Banta Corporation Uses NetMRI
"While we have a number of other tools we use for performance monitoring on the network, NetMRI is able to do more long-term analysis of issues than any other product we have."
—Derek Dolan, Network EngineerRead Case Study
Take the Next Step:
Network Analysis Tip: Automating the Compliance Auditing Process
Why Is This Important?
As I was thinking about this technical tip, my mind drifted back many years ago when it was routine to sit down every month and pay the bills. It was a tedious process that included opening the envelopes, reading the bills, checking everything was correct, writing checks, and balancing the checkbook. And every so often, one bill was lost and I spent hours on the phone with customer service trying to take care of the problem and not be hit with massive fees for late payments.
Today, with automation, online statements, direct deposits, online bill pay and scheduled reminders, I rarely do anything manually. I get extra time back in my day to do things I want to do and more importantly, there are less mistakes.
Switching to the network engineering departments everywhere, many teams are still caught up in tedious processes. Compliance auditing is likely the biggest culprit and time waste today and we've come to accept this as part of our every day job requirements. But as new requirements occur every year including PCI, HIPAA, SOX, ISO, ITIL or your own sector mandates, the amount of time and effort to prove success during an audit is skyrocketing for most organizations.
The Manual Solution
A good example is repeated requests for compliance information. Pick your favorite compliance mandate acronym and it will likely require compliance reporting for network audits that typically involves logging into dozens or hundreds of devices, copying/pasting information from the screen and creating a compliance status report. This can potentially have a huge impact on productivity as we perform this routine and repeating task.
Let's assume for purposes of this example that the following variables apply to your department:
- 150 network devices
- Logging into a device, showing the information on the screen, and copying/pasting data - 4 minutes per device
- Manually comparing and verifying the data against the standards - 5 minutes per device
- Compiling the report into a useable format - 2 hours
- Saving and emailing the document - 5 minutes
For every audit, this is approximately 24.5 hours just to verify the report—assuming there are no problems. At an average burdened cost of an engineer of $60 an hour, that's $1,480 per audit. Outside the cost, what has fallen off the plate for the 3+ man days lost during the audit process?
Now multiply the time and cost for each mandate and the number of audits (monthly, quarterly, annually) and the numbers grow exponentially.
The Automated Solution
NetMRI automates the compliance verification process. With its automated policy management system, NetMRI greatly reduces the time and effort to interact with the devices on your network.
Instead of wasting resources to manually prove compliance, NetMRI embeds best practices and compliance standards expertise including PCI, ISO, NSA and DISA. Users can simply select a built-in policy or quickly building their own through the wizard interface.
Not only does it provide reports for auditors with a click of the button or through a scheduled report, NetMRI also proactively monitors and notifies you anytime a device violates a policy you are monitoring.
Instead of the hours or days it takes to verify each and every audit, NetMRI greatly reduces manual time and effort. Using the same example of 150 network devices but this time, leveraging NetMRI:
- Define policies for entire network - 1-4 hours (based on complexity) - one time
- Monitoring policies proactively - 0 minutes (automated)
- Compiling and comparing data - 0 minutes (automated)
- Compiling report into useable format - 0 minutes (automated)
- Scheduling automated report - 5 minutes - one time
You can quickly see how automating the monitoring and reporting of standards can greatly reduce the manual time and effort associated with proving compliance to your auditor. Think of it as a form of "direct debit" for your network infrastructure.