Building a Network Engineer-friendly Approach to Automation


Network operations and network security teams have been understaffed for years, and the nature of network operations has continued to evolve. Josh Stephens, CTO of BackBox, focuses on the next steps in network automation, keeping the experience of network engineers in mind.

Historically, these teams stifled change because it was an opposing force, resulting in less reliable and less secure networks. But we’ve seen an evolution that has accelerated over the last five years, where modern IT teams and ecosystems operate like DevOps teams, and change is no longer something we stifle. 

Instead, we celebrate it across the organization. This has forced network teams to rethink how they operate in ways that keep the network secure, reliable, and performant while increasing capacity for rapid changes, which has led them down the path of network automation.

Dissatisfaction With Legacy Automation Tools

The challenge is that network automation has been around for a very long time, and some products violate the core tenet of what automation is supposed to do. At a high level, automation is meant to save time and scale what network teams can accomplish. But if the automation system requires a heavy investment in resources to build and manage automations, organizations end up seeing a net loss in productivity amongst the team and motivation to use that platform starts to wane.

Given this situation, we weren’t surprised when a recent surveyOpens a new window revealed that 92% of network operations and network security professionals couldn’t keep up with needed software updates – one of the core use cases for network and security device automation and a red flag that it’s time to assess their overall approach to automation.

See More: Closed Loop Verification: A Must-have for Network Automation

Operational Realities for Network Teams

Today, most network teams operate in a multi-cloud scenario where they have their own data center, their own WAN, resources in public clouds from multiple providers, and maybe even a partner network they are connected to. The scope of what the network team is responsible for is expanding rapidly, and whatever tools they put in place to help manage configurations, OS updates, and backups across physical networks now need to cover virtual devices and cloud networks as well.

In a cloud-native world, the DevOps team does their own networking and may build automations inside a DevOps tool for a cloud network that needs to interact with a physical network or a private data center. API capabilities are required to fuse those automations into a central automation platform. So, something that wasn’t even on the radar for network teams five to 10 years ago is now required and raises the bar for network automation platforms.

Add to this the fact that the number of common vulnerabilities and exposures (CVEs)Opens a new window being discovered and published is growing exponentially as hardware vendors invest more time and money finding CVEs via their own testing, looking on the dark web, and providing bug bounties to people that discover them. This problem is compounded as the tech stacks grow. 

If network teams don’t have a reliable automation tool that they can trust to handle upgrades at scale, there’s no way to keep up. Teams revert to manual methods with a strong potential for human error and forced delays of important updates for weeks or months. Inevitably, some updates simply fall through the cracks.

A Network Engineer-friendly Approach to Automation

The reason organizations invest in network automation is to stay efficient, secure, and agile in the face of rising network complexity and changing business circumstances. But clearly there’s a gap between expectations and reality. If your organization is re-evaluating your approach to network automation, here are five network engineer-friendly ways to address some of the most common automation pain points.

1. Reduce fragmentation

Think of each of the different automation tools you currently use to cover all the different physical and virtual network and security devices across your entire estate and the complexity and expense involved in juggling them. Look for an approach that no longer requires your team to pivot between legacy tools and multiple, single vendor-provided automation tools to handle updates and changes.

2. Enable an overarching automation strategy

With the ability to integrate complementary technologies like your service desk tools and network monitoring tools with your network automation platform, you can create and execute an overarching network automation strategy. An open architecture that supports your best-of-breed toolset empowers network managers to drive successful automation across your multi-cloud and on-premises environment.

3. Simplify compliance

In today’s complex regulatory environment, teams struggle to achieve and maintain compliance with internal policy and government or industry regulations such as the Health Insurance Portability and Accountability Act (HIPAA) or the Payment Card Industry Data Security Standard (PCI-DSS), or best practices like the Center for Internet Security (CIS) standards. With capabilities like continuous proactive compliance validation, notifications when gaps are detected, and the option to automate remediation, network engineers don’t have to worry about drift. They can respond to audits quickly and confidently.

4. Take a risk-based approach to vulnerability management 

Integrate vulnerability and risk intelligence data into your OS and device update strategy so you can focus on vulnerabilities that are a high priority for your organization. With a risk-based process, teams will be able to decrease risk while doing updates more rapidly.

5. Get smart about business continuity

Look for an automation approach that tightly couples backup processes with asset discovery and management tools so that nothing is overlooked. Capabilities that support best practices, such as daily or even more frequent backups, automated retries when backups fail, and automated backups of new devices as they are added to the network, help teams work smarter, not harder, to ensure business continuity.

See More: How to Fix Cybersecurity and Network Engineering Skills Gap

Hit Refresh on Network Automation

The concept of network automation has been around for decades, but networks, risks, and threats have changed dramatically over the years. It’s time for organizations to look for signs that their approach to network automation may need a refresh and seek out best practices and new technologies that enable teams to keep pace with rapid change. 

Fortunately, with a modern, network engineer-friendly approach, we can return to the original intent behind network automation – efficiency – so that teams can focus on more strategic work that helps scale the business and drive meaningful value.

How are you ensuring that your network automation approach is network-engineer-friendly? We’d love to hear from you on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .

Image Source: Shutterstock