there’s been a greater degree of
yearly fluctuation in the percentages of current and
ageing devices, than in obsolete devices.
We’ve correlated this figure with services information
gathered from devices under Dimension Data’s
management to investigate these tolerance levels in
networks monitored and managed by us.
2014
9
47
44
Current
Ageing
Obsolete
17
network barometer report 2015
Figure 5: Percentage of devices by lifecycle stage, when Dimension Data manages the devices, 2013–2014
2013
2014
5
9
46
49
Current
45
Current
46
Ageing
Ageing
Obsolete
Obsolete
Figure 6: Percentage of devices by lifecycle stage, per region, when Dimension Data manages the devices
57
46
47
46
49
49
49
46
46
37
7.4
Americas
5.5
5.7
5.3
Asia Pacific
Europe
Current
Ageing
Middle East & Africa
5.4
Global
Obsolete
Of the more than 1.5 million devices managed by Dimension Data on behalf of its clients, only 5% were obsolete this
year – a significant decrease from last year’s 9%.This reduction correlates with the emphasis organisations have placed
on refreshing mainly obsolete devices over the last year. Although Dimension Data may be managing the devices on
behalf of its client, the decision to purchase replacement technology remains with the client.
The smaller proportion of obsolete devices also shows that Dimension Data has a lower tolerance for these devices
in the networks it manages than client organisations would have if they manage their networks themselves. This is
because Dimension Data is familiar with the risks involved in managing obsolete devices which are no longer subject
to vendor support.
However, at 46%, the proportion of ageing devices is larger in networks managed by Dimension Data than in clientmanaged environments. This indicates a stronger tendency to sweat assets for which vendor support is limited. The
combination of maintenance best practices and available, if limited, vendor support allows Dimension Data a greater
degree of confidence in its ability to manage ageing devices.
18
network barometer report 2015
How we interpret the results
Today’s networks are again marginally ‘older’ than in previous years. In last year’s
Network Barometer Report, we argued that it’s a sound strategy to sweat ageing
assets for as long as possible and not to refresh technology simply for the sake of doing so.
The caveats to this approach are still that the organisation should:
• h
ave an accurate inventory of its entire network estate including each device’s product lifecycle stage, which
is often not the case
• u
nderstand the function of each device and how critical it is to the network’s uptime – the more critical the
device, the more urgent the need to keep it up to date
• h
ave the appropriate operational support strategy in place to resolve any performance issues or outages
that may occur, as vendor support will be either limited or unavailable during later lifecycle stages
• e nsure that the device’s capabilities aren’t constraining architectural changes, which have driven upgrades in
other areas of the network
This year’s results show that organisations are following this approach but, although they’re focusing refresh
efforts mostly on obsolete devices, they still have a greater appetite for the risks involved in keeping such
devices in the network.
Mature monitoring, support, and maintenance
processes would allow for a higher tolerance of ageing
devices in the network.
As seen from the data gathered from devices managed by Dimension Data, mature monitoring, support, and
maintenance processes would allow for a higher tolerance of ageing devices in the network. This proves the viability of managing an older network overall. That is, provided that there’s sufficient visibility of the lifecycle status of all devices, an understanding of their risk profile depending on their criticality to the infrastructure
as a whole, and the proactive management of that risk.
These questions remain, though: Why and when do devices most often fail, and how well are those incidents handled?
19
network barometer report 2015
How
old are today’s
networks?
Networks have aged for 5 consecutive years.
53%
of devices are now ageing
or obsolete
(-2
BUT more are ageing (+4
fewer are obsolete
than last year
percentage
points
)
percentage
points
)
Organisations have a higher tolerance of
obsolete devices than Dimension Data has
when managing networks on clients’ behalf.
We recommend...
Sweating your assets is okay, BUT ...
Know your
devices and their
lifecycle stages
20
Understand potential
network impacts if
devices fail
Manage the risk
of device failure
proactively
network barometer report 2015
Today’s networks are again marginally
‘older’ than in previous years
In last year’s Network Barometer Report, we argued that it’s a sound strategy to sweat
ageing assets for as long as possible and not to refresh technology simply for the sake of doing so.
This year’s results show that organisations are following this approach but, although
they’re focusing refresh efforts mostly on obsolete devices, they still have a greater
appetite for the risks involved in keeping such devices in the network.
21
Dimension 2: Support services – What
causes today’s networks to fail and how
well are those incidents handled?
This year, we analysed over 175,000 service incidents – or ‘trouble tickets’ – handled by Dimension
Data’s Global Service Centres. While the number of devices under our management has grown since
last year, we also had access to a greater data set, which contributed to the increase in the number of
incidents analysed. We wanted to understand the types of incidents encountered while maintaining
our clients’ networks and how these relate to device lifecycle data. (Please refer to Appendix A for
detailed information and commentary on the sample size of our services data.)
About Dimension Data’s Global Service Centres
Dimension Data’s Global Service Centres are organisational
hubs situated at eight central locations in five regions around
the world:
• Americas: Boston, US; and Santiago, Chile
• Asia Pacific: Auckland, New Zealand; Bangalore, India; and Singapore
• Australia: Melbourne, Australia
• Europe: Frankfurt, Germany
• Middle East & Africa: Johannesburg, South Africa
At these Centres, Dimension Data’s service delivery and
technical support experts receive calls from clients and resolve
technical service tickets, requests, and problems in 13 local
languages (depending on location). The Centres receive over
a million such requests from 10,000 clients every year, which
translates to more than 2,500 incidents each day.
22
Dimension Data’s Global Service
Centres are organisational hubs
situated at eight central locations
in five regions around the world.
network barometer report 2015
This year’s results
Figure 7: Root causes of incidents, 2013 – 2014
2013
2014
1
5
0
2 10
3
14
11
Application issue
28
18
Application issue
3
Asset capacity
7
1
Cable fault
Configuration error
Environmental
Environmental
Other human error
3
16
Cable fault
Configuration error
Hardware failure
1
Asset capacity
Hardware failure
19
Other human error
Scheduled outage
Scheduled outage
Software bug
Software bug
Telco failure
Telco failure
42
25
Table 2: Root causes of incidents
Root cause
What it means
Application issue
The device failed due to an error in an application that runs on the device itself, other than
the core operating system, or due to an error in relaying information from an application that
runs remotely.
Asset capacity
The device failed due to network traffic requiring a higher capacity than device is able to handle.
Cable fault
Failure owing to damage to the cable of some kind, for example, the cable was severed between
floorboards or cut by mistake.
Configuration error
The device failed owing to an incorrect or sub-optimal configuration.
Environmental
This includes failures due to power cuts, cooling problems, flooding, and so on, either within the
immediate or wider environment of the device.
Hardware failure
This includes all failures related to the device chassis itself, or to modules added to it to extend or
change its functionality.
Other human error
Mistakes made by people, such as incidents logged incorrectly, duplication of support calls,
incidents logged against devices not managed by Dimension Data, and so on.
Scheduled outage
This includes all planned and predictable routine maintenance downtime.
Software bug
The device failed due to an error in its core operating system, excluding application software.
Telco failure
Failures due to outages in the wide area network that connects the corporate network to telecom
service provider networks.
23
network barometer report 2015
The largest percentage
of incidents – a total of
55% across all networks – would need to be handled
and remedied by organisations themselves.
Figure 7 shows the breakdown of incidents by
resolution category. The most obvious change from our
last results is the dramatic increase in the proportion of
hardware failures compared to other root causes, which
rose by 26 percentage points. The larger proportion
of hardware incidents is due to a general increase in
devices managed by Dimension Data, in combination
with an overall reduction in obsolete devices, which are
less prone to failure. However, when comparing only
the number of incidents per device on a like-for-like
basis, the number of hardware failures has remained
relatively stable compared to our last Report.
Adding to the larger proportion of hardware failures
we’ve seen this year, are the decreases in the proportion
of telco failures (-14 percentage points), environmental
factors (-11 percentage points), and other human errors (-6 percentage points). However, the proportion
of incidents caused by configuration errors and
software bugs has increased by eight and two
percentage points respectively. The larger proportion
of incidents caused by software bugs may be due
to a slight increase in current devices managed by
Dimension Data. The earlier the device is in its lifecycle,
the more prone it would be to software problems that haven’t been identified and solved yet during its
shorter lifespan.
Counting together other human errors and
configuration errors, mistakes made by people account
for 30% of all failures, which shows that nearly onethird of incidents are still potentially avoidable. Of all
root causes, only software bugs (3%) and hardware
errors (42%) would fall within the terms of a basic
support contract, adding up to a total of 45%. This
implies that the largest percentage of incidents – a total
of 55% across all networks – would need to be handled
and remedied by organisations themselves. That is,
if they don’t have network monitoring, support, and
management services in place.
24
Delving deeper into the types of configuration errors
over the last year, we noted a slight increase in critical
errors in voice gateways and industrial switches.
This is concerning, as voice gateways are often
exposed to external parties and therefore more open
to attack. Given the criticality of keeping industrial
manufacturing environments up and running without
interruption, we’d also expect to see more rigorous
controls in relation to the configuration of underlying
infrastructures in this type of environment.
We also analysed the most common configuration
errors seen in networks today. These can be broadly
grouped into two categories of device configuration:
network services and system settings; and access management.
Network services and system settings allow for
the remote management and basic functioning of the
device. Of all discovered wireless devices, routers, and
switches, 31% had critical configuration violations,
which will allow a malicious user to gain unauthorised
access to the device, or misuse or bypass security
controls for network traffic.
As far as access management configurations are
concerned, over 49% of analysed networks don’t have
a centralised authentication strategy in place. System
administrators would have to manually maintain
authentication details for each device, as there’s no
central policy to manage and audit configuration
changes. This, in turn, hinders the organisation’s ability to maintain visibility of changes in the network and secure the environment against
unauthorised configuration changes that may cause
downtime. In almost all cases, a lack of centralised
access management increases the cost of managing the network.
There's a strong correlation between the application
of configuration standards and best practices in the
network and an organisation’s ability to reduce the
duration and impact of network device outages.
The combination of organisations allowing critical
configuration violations to remain within a productive
environment, and not centrally managing network
assets, points towards a broader concern: networks
aren’t as well maintained as they ought to be.
There’s also a correlation between the failures caused by
devices and their lifecycle stage.
network barometer report 2015
Figure 8: Percentage difference in failure rate by lifecycle stage, in relation to current devices
0.41
0
-0.36
Current
Obsolete devices failed least
of all, which supports the
argument for sweating assets
as long as possible, as long
as the organisation has a
thorough operational support
strategy in place.
Ageing
Obsolete
For the purposes of this analysis, we filtered the data
to show only hardware and software failures. All other
incidents are caused by factors that can’t be regarded
as device-related.
Figure 8 shows that obsolete devices failed 0.36%
less often than current devices, while ageing devices
failed 0.41% more often than current devices. This
emphasises the need for advanced monitoring and
management of ageing devices in particular. While the
percentage differences may seem small, the impact that
these failures may have on a large network containing
hundreds of devices in each category can be significant.
Obsolete devices failed least of all, which supports the
argument for sweating assets as long as possible, as
long as the organisation has a thorough operational
support strategy in place to repair or replace such
devices promptly should they fail, as there will be no
vendor support.
25
network barometer report 2015
Figure 9: Average mean-time-to-repair by lifecycle stage, 2013–2014
2013
4.2
3.3
3.4
Obsolete
Average
2.7
Current
Ageing
Lifecycle stage
2014
3.8
2.3
2.1
1.8
Current
Ageing
Obsolete
Average
Lifecycle stage
Looking only at hardware and software failures combined, we’ve seen an overall improvement in the average time
it takes to repair devices: from an average of 3.4 hours last year to 2.1 hours this year. Current devices still take
the longest to repair at 3.8 hours, followed by ageing devices at 2.3 hours, and obsolete devices at 1.8 hours. This
represents a change from last year’s results, when ageing devices took less time to repair than obsolete devices.
In summary, current devices fail more often than obsolete devices and, when they do fail, they take the longest to
repair out of all devices.
However, a crucial finding this year indicates a massive difference in the time it takes to troubleshoot and
repair devices, across all lifecycle stages, when the devices are managed by Dimension Data, versus devices
not managed by us.
26
network barometer report 2015
Figure 10: Average time to troubleshoot and repair non-managed versus managed devices
Non-managed
Managed
Average time to troubleshoot
62.9 minutes
-75.83%
15.2 minutes
Average time to repair
165 minutes
Devices managed via
Dimension Data’s remote
infrastructure management
platform took an average
of 75% less time to
troubleshoot when they fail
than devices not managed
on this platform.
-32.78%
110.9 minutes
In Figure 10, the time indicated for ‘repairing’ a faulty
device includes the full support process: from when
the incident is first logged to when it’s resolved,
including troubleshooting. Our data shows that devices
managed via Dimension Data’s remote infrastructure
management platform took an average of 75% less
time to troubleshoot when they fail than devices not
managed on this platform. Consequently, managed
devices then took 32% less time to repair overall.
The implications of this finding is far-reaching.
It indicates an opportunity for organisations to
save massively on both support time and costs
by making use of professionally delivered remote
monitoring and automated management services
as an integral part of their support contracts.
27
network barometer report 2015
How we interpret the results
The technology lifecycle information we gathered this year shows
that organisations are concentrating their technology refresh efforts
on obsolete, rather than ageing or current, devices. In spite of this,
networks overall have continued to age for the fifth consecutive year.
However, this doesn’t imply that these networks necessarily run a greater risk of downtime, because:
• Our data proves that obsolete devices are still less likely to fail than devices that are either current or ageing.
• It took, on average, two hours less to resolve issues on obsolete devices than on current devices.
Most importantly, this year’s analysis showed that devices of all lifecycle stages that are
managed by Dimension Data take on average 75% less time to troubleshoot when they fail
than devices not managed by us. Consequently, these devices take 32% less time to repair.
Our conclusion is thus the same as, if not stronger than, last year: a refreshed network places a
heavier burden on an organisation’s support services than an ageing network does, particularly
given that current devices take longer to repair than both ageing and obsolete devices. This raises support time and costs. If an organisation therefore decides to refresh a large portion
of its infrastructure, we highly recommend that it considers remote monitoring and automated
management to augment its proactive incident prevention and/or resolution capabilities.
However, it’s also crucial to consider the root causes of service incidents. While our data indicates
that 45% of all failures were device-related – more so than last year – 55% of incidents are still due
to factors outside of a support provider’s traditional remit. These problems would therefore be up to
the organisation itself to resolve, unless it makes use of advanced managed services provided by an
external service provider.
In addition, a significant 30% of service incidents are caused by human error, which means they were
entirely preventable through more effective day-to-day network management. This is compounded
by the fact that devices that aren’t monitored would take longer to troubleshoot and repair.
28
network barometer report 2015
Should organisations choose to continue managing their own
infrastructures, we recommend that they standardise device
models where possible, as well as configuration baselines.
They should also frequently test for, and remedy, any
deviations from the corporate device configuration policies.
The sharp increase in hardware failures we’ve seen this year can be explained by the growth in the overall
number of devices managed by Dimension Data, as well as the slight rise in the percentage of current devices
managed by us. Current devices are more prone to failure and therefore need more support than obsolete
devices. This explains the higher number of configuration errors and software bugs also seen this year, because
the complexity of devices increases in newer iterations. A current device is usually more complex, more difficult to
configure, and more likely to suffer software failures. This places a heavier burden on the general time, skills, and
expertise required of the organisation to manage and maintain an increasingly complex network. Again, remote
monitoring can dramatically reduce the time to diagnose and resolve a problem, while automated configuration
and/or change management can lower the number of incidents related to human error, which currently
represents 30% of all incidents.
Should organisations choose to continue managing their own infrastructures, we recommend that they
standardise device models where possible, as well as configuration baselines. They should also frequently test for,
and remedy, any deviations from the corporate device configuration policies.
Why do current devices fail more and take longer to repair than
obsolete devices?
In our experience, current devices are subject to a ‘burn-in’ period in which software bugs and operating system
problems are still prevalent. Generally speaking, a new device is most likely to fail during the first 90 to 180
days after installation. Any issues related to the first version of a device or operating system, or arising from
manufacturing or shipping the device to site, will manifest shortly after it was installed. Once a device is past this
‘burn-in’ period, fewer incidents occur.
Later, when the device is obsolete, there’s usually only one remediation plan if it fails: to immediately be swapped
with a spare. This reduces mean-time-to-repair, as it’s generally quicker to replace a device than diagnose and
troubleshoot the particular software bug or hardware problem. This, however, requires a mature sparing strategy
on the part of the support organisation, such as those offered by Dimension Data. Without such programmes,
obsolete devices would take much longer to repair.
29
network barometer report 2015
What
causes today’s
networks to fail?
Of all incidents...
Almost
45%
= device
failures
55%
= factors outside
of a support
contract’s terms
1/3
of incidents are caused by
human error, therefore
avoidable through proper
configuration and change
management tools
and processes.
Devices managed by Dimension Data took …
75%
less time to troubleshoot
and, consequently,
32%
less time
to repair.
We recommend...
Conduct a thorough audit to understand the maturity
and suitability of your support systems and processes.
Partner with a support services expert to fill any
support gaps you may have.
Investigate automated management and remote
monitoring capabilities of managed services providers.
30
network barometer report 2015
The technology lifecycle information we
gathered this year shows that organisations are
concentrating their technology refresh efforts on
obsolete, rather than ageing or current, devices. In spite of this, networks overall have continued
to age for the fifth consecutive year.
31
network barometer report 2015
Dimension 3: Security – How vulnerable
are today’s networks?
What are security vulnerabilities and why are they important?
One indication of a network’s vulnerability is the number and degree of criticality of
device software vulnerabilities it contains. As vulnerabilities become known, and following
extensive lab testing and research, original equipment manufacturers publish related
notifications to alert the wider market.
Cisco, for example, has named its vulnerability
announcements PSIRTs (referring to its Product Security
Incident Response Team), while F5, Riverbed, and Arista
publishes ‘Security Advisories’, and Juniper publishes
‘SIRT Advisories’.
Each vulnerability denotes a particular operating system
weakness that may also pose a security risk. Hackers
may discover and exploit such vulnerabilities in a
network, which can lead to a denial of service attack
or allow the hacker to gain access to sensitive data.
The more vulnerabilities identified on a device or in a
network, the higher the risk of a security breach due to
the increased ‘attack surface’ available to exploit.
In all security publications, the manufacturer discloses
the minimum amount of information required for an
end user to assess the impact of a vulnerability and any
potential steps needed to protect the environment.
Manufacturers don’t provide vulnerability details that
could enable someone to craft an exploit.
The more vulnerabilities
identified on a device or in a
network, the higher the risk
of a security breach due to
the increased ‘attack surface’
available to exploit.
Types of security vulnerabilities
The risk posed to your network by a particular
vulnerability depends on the type of vulnerability and
where in the network the devices are positioned that
have that vulnerability. Also, the longer a vulnerability
has been known, the higher the risk, as it gives
attackers more time to learn how to exploit it. See Table
3 in Appendix B for more information about the 10
most prevalent Cisco PSIRTs in 2014.
Patches shouldn’t be applied only for the sake of doing
so. Rather, patch devices based on a calculated risk. For
example, if a device is vulnerable, but it doesn’t support
critical systems or interconnect with an important part
of the network, the priority to patch might be lower
than for a device that does.
32
network barometer report 2015
This year’s results
Figure 11: Percentage of devices with at least one vulnerability, global average
73
75
74
67
60
2010
2011
There’s been a slight improvement in the security
status of networks this year: the percentage of devices
with at least one vulnerability is down to 60% from
74% last year. This change may be mostly attributable
to the trend we’ve seen in organisations refreshing
obsolete devices which generally have more identified
vulnerabilities because of their age. Replacing them
would naturally lead to fewer vulnerabilities in the
network overall.
However, in spite of this improvement, the percentage
of devices with at least one vulnerability has remained
relatively stable over the last four years at an average
of 60%.
2012
2013
2014
There’s been a slight
improvement in the security
status of networks this
year: the percentage of
devices with at least one
vulnerability is down to 60%
from 74% last year.
33
network barometer report 2015
Number of security advisories
Figure 12: Number and penetration rate of security advisories by device type
Data centre switches
Edge routers
Aggregation routers
Voice gateways
Access switches
Other
Wireless
Device category
Delving deeper into the vulnerability of specific device types helps to draw a more compelling picture. Figure 11 shows
the number of security advisories per device type (represented by the height of each circle above the X-axis), as well as
the penetration rate of security vulnerabilities within each device type (represented by the relative size of each circle).
The highest number of security advisories were published for data centre switches, at 190, with the fewest for
wireless devices, at 20. This, however, doesn’t accurately reflect the risk that these devices may pose for a network
and the impact it could have if these vulnerabilities were to be exploited. Although the number of security advisories
for wireless devices may be low, their penetration rate within this device category is high. This means that a large
proportion of wireless devices would have these vulnerabilities. Hence, this device category has the largest circle on
the chart and may pose a bigger risk to networks overall.
Both data centres and wireless infrastructures are critical in any organisation. The data centre network typically
interconnects the application servers that support important business applications. An incident in the data centre
switching infrastructure could have a serious and detrimental effect on the organisation’s ability to operate effectively,
should the data centre stop functioning.
Wireless access points are also crucial because wireless signals aren’t often confined to the physical boundaries of
a building. When exploited, security vulnerabilities in the wireless infrastructure could lead to a security breach and
associated risks of reputational damage, and/or data loss. In deciding which devices with vulnerabilities to patch,
organisation should therefore consider the criticality of the relevant device to the overall functionality of the network.
34
network barometer report 2015
While the obsolete devices may therefore be more secure, the
risk is that vendors won’t provide assistance with any new
vulnerabilities discovered on these devices, as the technology
has passed its last day of support.
Figure 13: Percentage difference in vulnerabilities in devices by lifecycle stage, in relation to current devices
5
0
-2
Current
Ageing
Obsolete
Considering the vulnerability of devices by lifecycle stage, Figure 13 shows that obsolete devices have 2% fewer
security advisories than current devices, while ageing devices have a 5% more security advisories than current devices.
Current devices haven’t been in the market long enough to be tested comprehensively by security researchers. But as time passes, devices are exposed to more testing, and even attacks, which would increase their number of known vulnerabilities.
As these devices age further, organisations often patch their vulnerabilities so that, by the time a device reaches
obsolescence, its operating system achieves its optimal age in terms of security. While the obsolete devices may
therefore be more secure, the risk is that vendors won’t provide assistance with any new vulnerabilities discovered on
these devices, as the technology has passed its last day of support. So, more published advisories for ageing devices
don’t necessarily mean this device lifecyle stage carries more risk. Their vulnerabilities are usually fixed in updated
software releases issued by the vendor. The differences in the numbers are more indicative of organisations not
patching/updating the device software in line with the updates provided by the vendor, which shows a lack of basic,
day-to-day network maintenance.
35
network barometer report 2015
How we interpret the results
The constant vulnerability we’ve seen in networks over the last few years
isn’t surprising, given that organisations are still sweating their assets in
general. There’s a correlation between the higher number of ageing devices
and the percentage of devices with vulnerabilities. Also, as more services
are added to the network, more software is required to effectively operate
the infrastructure. This increases the overall operational risk of owning an
unmaintained network.
While it’s not possible to know about every security threat in advance, it’s best to build the relevant
security capabilities in your organisation to minimise exposure to vulnerabilities.
Key security capabilities to consider:
• visibility and discovery tools – both network- and application-based
• incident response plans and automated workflow
• vulnerability and remediation management
• risk profiling appropriate to business context
• network-, application-, and data-centric protection controls that can be rapidly applied when risks
are discovered and assessed
While the findings of the Network Barometer Report 2015 show that organisations’ networks
remain vulnerable, the NTT Group’s 2015 Global Threat Intelligence Report, based on the Group’s
observations of security attacks, vulnerabilities, and related responses in 2014, shows that ‘most
organisations are not adequately prepared to handle major [security] incidents in their environment.’
Even more telling is that, ‘during 2014, 76% of identified vulnerabilities throughout all systems in
the enterprise were more than two years old, and almost 9% of them were over 10 years old.’ (Also
see ‘Key Findings of the NTT Group’s 2015 Global Threat Intelligence Report’ for more detail, or read
the full report.)
These findings are supported by our data relating to the top 10 identified Cisco PSIRTs across all
networks, and their respective release dates (see Table 4 in Appendix B).With only one exception,
all of the most common vulnerabilities have been known for two years or more but haven’t been
patched. This proves that organisations in general aren’t paying enough attention to managing
known vulnerabilities in their infrastructure and are exposing themselves to unnecessary risk.
We recommend that it’s best to standardise on hardware and software as much as possible, as this
reduces both risk and operational complexity in the long run. The more software and hardware
versions used on the network, the higher the risk and the harder it becomes to maintain. Operational
efficiency is also hampered due to feature disparity.
36
network barometer report 2015
Key findings of
the NTT Group’s
2015 Global Threat
Intelligence Report
Geographic and vertical market trends
Throughout its Report, NTT Group provides insight into the different threats it observed against its clients,
both by geographic location and business sector. It
found the following:
• Financial services continues to represent the number one targeted sector representing 18% of all detected attacks.
• Attacks against business and professional services
moved from 9% to 15%.
• Malware-related events in the education sector
dropped from 42% to 35%.
• Of all attacks, 56% originated from IP addresses
within the US.
Vulnerabilities, attacks, and exploitation
An exploit kit is a malicious toolkit which bundles
exploits so that those exploits can be more readily and
consistently executed against the targeted end-user
systems. The NTT Group’s vulnerability data and analysis
brought into view the impact that exploit kits can have
in attacks against organisations:
• Exploit kits were published in 2013 and 2014 for over
80% of vulnerabilities in 2014.
• There’s been an increase in Adobe Flash exploit usage
in exploit kits from 2012 to 2014.
• DDoS amplification attacks using User Datagram
Protocol (UDP) accounted for 63% of all DDoS
attacks observed by NTT Group.
• During 2014, 76% of identified vulnerabilities
throughout all systems in the enterprise were more
than two years old, and almost 9% of them were
over 10 years old.
• Of observed web application attacks in 2014, 26%
were injection-based – up from 9% in 2014.
Incident response
An organisation’s ability to identify attacks isn’t always
equal to its ability to respond to an attack. Detailed
findings are:
• Incident response efforts were focused in three core
areas: malware, DDoS, and breach investigations.
• Support for DDoS attack response sharply decreased
from 31% in 2013 to 18% in 2014.
• Incident response engagements involving malware
threats increased from 43% to 52%.
• Basic controls are still not implemented in all cases
– 75% of organisations don’t have formal incident
response plans.
Read the full NTT Group 2015 Global Threat
Intelligence Report.
• Network Time Protocol (NTP) amplification attacks
contributed to 32% of all distributed denial-of-service
(DDoS) attacks observed by NTT Group in 2014.
37
network barometer report 2015
How
vulnerable are
today’s networks?
60% =
devices with at
least one security
vulnerability
Slight improvement
from last year
BUT
vulnerability
has remained fairly constant
over last 4 years.
Ageing devices = more vulnerable
than current or obsolete devices.
Data centre switches and edge/branch office routers
= most published security advisories.
Data centre switches and wireless access points
= highest penetration rate = most at risk.
We recommend...
Standardise on hardware and software
as much as possible.
Don’t patch every vulnerability.
BUT
Build security and incident response
capabilities to minimise exposure.
38
network barometer report 2015
The constant vulnerability we’ve seen in networks
over the last few years isn’t surprising, given that
organisations are still sweating their assets in
general. There’s a correlation between the higher
number of ageing devices and the percentage of
devices with vulnerabilities. Also, as more services
are added to the network, more software is
required to effectively operate the infrastructure.
This increases the overall operational risk of
owning an unmaintained network.
39
network barometer report 2015
Dimension 4: Architecture – Are organisations
preparing their networks for enterprise mobility
and the Internet of Things?
In previous Reports, we argued that the move to enterprise mobility would necessitate
an evolution in the access switching network architecture from largely wired to mostly
wireless infrastructures. In an environment where the great majority of end users connect
to the network wirelessly, the traditional campus access-switching network must evolve
because users simply don’t want to be tethered to their desks any longer.
In the old model, 80% of switch ports were for dedicated, wired users while 20% were for shared, wireless
users. This ratio will need to change: 80% of switch ports will have to be for shared, wireless users, and 20% for
dedicated, wired users. This ‘80/20 flip’ is described in Figure 14.
Figure 14: From wired to wireless – the architecture of current versus future networks
Current – traditional wired and wireless access networks
• wireless networks (100–200 devices)
• cabling (1 point per access point)
Wireless LAN
controller
48-port LAN
switches
• wired network (100 users)
• cabling (140 points)
• smartphones
• IP phones
• tablets
• printers
• laptops
• video endpoints
• security systems
Future – predominantly wireless access networks
• wireless networks (100–300 devices)
• cabling (1 point per access point)
• smartphones
• tablets
48-port LAN
switch with built
-in controller
40
• laptops
• printers
• video, etc.
• wired network (10 users)
• cabling (20 points)
• video endpoints (some could be wireless)
• security systems
network barometer report 2015
The type of technology that organisations choose to refresh
can therefore indicate whether they’re preparing for this
change to pervasive wireless connectivity.
For this change to occur, network devices in the access layer require at least three wireless-supporting features:
•
power-over-Ethernet to power the access points
•
gigabit Ethernet ports on the client side to enable the 300–800MB speeds of 802.11n/ac
•
0-gigabit uplinks – as more users access the network via fewer ports, uplinks need greater capacity in order
1
to avoid congestion
The type of technology that organisations choose to refresh can therefore indicate whether they’re preparing for
this change to pervasive wireless connectivity.
41
network barometer report 2015
This year’s results
Organisations continue to expand the wireless capabilities of their network access
points. This is evidenced by increases in two of the three key device requirements
for mobile connectivity.
Figure 15: Network access point wireless capabilities
65%
25%
37%
of all access switches
support powerover-Ethernet
14-percentage point increase from
2013. 65% of the port support PoE
(compared to 51% in 2013).
of all access switches
support 10GB
uplinks
2-percentage point increase on
the previous year.
of all access switches
support gigabit
Ethernet
Decreased to 37% of all ports compared
to 45% the previous year. This is a
8-percentage point decline.
14.5% growth in wireless bookings
Of all access switches analysed, 65% now support
power-over-Ethernet – up by 14 percentage points since
last year. Another improvement was in the percentage
of access switches able to support 10-gigabit uplinks,
which rose to 25% – up by two percentage points.
However, the percentage of access switches able to
support gigabit Ethernet has dropped to 37% this year,
representing a 8-percentage point decrease since our last Report.
42
Another improvement was
in the percentage of access
switches able to support
10-gigabit uplinks, which
rose to 25% – up by two
percentage points.
network barometer report 2015
The most important indicator that organisations are growing their networks’ mobile capabilities, however, is the
increase in access switches able to support power-over-Ethernet. While all new devices come with 10-gigabit uplink
speeds, there’s an active choice to be made between more cost-effective devices that don’t support power-overEthernet and more expensive devices that do. This choice of a more sophisticated, more expensive device indicates a
conscious decision on the part of the organisation to opt for expanded functionality.
However, whether this forms part of a broader architectural strategy to transform the network in its entirety to reach
the 80/20 wireless/wired split remains an open question, especially since we didn’t see an improvement in gigabit
Ethernet ports. This is highlighted by the data that indicates the overall number of discovered devices, according to
model number, that can support mobility.
Figure 16: Percentage of devices that support mobility
0
11
26
802.11g (LDoS)
802.11g
802.11n
802.11ac
63
Only devices with the later model numbers 802.11n and 802.11ac can fully support wireless connectivity. However,
there were no 802.11ac devices discovered this year, and only 26% of discovered devices were of the 802.11n type.
This implies that the vast majority of network devices (74%) are still not able to support advanced wireless and
mobility requirements. This data also explains why there’s still so much access switching infrastructure that doesn’t
support power-over-Ethernet, gigabit Ethernet, and 10-gigabit uplinks: most access points are still of the 802.11g
variety, which only delivers a theoretical maximum throughput of 54Mbps.
While not strictly an architectural trend like enterprise mobility, the Internet of Things is also predicted to have an
influence on corporate infrastructures, particularly in the adoption of the new Internet protocol, IPv6, across network devices.
43
network barometer report 2015
Figure 17: Percentage of devices that support IPv6
21
26
Further analysis
Not supported
5
Requires upgrade
Supported
48
IPv6 is the most recent version of the Internet Protocol (IP) which provides an identification and location system for
devices on networks, and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force
to deal with the long-anticipated problem of IPv4 address exhaustion. IPv6 is intended to replace IPv4.
Our results show that only 21% of devices currently support IPv6. The largest proportion of devices (48%) can be
switched to IPv6 through a simple software upgrade, but currently remain as is, which again indicates a lack of basic
network maintenance.
The Internet of Things will see an increasing number and variety of business-enabling technologies interconnecting via
networks, including over the Internet. Non-human objects will be able to gather data from their environment, interact
with one another, and make intelligent decisions, all without human intervention.
This evolution in networking is projected to have many business benefits: from generating useful big data that
will enable better decision-making, to increasing visibility and control of systems and processes, which will reduce
management time and cost. However, the challenge is that the rise in the number of interconnected devices will
lead to a scarcity and, eventually, unavailability of IPv4 addresses. This will compel organisations to adopt the new
standard, IPv6.
In addition, organisations with mostly IPv4-based networks, which haven’t architected the underlying environment
with IPv6 in mind, have limited visibility of, and control over, IPv6-enabled technologies. This exposes them to
unnecessary risk, as they won’t be able to monitor and manage those devices, nor control the traffic flow, as well as
in an IPv4-based environment. Typically, between 4% and 9% of data traffic within modern data centres is IPv6based. We derived these figures from data generated by Dimension Data’s Network Optimisation Assessment. In these
data centres, the organisation is typically early in the architectural phase and has either not started monitoring, or
remains unaware of the percentage of IPv6 traffic within the environment. The primary source of IPv6 traffic is intermachine communication for Microsoft software, and various other vendors’ software.
The lack of visibility of this traffic, and its associated communications profile, introduces a significant security risk, as
these controls are developed based on device profiles, risk tolerance, and visibility required to maintain the device.
Older controls may not be IPv6 compliant, nor able to provide the required visibility and control to effectively protect the data.
44
network barometer report 2015
How we interpret the results
Organisations tend to sweat their network assets for as long as
possible to save costs, unless the need for specific new features
becomes pressing. For example, if an organisation requires greater
bandwidth to support pervasive wireless connectivity thanks to a
host of new mobile devices brought to work by employees, it would
have no choice but to refresh those devices sooner.
Our data is evidence of this approach. Organisations approach mobility more reactively
than strategically by focusing more on the access layer of the infrastructure – possibly to
accommodate an influx of new smartphones, laptops, and tablets into the organisation.
The rest of the infrastructure, however, lags behind.
Similarly, the adoption IPv6 across all networks is slow, even though in many cases it
would require a simple software upgrade on a large portion of devices. This lack of basic
network management exposes organisations to unnecessary risk, particularly given the
dawn of the Internet of Things and the demands this will place on corporate networks to
adopt the new standard.
Our recommendation is that preparing the infrastructure for enterprise mobility and
the Internet of Things should form part of a coherent network architecture strategy. It
shouldn’t be handled reactively, but approached in a more planned and organised way by
creating and implementing a comprehensive roadmap for development.
45
network barometer report 2015
Are today’s
networks prepared for
enterprise mobility and
the Internet of Things?
Organisations are expanding two wirelesssupporting capabilities in their access switches:
65% 25% 37%
Power-over-Ethernet
up by
14
percentage
points
10GB uplink speed
up by
2
Gigabit Ethernet
down by
percentage
points
8
percentage
points
74% of all wireless access points are older models that can’t support advanced enterprise mobility requirements.
Only 21% of devices support IPv6.
48% of devices can be switched to IPv6 through a simple software upgrade.
We recommend...
Have an accurate inventory of your network
estate and its associated lifecycle status.
Regularly review your long-term enterprise
mobility requirements.
Understand your ‘as-is’ state, define your ‘to-be’ state,
and plan the steps to get there by creating a comprehensive
architecture roadmap.
46
network barometer report 2015
Organisations tend to sweat their network assets
for as long as possible to save costs, unless
the need for specific new features becomes
pressing. For example, if an organisation requires
greater bandwidth to support pervasive wireless
connectivity thanks to a host of new mobile
devices brought to work by employees, it would
have no choice but to refresh those devices sooner.
47
network barometer report 2015
Recommendations
48
network barometer report 2015
49
network barometer report 2015
Dimension Data maintains that the most effective way to improve your
network’s ability to support your business is to invest in maturing your
organisation’s network monitoring, support, and management systems
and processes, rather than refreshing technology simply for the sake
of avoiding obsolescence. It makes sense to sweat assets for longer,
as long as the risks are known and properly managed, which places a
heavier burden on your operational support environment.
Based on our experience in evaluating organisations’ operational support maturity, the vast majority (90%) of
organisations are still at the first or second level of maturity. These levels are characterised by a lack of standard
processes, ad hoc troubleshooting tools, and ambiguous roles and responsibilities for IT employees, resulting in
extended network downtime and increased operational costs. Undoubtedly, this is also the reason that 30% of
all service incidents are still related to human error.
Figure 18: Dimension Data’s operational support maturity model
Whether an organisation chooses to sweat its network assets as long as possible or decides to refresh some or all
of its network, robust and mature operational support processes will ensure maximum availability.
50
Initial •ad hoc
•undocumented
•unpredictable
•poorly controlled
•reactive
•no automation
•roles and
responsibilities
undefined
Repeatable
•some documented
processes
•processes not uniformly used
•some automation
•limited definition
of roles and
responsibilities
Defined
•processes are
proactive
•automation exists for defined processes
•roles are well defined
•mature asset and
change management
processes
Managed
•set quality goals
•guaranteed SLAs
•monitoring and
reporting
•processes are
integrated
•automation tools
are integrated
•capacity planning
Optimised
•IT and business metric linkage
•continuous
service
improvement
•IT improves business process
•business
planning
Complete lack of
organisation
Holding down
the fort
Well-run
cost centre
Business
alignment
Business
driver
network barometer report 2015
Moving towards the ‘optimised’ level doesn’t necessarily require you to have all capabilities in-house. In
many cases, it’s best to partner with an expert provider of network managed or outsourcing services. This will free up your own IT resources to focus on strategic projects that substantially build your competitive advantage.
You can improve your operational support maturity level by considering the following four steps:
1. Achieve maximum visibility of your entire networking estate.
Create and maintain an accurate inventory of all networking devices in your estate, their lifecycle stage,
position within the network, known security vulnerabilities, and criticality to the network’s overall uptime.
2.Standardise the types of technologies used in your network, as well as their
configurations, as much as possible.
A greater degree of standardisation will reduce not only risk in terms of fewer possible operating system
vulnerabilities and configuration errors, but also reduced support costs and average time to repair, should
devices fail.
3. Automate as many of your day-to-day management tasks as possible.
Automation is dependent on standardisation. Automating simple tasks such as configuration management,
password change management, configuration backups, or other scheduled maintenance tasks will help
to reduce human error, thereby increasing the efficiency with which your network is maintained and
supported. Investigate various options such as managed services delivered by a competent services partner,
or even moving to a software-defined network.
4. Monitor your network devices more closely and proactively.
This could be achieved through either internal or outsourced remote monitoring services. Proactive
monitoring of devices can help predict when devices may fail, and reduces the time it takes to troubleshoot
and repair faulty devices. Consider allowing your support provider to monitor the devices it supports.
51
network barometer report 2015
To help you with all your network assessment, maintenance, and support requirements,
Dimension Data offers the following
Figure 19: Dimension Data’s networking services portfolio
plan
build
support
manage
Technology
assessments
Development models
and roadmaps
Technology Lifecycle Management
Assessment
Software-defined Networking
Development Model
Network Optimisation
Assessment
Data Centre Development Model
End-user Computing
Development Model
Best practice project design
Turnkey project management
Asset-based services
Maintenance Services
Premium Support Services
Outcomes-based services
Infrastructure Managed
Services
52
Network-as-a-Service
Carrier Managed
Services
network barometer report 2015
About software-defined networking
Software-defined networking makes networks more intelligent, programmable, and
automated. It’s brought about by changes at the networking device level. The intelligent,
programmable part of each device – the software that determines how the device
controls and directs data – is split from the packet-forwarding engine, and centralised.
Software-defined networks therefore use networking devices configured by a central,
software-based controller. Hence the term ‘software-defined’: the network is no longer
configured by manually adjusting individual devices, but controlled by software.
Read more about Dimension Data’s Software-defined Networking Development Model,
which can help you take the first step in preparing your network for the future of networking.
53
network barometer report 2015
Appendix A
Sample distribution
This appendix provides details about the sample data sets used for the information in this Report.
Appendix A.1
Technology lifecycle, type, and vulnerability data
The technology lifecycle information published in this Report was gathered during the 2014 calendar year
through 354 Technology Lifecycle Management Assessments conducted for clients around the world, covering
over 70,000 devices.
Dimension Data’s Technology Lifecycle Management Assessment is a highly automated service that uses
technology tools to scan our clients’ networks. The information gathered from these scans is analysed on a
centralised portal, using a standardised process and framework.
Figure 20: Percentage of devices by organisation size
2 0
13
Enterprise
Large
Medium
Small
85
The majority of our data came from enterprise and large organisations, reflecting Dimension Data’s
traditional client base.
54
network barometer report 2015
Figure 21: Percentage of assessments by region
11
17
16
Americas
Asia Pacific
Australia
Europe
Middle East & Africa
18
38
Figure 22: Percentage of devices by vertical
5
3
5
Automotive and manufacturing
28
6
Business services
Construction and real estate
0
Consumer goods and retail
8
Financial services
1
2
Government health care and education
Media-entertainment and hospitality
Resources utilities and enegy
8
Service providers and telecommunications
Technology
34
Travel and transportation
55
network barometer report 2015
Figure 23: Percentage of assessments by vertical
4
2
6
Automotive and manufacturing
28
Business services
11
Construction and real estate
Consumer goods and retail
1
Financial services
Government health care and education
9
Media-entertainment and hospitality
3
Resources utilities and enegy
4
Service providers and telecommunications
Technology
12
20
Travel and transportation
The top three contributing sectors to this year’s data sample (both in terms of discovered devices and assessments
conducted) were financial services, automotive and manufacturing, consumer goods and retail, and government –
healthcare and education. This, again, represents Dimension Data’s strong presence in these particular industries.
Figure 24: Number of assessments by country
84
34
1
3
19
3
4
E
1
UK
1
UA
4
ico
rla
nd
s
w
Ze
ala
nd
Ni
ge
ria
Po
rtu
Sa
ga
ud
l
iA
ra
bi
Sin
a
ga
po
So
re
ut
h
Af
ric
a
Sp
Sw
ain
itz
er
lan
d
Th
ail
an
d
th
e
Ne
M
ex
ia
9
This year’s technology data covered 28 countries in five regions.
56
31
15
10
Ne
ur
g
ys
bo
ala
M
em
Ko
re
a
13
4
2
ny
a
ly
8
Lu
x
Re
h
ec
Cz
4
lic
Fr
an
ce
Ge
rm
an
y
In
di
a
il
ile
az
Ch
Br
Au
17
15
Ita
5
1
pu
b
6
str
ali
a
Au
str
ia
Be
lg
iu
m
1
Ke
20
27
US
30
network barometer report 2015
Appendix A.2
Services data
We used a service incident data set to corroborate the assessment results with helpdesk data. Our aim is to review the
business impact of obsolescence on network failures and downtime. We analysed over 175,000 service incidents – or
‘trouble tickets’ – handled by four of our Global Service Centres, to understand the types of incidents we’ve handled in
maintaining our clients’ networks, and the relationship of these incidents to the lifecycle data.
The analysis of the incident data was based on a subset of Dimension Data's total maintenance base. We chose a
selected set of network asset types in order to align with the technology aspects of this report, and account for the
unification of systems following mergers and acquisitions.
With 1.5 million devices creating an incident volume of over 175,000 across 105 countries, this represents a statistically
relevant sample.
Figure 25: Percentage of service incidents by region
7
28
Americas
Asia Pacific
37
Australia
Europe
Middle East & Africa
28
0
57
network barometer report 2015
Appendix B
Top 10 PSIRTs
Table 3: Top 10 Cisco PSIRTs and their penetration rates
Title
Cisco IOS Software DHCP Denial of Service Vulnerability
58
Distinct
count of
device ID
(psirt.csv)
Penetration
rate
Last year’s
rank
Published
12547
43%
–
25 Sep 13
Cisco IOS Software Command Authorization Bypass
9693
33%
5
28 Mar 12
Cisco IOS Software Multicast Network Time Protocol
Denial of Service Vulnerability
9503
33%
–
25 Sep 13
TCP State Manipulation Denial of Service Vulnerabilities
in Multiple Cisco Products – IOS & IOS-XE – 109444
9338
32%
–
08 Sep 09
Cisco IOS Software Network Address Translation
Vulnerabilities
9293
32%
–
26 Mar 14
Cisco IOS Software Multiple Features Crafted UDP
Packet Vulnerability – 108558
8967
31%
2
25-Mar-09
Cisco IOS Software Network Address Translation
Vulnerability
7363
25%
–
27 Mar 13
Cisco IOS Software Network Address Translation
Vulnerabilities – 112253
7211
25%
1
28 Sep 11
OSPF LSA Manipulation Vulnerability in Multiple Cisco
Products – IOS/IOS-XE
6649
23%
–
01 Aug 13
Cisco VLAN Trunking Protocol Vulnerability – 108203
6129
21%
3
05 Nov 08
Cisco IOS Cross-Site Scripting Vulnerabilities – 98605
6061
21%
6
14 Jan 09
Cisco IOS Software Multicast Source Discovery
Protocol Vulnerability
5424
19%
7
28 Mar 12
network barometer report 2015
List of figures
Figure 1:
Percentage of ageing and obsolete devices, global average
15
Figure 2:
Percentage of ageing and obsolete devices by region
15
Figure 3:
Percentage of ageing and obsolete devices by industry
16
Figure 4:
Percentage of devices by lifecycle stage, 2012–2014
17
Figure 5:
Percentage of devices by lifecycle stage, when Dimension Data manages the devices,
2013–2014
18
Figure 6:
Percentage of devices by lifecycle stage, per region, when Dimension Data manages
the devices
18
Figure 7:
Root causes of incidents, 2013–2014
23
Figure 8:
Percentage difference in failure rate by lifecycle stage, in relation to current devices
25
Figure 9:
Average mean-time-to-repair by lifecycle stage, 2013–2014
26
Figure 10:
Average time to troubleshoot and repair non-managed versus managed devices
27
Figure 11:
Percentage of devices with at least one vulnerability, global average
33
Figure 12:
Number and penetration rate of security advisories by device type
34
Figure 13:
Percentage difference in vulnerabilities in devices by lifecycle stage, in relation to
current devices
35
Figure 14:
From wired to wireless – the architecture of current versus future networks
40
Figure 15:
Network access point wireless capabilities
42
Figure 16:
Percentage of devices that support mobility
43
Figure 17:
Percentage of devices that support IPv6
44
Figure 18:
Dimension Data's operational support maturity model
50
Figure 19:
Dimension Data's networking services portfolio
52
Figure 20:
Percentage of devices by organisation size
54
Figure 21:
Percentage of assessments by region
55
Figure 22:
Percentage of devices by vertical
55
Figure 23:
Percentage of assessments by vertical
56
Figure 24:
Number of assessments by country
56
Figure 25:
Percentage of service incidents by region
57
List of tables
Table 1:
Technology lifecycle stages, associated risk levels, and required support environment
maturity
14
Table 2:
Root causes of incidents
23
Table 3:
Cisco PSIRTs and their penetration rates
58
59
network barometer report 2015
60