More than 41% of DDI (DNS, DHCP and IP address management) teams lack sufficient influence over their companies’ cloud strategies, according to my research. This stat was published in my market research report, “DDI Directions: DNS, DHCP, and IP Address Management Strategies for the Multi-Cloud Era.” The report was based on a survey of 333 DDI-focused IT professionals.
Enterprise Management Associates (EMA) believes that this number may actually be higher. IT executives, cybersecurity teams and DevOps teams all perceived more cloud influence among DDI teams, but members of network engineering, network operations and cloud operations teams were more likely to say the DDI team lacks clout in the cloud.
DDI is an essential component of network architecture. It governs the addressing schemes that enable network communications both within and across networks. When DDI teams lack cloud influence, they report to EMA that their overall DDI strategy is less successful, both within the cloud and on-premises.
“We try to work with the cloud team. Five years ago, that wasn’t happening,” a DDI manager at a Fortune 500 consulting company told EMA. “There was a lot of risk. It’s easy to do things in the cloud without collaborating with network engineering and security, and it can create problems.”
This lack of cloud influence can lead to inefficient and unreliable cloud network architecture. It also increases security risk, especially risk associated with DNS services, which malicious actors are increasingly targeting in a variety of ways, from spoofing DNS records to hiding data exfiltration within DNS traffic.
DDI managers identified three primary routes toward establishing control in the cloud.
Centralized management via DDI integration. More than 41% of DDI teams find success by Integrating their enterprise DDI solutions with cloud environments for centralized management. This allows them to gain visibility and control over IP address space, DHCP services, and DNS services in the cloud. For instance, many DDI solutions can integrate their IPAM tools with third-party DNS services to establish overlay management that coordinates enterprise IP address space with cloud-based DNS services and establishes DNS policies and change controls. In fact, DDI managers told EMA that their top DNS requirement in the public cloud is enhanced security capabilities.
Tool and tool integrations that enable collaboration. Cloud teams often perceive DDI managers are part of legacy IT, and legacy IT only gets in the way of getting things done. DDI managers can counter that perception by integrating DDI solutions with the tools that cloud teams use. Nearly 35% of DDI managers pursue this option.
For instance, these integrations can establish self-service management of IP address space. Rather than open a ticket to request a new range of public IP addresses from the network engineering team, this process can be automated through tool integration. This automation will demonstrate to skeptical cloud teams that DDI teams can be an enabler of cloud transformation while establishing guardrails that ensure cloud networks are reliable and secure.
“We have shifted some [IPAM] processes to ensure we limit the number of overlapping subnets we have in Azure,” said a DDI architect at a Fortune 500 financial services company. “Our team works hard to ensure that subnets are allocated in IPAM before they exist in the cloud. It might take a day to the get the subnets you need in the cloud. I can see how that might be an issue for organizations that expect a faster response.”
Staff training. Nearly 34% of DDI teams pursue training to ensure they are relevant partners in the cloud. By earning certifications from the cloud team’s preferred cloud providers, DDI managers can demonstrate that they are familiar with the tools and the concepts that cloud teams use to build effective cloud solutions. Moreover, this training will enable DDI teams to perform integrations discussed above.
Most IT organizations are supporting multi-cloud environments today. This adds complexity everywhere, but it especially challenges DDI management. For instance, DDI managers who work in multi-cloud environments are more likely to report that their DNS security measures are inadequate. We also found that DDI managers struggle more often with DHCP resiliency and visibility into DCHP lease information when they are supporting multi-cloud architecture.
Overall data quality and governance in the DDI technology stack is a major challenge for multi-cloud organizations, our research found. For instance, they might struggle to maintain a comprehensive record of IP address space across clouds. They might also struggle to stream DNS queries and logs from all cloud services to security monitoring tools, which is a critical priority for cybersecurity teams today.
EMA recommends that every DDI manager make public cloud support and integrations a critical requirement for DDI solutions today. It’s especially an imperative for DDI teams that are trying to support multi-cloud architecture.
If you would like to learn more about my DDI strategy research, download the report (paywall) or check out my free on-demand webinar that highlighted the key findings.