Think you know your network? There’s only one way to find out.
Devices today are smaller, their uses more advanced, and their accessibility greater. It doesn’t take much to connect to someone else’s network if you have the proper credentials, and there are thousands of internet-connected devices that exist beyond the realm of work-issued computers.
Because of this, it can be easy to lose track of what’s supposed to be on your system, versus what actually is on your system. Between hardware and software, those undocumented pieces of your network can build up, and cause big problems in security and compliance.
To counteract the confusion that these unknown machines and applications can cause, it’s a good idea to invest in network discovery and documentation, which will search your network for those pieces that you know exist, as well as those that you don’t.
If you’re new to network discovery and documentation, here’s why you should start.
Your management system can’t keep up
You probably have some form of documentation to keep track of the devices under your control. You might be using a simple Excel spreadsheet, or maybe management tools such as SCCM, to document your devices and software. However, there’s one glaring problem with this. SCCM and other management tools are meant to do exactly what their name implies: manage.
This would be fine, if shadow IT and human error didn’t exist. But as your network and the items connected to it continue to grow, you might find yourself in the dark—by accident or deliberately—about exactly what devices are on your network, how they all connect to one another, and what software they all have. Your management system or Excel spreadsheet will only have those devices that have been properly documented by your IT department, and may not be up to date.
Knowing your network is important
Rogue IT can take many forms. Maybe an employee plugs in a wireless router connected to your network, or a department downloads a personal copy of Microsoft Office to a work computer without consulting IT. Both could lead to security issues, as the router and the software may not meet the security standards you hold your company to. The software could also be a compliance issue, where improper licensing numbers or contracts come into play.
In either case, network discovery and documentation can reveal these problems so you can properly secure them and make sure your network is adhering to compliance standards.
Additionally, a network discovery and documentation tool can find out how these devices communicate. If your email server runs through a certain switch or router before reaching end-user devices, the discovery and documentation tool will take that into account.
This way, you can see which pieces of your network could cause your email to go down, or which pieces need to be better secured because they deal with sensitive information. In one instance, network discovery and documentation company JDisc found that a large multi-national corporation was lacking communication between two sets of their machines. This issue could block access to secure information, potentially a disaster for the company.
Preparing for network discovery
Network discovery and documentation often takes two to three weeks to complete, but can be as short as a day with the correct set up.
The best way to prepare is to get together your best picture of what you think your network looks like. This can give you a huge head start, since the remotely operated, agentless discovery tool will understand the basic shape of the network.
Beyond that, getting together all the proper permissions, admin credentials, and credentials for different versions of SNMPs that it might need to search your network can cut down massively on the time the discovery and documentation takes.
The program can run as a one-time check up, or it can be put in place to run continuously on your system. No matter which option you choose, the spaces between what you think your network looks like and what it actually looks like should be addressed.
Wherever the two don’t match up, there’s typically room for improvement, either in security practices or lines of communication between your employees and IT department. Figuring out what to change will depend on the outcome of the network discovery and your own business practices.
Find out what’s on your network
As networks get more complex and the ways to access them more numerous, it’s important to keep a close eye on what your network actually looks like, rather than what you think it looks like. Every missing component in your own documentation is a hole that can lead to serious security, compliance, or communication issues.
If you’re interested in network documentation and discovery, talk to your SHI account executive for more information.
Stuart Dicken contributed to this post.