Many networks in production today particularly those belonging to older companies that first embraced these technologies were built and deployed in the 1990s.  Others were patched together when companies merged due to takeovers or company mergers.  Over the years network infrastructure became more complex as requirements became more extensive and demanding.  Add to these various emerging technologies including wireless; converged voice and data; virtualization and more  which all place even more complex demands on the corporate network.  The end result of all these is that many networks may not be prepared for what lies ahead.

Today's CIO or IT Manager face an ever daunting task when it comes to designing, implementing, operating and/or maintain the corporate local and wide area network, i.e. the LAN and WAN.  Some networks may simply have outgrown their initial design goals with new requirements being supported via ad hoc solutions.  Some may not have been designed with industry best practices for performance and availability thus resulting in outages and productivity issues that hamper profitability or even result in financial losses.  Older networks may still be using outdated hardware and software platforms that are becoming increasingly difficult to maintain and may even be no longer supported by their respective manufacturers.  As corporate offices became interconnected via wide area networks, many networks and/or applications find it more difficult to reliably operate over the bandwidth constrained and longer latencies associated with these type of connections.  There would also be networks that are simply not ready to support newer real-time and/or time sensitive applications like Voice over IP (VoIP), streaming video and enterprise applications such as CRM or ERP.   Lastly, networks that have grown over years from either ad hoc upgrades or the result of merged networks (i.e. from company mergers) will likely be more difficult to troubleshoot, maintain and/or operate thus resulting in higher operating costs.

WHAT IS NETWORK ASSESSMENT?

The first three objectives are achieved via comprehensive reviews (and as needed, surveys) of an organisation's business requirements, documentation of its network (LAN/WAN) infrastructure, and a fairly thorough understanding of IT applications, systems and processes.  The last objective can likewise be achieved via a similar passive approach but may also include active network testing and analysis.  The latter is important partly to identify and understand current issues/bottlenecks but also to establish a baseline expectation for handling future technology upgrades and/or new business offerings.  A company that is seeking to expand  their network from a single location (i.e. the main office) to include multiple branch offices need to know what is in place in its current environment and what potential problems can result from the addition of remote locations.  Another example is that of an organisation with large amounts of data that is seeking to make it available to a large number of users via the public Internet.  The influx of remote access users brings about a totally different usage pattern to when all users are all inside the corporate LAN.

A network assessment thus helps you by identifying network concerns, prioritise issues and perhaps even lay down a road map of actionable recommendations thus allowing the organization to focus on the tasks at hand and handle matters in order of importance.  The assessment also gives the organization justification to plan for further funding if there are insufficient funds available.  On the other hand, the prioritised recommendations allow to organization to use whatever resources are available to address the most critical items first.  As previously mentioned, aside from tackling current issues a network assessment also takes into consideration any planed upgrades or new business requirements that the company may have so that these are incorporated into the recommendations and implementation road map.

WHAT DO WE EXAMINE IN A NETWORK ASSESSMENT?

The areas to examine partly depend on the organisation’s line of business or type of operations.  The focus of the organisation’s business; sensitivity of data and/or transactions; performance and availability needs; number of users and locations; and the regulatory compliance requirements to which it falls under will have an impact on its network requirements.  However, the issues can typically be categorized into the following:

• External (or Public) Network Components – These are network devices and/or systems that are accessible from outside the organisation’s network perimeter.  This access may be either from the public Internet or via some Intranet (or private point-to-point) connection from the organisation’s partners.  In some cases, the corporate WAN may be considered as part of this category.
• Internal Network Components – These are network devices and/or systems that are located within the organisation’s network perimeter such as its internal LAN and its private WAN connecting its various office locations.  These include internal network devices; servers and systems; user workstations (including mobile devices like laptops and PDAs); storage devices; backup systems; and other I.T. resources such as printers, scanners, etc.  Internal network components are also characterized as those used by the internal users of the organization, i.e. employees.
• Guest and/or Remote Access Networks – Remote access include company employees that may be traveling or working from a remote location, e.g. telecommuting.  These users may require access to critical applications and/or sensitive data but are located outside of the organisation's network perimeter.  Guest access are temporary access given to users who may be visiting the organisation (i.e. non-employees) and so are located within the office premises.
• Application and/or Database Systems -- These are applications and/or database systems used by the organisation for its operations.  The nature of usage of each application and/or data means that each one may require a different level of security.  This also means that users (e.g. employees, partners, customers, etc.) may need different levels of access privileges.
• I.T. Documentation and Related Processes -- Often overlooked are the related documentation which are meant not only to provide guidance to IT and non-IT users but also allow for consistency in the execution of these processes or procedures.
• Environment -- In addition to the common areas of concern, the physical environment also deserves inclusion in any assessment as this provides the underlying framework that everything runs on.  This includes the data center, supporting power systems, cabling infrastructure, etc.

It is the objective of a network assessment engagement to examine all of these areas in some details, perhaps in varying degree of importance depending on the nature of the organization.  The goal is to identify the current performance level of the corporate network and its weak points; understand their relevance and criticality; prioritise these by risk and importance; and ensure its alignment to current business requirements and future plans.

TECHNOLOGY OR PROCESS?

It is often the case that an organisation thinks of network assessment as the process of evaluating their IT infrastructure such as their networks, systems, applications and data storage for bottlenecks, weak points and/or validation if a planned upgrade will fit into its IT environment and deliver expected results.  These are indeed important components of a network assessment engagement as weaknesses in an organisation’s information technology environment can lead to disruptions in business operations which in turn may lead to financial losses and/or even potential loss of clients.

However, the other side of the coin is the examination of the current state of the organisation’s processes and procedures.  It is quite often that you find corporations or organisation with huge investments in technology but are not able to fully maximise its benefits.  How do people access and share data?  How are systems rolled-out, managed and updated?  Which areas are automated and/or done manually?  What are the business requirements as mandated by management?  This side of a network assessment engagement includes the examination of current documentation and involves interviews and discussions with key I.T. and management personnel.  The goal is to identify gaps and inconsistencies between business requirements; published documentation/procedures and actual practices.  This also opens the possibility of identifying potential areas for automation and/or improving efficiencies within existing procedures. 

The examination of both the technology side and the process side goes hand-in-hand.  Unless the assessment is specifically focused on a particular area wherein a pure technology evaluation or pure process evaluation might suffice, the recommendation is to conduct an assessment involving these two sides of the organisation’s information and communications technology framework.

PRIORITISING FINDINGS

Network assessment engagements often result in a number of findings which can sometimes be overwhelming to the organisation’s IT management.  The key is to prioritise these findings by accounting for their potential impact to the organisation’s operations, business and/or reputation.  It is a common knee jerk reaction to prioritise technology components first especially in cases wherein an approved budget is available.  Sometimes it is areas that the IT deparment has direct control of that is given priority.  However, the decision on which has more priority over the other should involve a discussion not only within the IT department but more importantly with key people involved in the business and management side of the organization.  This process also assists justifications for further funding (if needed) as the initiatives are prioritised in terms of relevance to management and aligned with the overall business requirements.

IN-HOUSE OR EXTERNAL CONSULTANT?

One common question is whether the network assessment can be done by someone within the organization or whether an external consultant is needed.  The former obviously offers cost advantages.  The tools of the trade and discussions on industry best practices to perform network assessments are certainly readily available.  However, an important factor to consider when conducting a network assessment using internal resources is the independence of the supposed internal assessor.  Often it is not simply a question of potential bias but an assessor coming from a particular IT group will likely overlook areas that he/she is used to handling on a daily basis.  This is a natural thing to expect as IT personnel will have their daily routine and components/systems that is already second nature to them.  This brings in the idea of the external independent consultant.

The main advantage of bringing in an external consultant is the fact that this consultant is not only an independent party but is also coming in with a fresh pair of eyes.  This means that the consultant is not influenced by any current practice that may be prevalent in the organization.  The consultant will also more likely look into each area in a more consistent and systematic manner.  It should be noted that there are consultants belonging to vendors and/or service providers.  While their expertise may not be in question, there is always the underlying potential conflict of interest as the primary goal of these businesses are to provide products and solutions.  Ideally, the consultant is also free from any particular technology or solution thus allowing him/her to focus primarily on the organisation's requirements.

WHAT DO YOU GET?

A network assessment engagement typically culminates in a report that details out the assessment process and methodology; list and details of key findings; highlight of underlying issues and problems; and outlines prioritised actionable recommendations on how to address current issues and handle planned business requirements. This report can then be used by the organisation in planning out short, medium and long term initiatives to address information technology issues and/or prepare their information system plans.  It also allows organisation (particularly management) to make decisions on whether certain initiatives are worth the risk and/or whether the investment cost is justified vis-a-vis return-on-investment (ROI) estimates.

The organisation must address the network remediation initiatives in a systematic and planned out manner with proper timelines and resources.  There should also be a clear owner of these initiatives, such as a project manager or even better, a key executive manager, e.g. CIO, CTO and/or IT Manager.  Adhoc projects done without proper coordination will likely fail and result in incomplete solutions and may even open up new weak points or issues that put the organisation and/or business at greater risk. Note too that depending on the chosen external consultant (if assessment is done with one), they may be in a position to guide the organisation in implementing the recommended remediation efforts.

Network assessment engagements assist the organisation by identifying where the network issues are and/or what is needed for its business to move forward.  These issues and requirements are prioritised and possible remediation efforts are identified.  The bottom line is that network assessment provides a clear starting point towards working forward to a more stable, secure, scalable and cost-effective business environment for the organisation.