While every organization strives to ensure its network is reliable and secure, the pressure on the Department of Defense to deliver in these areas continues to mount–especially when it comes to insider threats. As a recent report from the Government Accountability Office attests, there's still a great deal of room for improvement in this area, including the need to find effective ways to combat unintentional mistakes that can prove disastrous.

I've often heard about people making simple manual network configuration changes and inadvertently taking down their entire installation, resulting in a network being offline for hours. The questions administrators inevitably ask, in the wake of such an event, range from "How can one person do this?" to "Why can't I see everything that's happening on my network, which would have helped me see this coming?" and, most importantly, "How can I prevent this from happening again?"

My answer is always the same: network automation.

There's already a lot of interest in network automation from a cost and efficiency savings perspective, but many agencies do not realize that automation can also help them enhance their security postures and maintain continuous uptime. It achieves this in two simple, yet very powerful, ways:

It takes human interaction almost completely out of the equation. Network automation allows federal IT professionals to take a more hands-off approach by effectively creating a network that can make decisions without manual intervention. For example, during spikes in usage, the network can automatically reroute traffic in order to deliver maximum efficiency and sustained performance. There's very little need for IT administrators to actively go into the network and make changes, which minimizes the chance of errors.

This is particularly important for network administrators managing legacy systems, which unlike newer solutions, are not equipped to prevent user error. Despite the DoD's best efforts at modernization, many agencies are still heavily dependent on older systems that do not have fail-safes in place to prevent failure.

It solves the problem of lack of visibility by providing insight into the entire network. Network automation eschews the traditional "hunt and peck" mentality of network management – where administrators need to manually dig for problems – in favor of a top-down view of the entire network that offers unprecedented visibility and control. This is an absolute necessity, particularly when there are hundreds of thousands of users continually pinging the network. A simple mistake downstream can take out the whole system – but IT managers who manually control their networks may not even know about it until it's too late. In many cases, they certainly won't be able to pinpoint how it started, let alone get a sense that danger is imminent before the network goes down.

With automation, managers can be alerted to a problem when it arises, allowing them to ascertain the issue and react to it before it becomes a true calamity. Further, they can double-check to see where the issue began. This allows managers to work backward from the point of origin, allowing them to more easily fix the error and get the network back up and running without significant loss of downtime.

Of course, there are still instances where manual network management is appropriate. These include cyber security threat analysis, network design and deployment, and network demand curves and planning processes.

However, for every manual necessity, there's a process that's made far more efficient thanks to automation. Routing, bandwidth optimization, security patches are some examples of core IT processes that can be greatly simplified through automation.

It's an especially important solution for organizations that want to maintain a great security posture. After all, we're only human, and even the most well trained professionals' make mistakes. Network automation can help ensure that those mistakes do not turn into major outages or security threats.

from: http://www.c4isrnet.com/story/milita...rity/30138903/