Is your network compliant?
Policies are being defined at a high level in an enterprise for all sorts of reasons—but I wonder how many senior managers stop to think about the degree to which their underpinning network affects the ability to comply with these policies, including the external service providers’ networks?
With IT systems underpinning virtually every aspect of a business, there is increasing focus on defining policies to try and ensure compliance in its widest sense—covering security, regulatory compliance, service level agreements (SLA) adherence and general operational best practice—to minimise business risks and maximise performance.
Yet, as I have previously emphasised, there is a major disconnect between those tasked with defining the high level policies and those down in the ‘engine room’ who have to implement them within their infrastructure. One problem is that they don’t speak the same language. However, if you take that down into a multi-national or global network, the picture is even more worrying.
Non-compliance risks from the network alone include service disruptions through device failures and outages (jeopardising SLAs), network security breach problems and the costs associated with downtime, lost business and punitive costs for regulatory compliance failures. Networks can also span the globe, yet a policy for one country may conflict with a policy for another. Tricky that.
So it is quite gratifying to find a bunch of ex-network engineers, who understand what happens out on the wires in detail and also appreciate this disconnect, who have set out to get the two to speak (approximately) the same language. Now they are extending this into a compliance solution for networks.
Intelliden was founded by a group of ex-MCI employees in 2000 (i.e. before the Worldcom crash). The question they were trying to answer then was: “How do you create tools for better management of a multi-vendor, integrated, heterogeneous network infrastructure?” Back then, each network equipment vendor had tools for its own products but all large enterprises had an equipment mix. Now, seven years on, the same problem is hugely magnified. Whereas broadband take-up was miniscule back then, we now everyone using voice, video and data services over a single converged pipe.
What the company decided to do first was effectively to virtualise the network, creating a consistent XML schema for all networked devices—hiding their complexity and the complex scripts needed to configure them. Patented software achieved this partly by converting the command line interfaces (CLIs) into XML and vice-versa. What this means is that the ‘network manager’ works inside the XML schema in a point-and-click manner to configure devices without needing to know their technical idiosyncrasies and, more importantly, this can then be rolled out to many thousands of similar devices across the network as needed.
This contrasts with a more typical approach of importing a script for many thousands of lines, trying to edit it, and then applying it—with no consistency between, say, a Cisco and an Alcatel device. Intelliden’s VP of strategy Rahul Sachdev explained to me that this was vitally important because networks were now forever changing. “Scripting does not scale when you’ve got thousands of devices and hundreds of thousands of transactions per day,” he said.
Equally important is that the software allows bandwidth to be flexed in real-time; so if it becomes clear a pipe’s bandwidth is nearing capacity, the megabits might be increased on the fly. This is only possible because the real-time state of the network is known.
So how about tackling the different varieties of compliance and risk? Sachdev estimated that 80% of network faults were down to faulty configuration, not to straightforward device malfunction, so the software’s ability to intercept most of these configuring errors before they happen will immediately increase an enterprise’s ability to meet an SLA and reduce the possibility of a device being open to security attack. Because of the virtual layer, the software also supports greater granularity in access security to individual devices.
However, it does not stop there. Sachdev also estimated that about 15% of network faults were directly related to compliance itself. So Intelliden will, next month, release a new network compliance capability.
Intelliden’s Policy-based Compliance Management solution has a goal of maintaining flawless delivery of services and five 9s availability, and uses service-oriented architecture (SOA) with an open API for integration with leading third party software. By capturing the high-level requirements into its own policy engine, the software can eliminate network compliance and security policy violations, while also automating what were previously tedious repetitive manual tasks. Equally important, since the process is fully audited, reports can be used to demonstrate compliance with both government and corporate policies.
The requirements to meet HIPAA, Sarbanes-Oxley and the like are all defined at a high level—without reference to how this is to be achieved within the infrastructure, let alone a multi-national, heterogeneous network. “Compliance requirements have to be translated to the engineer,” said Sachdev. “Someone is stuck with translating this to the network. A more usable paradigm was needed to make sure the network is compliant.”
So we should expect a marked reduction in the disconnect between, say, a compliance manager and a network manager. The network manager should be able to implement what the compliance manager is asking for then present evidence to say: “Is this what you wanted?” In turn, the compliance manager should be able to follow what has been produced enough to be able to say “Yes”, “No” or “Please alter this”.
Service providers (ISPs and telcos) who supply bandwidth and services to an enterprise, are probably equally in need of these facilities as the enterprises themselves since their businesses are built on maintained service levels.
If this has really been cracked it will be something all organisations with large and complex networks ought to seriously consider. The proof will be in the pudding of course—and next month is when we should know.