Research: LAN Sprawl Leaves Network Controls At Risk

92 percent of respondents see an increase in the need to manage users with multiple profiles/IDs to support cross-functional needs of their organization.

66 percent say the proliferation of devices and applications make it harder to audit the networks.

Two-thirds of IT decision makers polled believe that decisions to innovate business processes are often made without considering the impact to the network.

IT decision makers cited several areas where they needed to improve the level of control as a result of these dynamics in their network environments. The majority of respondents highlighted the need for improved control over security (72 percent), access to specific areas/job functions (68 percent), access to specific applications (65 percent), general user access (64 percent), and ad-hoc network access (63 percent).

The Yankee Group report warns that IT is challenged to maintain control over access to critical assets in response to LAN sprawl. To reap the business benefits of open LAN environments, the report concludes, the network infrastructure must evolve to provide greater visibility and control.

When asked how IT managers could improve network control, Yankee Group's senior vice president Zeus Kerravala said, "As the mix of users, applications, and devices continues to diversify and grow, corporate assets are at increased risk, so the onus is on IT to build more sophisticated networks that provide context about what is connecting to the network. This context-awareness must also include understanding the relationships among users, applications, and devices and the impact that environmental factors such as location and time of day can have on these interactions. Without this level of visibility, IT will not have the means for controlling the LAN sprawl so prevalent in companies today."

Multi-Dimensional Growth Leads to LAN Sprawl The LAN Sprawl survey asked respondents to consider how their LAN had grown over the last two years and about anticipated growth in the coming two years. A key finding is that LANs have grown at fairly consistent rates across a wide range of axes and are expected to maintain this multi-dimensional growth over the next two years, as shown in the attached graphic and on the resource page.

Support for the virtualized workforce—the dynamic mix of permanent employees and ad-hoc workers including contractors, partners, suppliers and customers—is among the biggest causes of this widespread growth. In addition, the Loudhouse research found that LAN sprawl results from compounding effects, such as increased roles per user, rather than simply linear growth in user or application count.

"With an increasingly mobile workforce consisting of reporters and freelance writers from all across the country, the need for visibility and control over their access to the corporate network has become a business-critical issue for us," said Vikas Khorana, IT Director at the Stevens Media Group. "ConSentry has enabled us to keep pace with this growth by providing us the deeper-level traffic intelligence and awareness down to the identity, application, and device. As a result, we are able to operate more efficiently and securely while tapping into the benefits of a dynamic workforce."

Dynamic Work Environments Biggest Drivers of Change When considering the drivers for change to user access on their LANs, the answers from IT decision makers reflect the strategic need for enabling dynamic work environments, especially in the US. Among the top drivers cited by US respondents are to support cross-functional internal groups (62 percent), work with outsourced suppliers or customers (56 percent), enable auditors or short-term contractors to access the LAN (53 percent), and support cross-functional groups spanning internal and external users (48 percent).

Context Is Required to Control LAN Sprawl Faced with an increasingly dynamic environment, virtualized organizations, and limited financial resources, IT departments need to find a new approach to address LAN sprawl. ConSentry commissioned the Yankee Group report to examine this issue. The study concludes that to align business networks with business processes and maintain full visibility and control, the role of the network must evolve from that of a passive infrastructure to one of being the underlying orchestrator of services and the central point for providing policy enforcement.

To be the orchestrator, the network must have context—stateful knowledge of each flow including the end user's identity, organizational roles, devices, applications at Layer 7, and other environmental factors such as location and time of day. Only a network that is context-aware can control traffic and provide services based on higher level business rules efficiently to capitalize on the productivity potential of the virtualized workforce.

"A decade ago, everything that touched a corporate network was known and owned by that enterprise, but today's picture is very different," continues Kerravala. "Today companies are seeking to gain competitive advantage by bringing their entire supply-and-demand chains into the network and building dynamic alliances involving not only internal users, but external users, applications, and devices. IT needs an automatic, flexible way to identify users and give them the access they need to participate in the competitive game plan of the parent company. That means context awareness has to extend across the entire LAN, even as its boundaries continually expand and change."

For More Information Click here for the following additional resources:

LAN Sprawl Research: executive summary, survey data, final report

Yankee Group Report: The Era of the Virtualized Employee

LAN Sprawl Slide Show

Video Interview with Zeus Kerravala, Yankee Group's senior vice president

ConSentry's blog: En Garde: ConSentry Networks on the new LANscape

About ConSentry Networks ConSentry is the leader in context-driven switching, a new class of switches that marries business policy with L7 visibility of users, applications, and devices to make forwarding decisions on the LAN. ConSentry's LANShield switches and controllers provide an integrated and programmable architecture for managing access to corporate assets across the LAN today and in the future. This fuels the virtualized organization by protecting assets, simplifying operations and improving productivity. More than 250 enterprises worldwide rely on ConSentry solutions for unprecedented visibility and granular, flow-based control of network access, at LAN speeds.