Building out an enterprise network often involves including multiple networking hardware vendors as a way to leverage risk. According to a new study by Deloitte Consulting, Multivendor network architectures, TCO, and operational risk, having multiple vendors isn't necessarily a good thing and, in fact, could increase your overall risk.
Deloitte is advocating for single vendor networks to help reduce operational, configuration and management complexity. By reducing that complexity, the idea is that the network risk profile is reduced.
"Networks are a part of the critical business delivery chain for enterprises and need to be considered as a single functional system," Chris Weitz, director of Deloitte Consulting's U.S. technology practice told InternetNews.com. "You can't really look at networks from a component parts perspective; it's really an end-to-end strategic asset."
Deloitte considered a number of factors when comparing single vendor to multi-vendor networks. Those factors included cost, functionality and the business risk impact. From a cost perspective, Deloitte found that over a three to five year analysis period, there was no meaningful difference between having a single vendor and a multi-vendor network. While there are differences with the initial product cost, Weitz noted that there are operational and risk impacts that negate the initial difference over time.
"Functionally, single vendor networks are desirable as there is a direct correlation between vendor diversity and operational complexity," Weitz said.
Weitz added that operational complexity comes in the realms of configuration, testing, integration and interoperability as well the reliability of the network as a whole. Deloitte's study also found that the increased complexity of multi-vendor networks is in fact a business risk, which can be reduced in a single vendor environment.
"Eighty percent of the customers we talked too are trying to limit the amount of vendor diversity in their networks and stay with a single vendor over time," Weitz said. "They are willing to introduce multiple vendors when necessary, but they understand there are risks and costs."
From a security perspective, the operational benefits of having a single vendor are particularly strong. If you have one vendor and there is a security vulnerability, an enterprise is in a better position to understand the impact on other components. "We heard from customers that it's not true that if you have multiple vendor products, that a security hole would be limited just to the product that had the hole," Weitz said.
The reason is that the security hole could be used to breach other products, as well. The diagnostic complexity in a multi-vendor network is also more difficult, which could translate into more time to fix an issue. While Deloitte is advocating for end-to-end single vendor networks, the risk involved in multi-vendor deployments may diminish at the edge of a network in some cases.
"The rule of thumb is that the closer the impact is to the edge, the less likely the impact will be critical," Weitz said. "So an enterprise can more likely justify diversity of vendors at the edge."
That said, a full risk analysis should be done to see if it makes sense to have multiple vendors at the edge. Weitz warned that those enterprises that don't do the analysis are carrying unknown risk.
The idea of going with a single vendor network is not about standards or interoperability either. While standards are important, there are hundreds of configuration choices that need to be made across a network. While protocols might be standardized, configuration choices and menus across vendors are not. "The configuration choices are always what causes you problems," Weitz said. "There are hundreds of ways to hurt yourself."
The Deloitte study on single versus multi-vendor networks was commissioned by Cisco Systems, which has a strong end-to-end portfolio. That said, Weitz stressed that the study was independent and the findings hold true for single vendor networks whether they are from Cisco or a rival vendor.
"If you were 100 percent Juniper or 100 percent HP, the logic would be identical," Weitz said.