Human Error Causes Outages

WALTHAM, Mass. -- Fifty percent of North American enterprise networks experienced unauthorized configuration changes to their switches, routers or firewalls within the last year, and one-third of network outages are caused by human error according to a recent survey conducted by Yankee Group, an industry analyst firm. Yankee Group analysts surveyed 229 enterprise and government network decision-makers with greater than 50 network devices in August 2002 to determine the primary cause of network outages. Network operators reported in the survey that 35% of their network outages were caused by their telecommunications carrier or Internet Service Provider. A close second at 31% was human error, primarily from a lack of network configuration control of their networks’ routers, switches and firewalls. Other causes included: power failure (14%), hardware failure (12%) and unresolved problems (8%). “Network operators at Fortune 1000 companies and federal government agencies can have a major impact on network uptime if they focus on reducing the one thing they have the most control over: human error. This survey shows that network outages could be reduced by up to 30 percent by implementing a few, simple best practice rules to reduce the amount of human error that can unintentionally bring a network to its knees due to network configuration control issues.” said Zeus Kerravala, vice president, Yankee Group. Network Configuration Control Best Practices: Network managers can substantially increase their network configuration control and dramatically reduce network outages due to human error by implementing the following six best practices: 1. Centralize the authentication of network operators and limit shared password usage (shared password usage undermines assessing operator accountability for network outages and security holes caused by human error).2. Institute authorization system for network devices that restricts operator actions on particular areas of the network depending on their job function.3. Institute procedure and process to control network device configuration changes, with mechanism to enforce procedures.4. Establish a method of detecting any configuration changes to particularly sensitive network devices in real time.5. If using a maintenance window for changes, institute an automated way to detect configuration changes that occur outside that maintenance window.6. Maintain up-to-the-minute archive and audit trail of network device configuration changes and operator actions, for trouble diagnosis and rapid restoration.Yankee Group