The infrastructure, hardware, software, data cabling, and services that make up your data network may be in a constant state of flux. This is especially true as the typical corporate network has now expanded beyond the on-site data centre and office computing equipment, to include branch offices, remote sites, remote workers, the cloud and mobile devices.
Keeping track of external communications, opportunities, and threats is hard enough, without knowing what's within your own data network. Which is one of the reasons why it's necessary to audit your data network, on a regular basis.
Why Do You Need a Data Network Audit?
At the simplest level, conducting a regular audit of your data network will keep you aware of what it actually consists of: servers, routers, data cabling, PCs, laptops, printers, etc.
If you haven't conducted an audit before, your preliminary assessment could reveal deficiencies in the composition and layout of your data network as a whole, defects in your equipment and data cabling, or even the presence of components that you weren't previously aware of.
In a similar manner, the results of subsequent audits may be used in comparison to what was discovered previously. This enables you to pinpoint areas where performance may have improved or deteriorated, any potential opportunities and problem areas, as well as the presence of any unauthorised additions to (or subtractions from) your expected inventory.
Beyond the equipment tally and numbers, an audit of your data network provides an opportunity to test and monitor performance levels – a crucial factor in an economy that depends on fast data transfers, real-time communications and secure storage. Network traffic bottlenecks, the efficiency of access and authentication techniques, access and execution times for applications and services, and other parameters may be revealed in this assessment.
Even if your industry isn't governed by a stringent set of regulatory compliance rules, there will no doubt be internal policies and rules imposed by your organisation. Regularly auditing your data network will help ensure that these compliance targets are continually being met.
Finally, with the threat of cyber-crime ever on the increase, regular audits of your data network conducted in conjunction with the latest cyber-threat intelligence and security techniques will help keep your organisation secure and resistant to potential attack.
What to Look For
An audit of your data network involves a mapping and assessment of your hardware, software, data cabling and connections. Audits may also be used to establish the location of your organisation's sensitive or mission-critical information and to determine how that information is being accessed or used. Network performance and security vulnerabilities should be audited, as well as any special requirements due the nature of your work, or conditions imposed by regulatory authorities.
To make the process more systematic, your audit may be broken down into categories, including:
- Network Infrastructure: If your data network was installed or serviced by a specialist consultant such as LG Networks, your contractor will have left you with a schedule of the work performed, which may be used as a reference point in addition to your own inventory. Network hardware, the configuration and condition of your data cabling, connection points, access and security devices should feature on the equipment side. Operating systems, databases, office and application software, plus your communications and security software should be audited on the non-physical side of things.
- External Devices: As Bring Your Own Device (BYOD) policies become increasingly common, there's a need to include smartphones, tablets and other mobile hardware into your audit regime. These devices form point extensions to your corporate data network. With the proliferation of access points for the members of your organisation comes an increased risk that these may present opportunities for malicious outsiders to try to infiltrate your network, so security is a big concern here. Problems with the performance of applications or services and the reduction of your available bandwidth may also result if the system is overloaded with requests from all the devices on your network.
- Bandwidth Allocations: With the visibility into the devices, applications and processes of your data network that an audit can provide, it's possible to identify a few things; network traffic bottlenecks, under-performing devices or applications, high and low consumers of bandwidth and ways in which bandwidth may be better distributed or allocated, to optimise network performance.
- Performance Issues: Your network audit should also seek to highlight potential and existing areas where performance is being hampered. This might range from problems with your hardware (deteriorating equipment, issues with connections and data cabling) to application or user-level issues.
- Safeguarding Your Information: Without knowing what devices and services make up your data network, it's impossible to determine who or what is enjoying access to your corporate data network – whether that be legitimately or as a malicious intruder. An audit will give you this visibility and empower you to take greater governance over matters of network access and user authentication, intrusion detection and security controls as well as the movement and storage of your sensitive data.
How to Carry Out Your Audit
Network professionals and testing/auditing consultants like LG Networks will each have their own preferred tools and methods of working (within the standards laid down by the industry). But there are some logical and necessary steps which should form a part of any audit of your data network, including:
- Planning: Knowing what you need to do beforehand is essential to making sure that you don't miss anything and that you're using the appropriate tools and techniques. This stage should also include setting a timetable for the audit and plotting its physical route across your data network.
- Assembling your tools: It's generally advisable to use dedicated network audit tools. These can provide information concerning your device inventory, routes for data cabling and connections, performance milestones, the best ways to configure equipment and processes and relevant reports.
- Performing the audit: The exact details of what you do here will depend on your individual circumstances and what the audit is required to achieve. Typical activities would include establishing the range of devices on the network and a a packet analysis to determine how information is flowing through critical junctures of the data network. Then you need an assessment of access, authentication, and validation protocols used across the network. Finally, you need to assess the security policies and their implementation as well as how sensitive data is handled, transmitted or stored.
- Compiling a report: To summarise the results of what has been observed and to provide a benchmark for comparison with the next scheduled audit, it's necessary to compile a comprehensive report on your findings. Some of this information may be provided by your network auditing tools, but a more business-oriented report should be prepared for presentation to relevant stakeholders and senior management.
- Making recommendations - On the basis of the audit results and the reports generated, it should now be possible to prepare a set of recommendations to address the performance and other issues observed during the audit of your data network. These might range from short- or medium-term fixes like refreshing your data cabling and replacing certain hardware, to longer-term solutions like a revised access management or security policy.
How Often Should You Carry Out a Data Audit?
Again, the frequency with which network audits are performed will depend on the circumstances of each organisation. A minimum of one audit per year is generally advised – but performing audits more often than this is actually recommended.
Certainly, an audit should be performed before and after any major structural changes to your data network. Furthermore, your audit timetable should allow for an assessment in response to any significant changes in the technology or techniques used in your industry, major shifts in market conditions or the imposition of new regulations and laws.
If in Doubt...
The process of auditing your data network (hardware, processes, data cabling and all) can be somewhat daunting – especially if your organisation is large or very widespread. It’s recommended that you call in a professional to make sure that you get it right.
If you require assistance in matters concerning your network infrastructure, data cabling, or an audit of your data network.