While network infrastructure isn’t necessarily something CIOs think about on a daily basis, there are some essential things about their organization’s network infrastructure operations that they must know. They all have to do with network infrastructure outages. These incidents carry a significant risk of negative impact on the entire organization’s performance and profitability. As these are the things that fall comfortably within a typical CIO’s scope of responsibilities, they must ask some network related questions. More importantly, answers need to be updated on a regular basis. Here they are:
1) If you knew that your primary production network infrastructure was going to take an outage tomorrow, what would you do differently today?
Not knowing the answer of this million-dollar question usually costs a lot more to any CIO. Simply put, if you don’t know your network infrastructure management’s vulnerabilities, you are more likely to be hit by an outage. Working with experienced consultants will usually help – both in terms of tapping into their expertise and having a new set of eyes looking at the matter.
At least, two things should be reviewed:
1) How is your network infrastructure design created?
2) How does it operate?
This review will help identify downtime risks and potential ways to mitigate them.
2) Has your company ever experienced a significant network infrastructure outage? How do you know it was significant?
Key here is defining “significant outage.” The definition can vary from one organization to another. It can also vary by application. That’s why defining “significant outage” based on the probable impact of an outage is essential. Once defined, begin to communicate it within your organization.
3) Which applications are the most critical ones to your organization?
Usually, companies respond to this question by saying that every application is important. The truth is every organization has applications and services that are more critical than others. A website going down in a hospital doesn’t stop doctors from treating patients. But a website outage for an e-commerce company directly means missed sales. Once you identify your most critical apps and services, determine who will protect them. This decision should be taken by considering your specific business cases and risk tolerance levels.
4) How do you measure the cost of a network infrastructure outage?
By developing a model for determining outage costs and weighing them against the cost of mitigating the risk, businesses can make more informed decisions. Even though total outage cost can be vague, trying to go close to it will help the cause. We have seen cancellations of generator projects and UPS upgrades simply because managers couldn’t accurately predict outage costs. Having said that, the prediction of the outage costs must be realistic. Soft costs get hard to calculate. Sometimes, an outage may just mean a backlog of information that needs to be processed without a significant bottom-line impact.
5) What would be the indirect business costs of a network infrastructure outage?
Since indirect business costs vary greatly from organization to organization, they are the toughest ones to quantify. Generally, they comprise of loss of productivity and competitive advantage, reduced customer loyalty, regulatory fines, and other miscellaneous losses.
6) Do you have documented processes and procedures in place to mitigate human errors in your network infrastructure management?
Around 73% of network infrastructure outages are caused by human errors. Before we can replace all humans with machines, the only way to weed them out is to have clearly defined processes and procedures. The fact that this statistic hasn’t improved over time indicates that most organizations still have a lot of work to do in this area. Enforcement of these policies is, thus, critical. Many organizations do have sound policies for network infrastructure management. The real problem is with their inadequate implementations.
7) Do your network infrastructure management’s security policies gel with your business security policies?
Now that IT and facilities are figuring out how to collaborate better inside the network infrastructure, it’s time for IT and security departments to do the same. A problem arrives when a corporate physical security system needs to operate within a network infrastructure design under different usage requirements. That’s what makes integrating corporate security and network infrastructure operations a problematic task.
8) Do you have a structured and ongoing process for determining what applications run in on-premise network infrastructure design?
As your business requirements change, so do your applications and required resources to operate them. All the applications running in your network infrastructure should be assessed and reviewed at least annually. Moreover, the best type of infrastructure should be decided for each application based on reliability, performance, and network security requirements of your business.
9) What is your IoT security strategy? Do you have an incident response plan in place?
As many organizations have solved BYOD threats, the doors for IoT devices monitoring have opened up. But instead of doing that, many companies are monitoring activities only on application stacks. It’s high time for companies to recognize that IoT devices play a major role in the physical infrastructure of an organization’s IT stack. Leaving them unprotected may increase the risk of network infrastructure management failures.
10) What is your Disaster Recovery process?
And the follow-up questions: Does your entire staff know where they need to be and what they need to do if you have a critical and unplanned network infrastructure event? Has that plan been tested? Again, processes are key here. Most organizations do have these processes in place. The key issue is once again the human factor. Very often, concerned people don’t know about these processes. And even if they do, they don’t know what to do when a major event actually happens.
Considering the innumerable complexities that every network infrastructure management possesses, this inquiry is just a tip of an iceberg. There is a lot more to look into it. But if you can’t thoroughly answer at least these many questions at this juncture, it’s time to pause, reflect, and look for answers.