The most valuable resource in IT isn’t the technology itself. It’s time. Today’s technologies can meet any challenge, but the number of administrator hours available to plan, orchestrate, and manage resources is limited. Humans are the one part of the network that doesn’t scale.
Given the limits on administrator time, you’d think that it would be optimized for maximum efficiency and value. It’s ironic, then, to look at how the time of network administrators is actually used.
BlueCat and IDG recently polled hundreds of network administrators to get a sense of what they actually do with their days. Here’s what we found:
30% of administrator time is spent managing the Domain Name System (DNS). That is an astonishing statistic. With all of the complex challenges of modern networks, administrators are spending a third of their time doing back-end grunt work. Managing DNS is essential to be sure, but it usually doesn’t require a lot of creative thinking.
Only 26% of administrator time is spent on strategic initiatives. Ask any IT professional, and they’ll tell you that this is where they should be spending their time. SD-WAN, cloud, DevOps, virtualization – none of these projects happen on their own. If you’re spending more time on DNS tickets than strategic initiatives, something is clearly out of whack.
It gets worse.
If you're spending all that valuable administrator time managing DNS, you'd expect it to be one hell of a DNS. It would have to be if you're managing DNS instead of pursuing your most important strategic initiatives.
This better be Lamborghini-level DNS. Gucci DNS. The best DNS money can buy.
Survey says: Not so much!
66% of administrators struggle to support strategic business initiatives using decentralized, legacy DNS infrastructures. It turns out that most DNS admins are just treading water, not getting ahead of the game. They simply can’t keep up with the pace and the scale of demands produced by the cloud and other strategic business initiatives.
63% lack visibility and control over their DNS data. Decentralized DNS systems like Microsoft and BIND don’t make it easy to capture, monitor, and act on the massive amounts of data which flow through networks every day. Many admins struggle even to compile basic DNS logs, let alone identify malicious activity such as DNS tunneling, domain generation algorithms, and other exploits which operate freely on most networks.
33% can’t deliver real-time access to DNS resources. The agile, DevOps cycle of development teams can be brutal on the workload of back-end network support personnel. Constantly changing network topologies simply don’t scale when humans have to manage supporting configurations in the background. Network admins still can’t deliver these basic services fast enough.
How can we start valuing the scarce commodity of administrator time and stop frittering it away on tasks like DNS management?
Here are three practical suggestions:
Centralize: Only a “single point of truth” can provide reliable, real-time information to the network systems and end users that need it. Without a centralized system to gather and disseminate DDI data, network administrators are stuck consulting spreadsheets or sorting through a pile of sticky notes. Scalable DDI starts by putting all your infrastructure under one roof. Then you’re ready to reap the rewards of automation, gain visibility and control over your network, and start managing DDI at a strategic level.
Automate: All of those menial yet important DNS tasks which consume one-third of your network team’s time are ripe for automation. Assigning host records, managing IP addresses, configuring conditional forwarding rules, assigning DHCP leases – all of these things should be done without human involvement. With a centralized repository of DDI data in place, you can use automation tools to push data into the system and synchronize it with outside applications.
Leverage: Once you have DDI data sitting in a searchable log, you can spot anomalies, performance problems, and potential security vulnerabilities with ease. Then you can take action, implementing role-based privileges by granting (or denying) access to DNS resources. Suspect activity such as DNS tunneling and the use of domain generation algorithms can be blocked at the source. Insider threats can be quickly identified by the paths they use to search for sensitive information.
It’s time to realize the true value of administrator time. Only systems which centralize, automate, and leverage DNS infrastructure can deliver the functionality end-users require while freeing network administrators to do their real jobs.
So how does your DNS measure up?