What is your top driver for investing time or money into a full-stack DDI management solution?
For small- and medium-sized enterprises internationally, research suggests that the primary reason is network or IT automation.
DNS, DHCP, and IP address management (IPAM) provide the core services that enable network communications. DDI is often used as an acronym to describe the integration of these three core components of networking into one management platform. A mature DDI strategy is essential to taming complex enterprise networks.
Enterprise Management Associates (EMA) recently surveyed 451 IT professionals from small and medium enterprises (500 to 2,500 employees) across Europe, the Middle East, the Asia-Pacific region, and Latin America. This was preceded by a survey of 227 IT professionals from medium and large enterprises (more than 2,500 employees) across North America and the United Kingdom.
In these surveys, EMA explored what leads organizations to invest in mature DDI solutions.
This post will highlight EMA’s latest findings for small and medium international enterprises, including:
- The top drivers of time and resource investment in full-stack DDI management solutions
- Levels of DDI maturity among these enterprises (spoiler: they vary)
- Which factors prompt the move from do-it-yourself (DIY) to mature DDI approaches
- For prospective buyers, the top sought-after requirements of DDI solutions
No. 1 driver of DDI investment is automation
For small and medium international enterprises, the No. 1 driver of DDI investment for over half of respondents (51%) was network or IT automation initiatives.
As IT organizations automate infrastructure, DDI becomes an important source of truth for automation tools. These tools need IP address and DNS information to implement changes to the network. With DDI fully integrated into an automation pipeline, IT organizations can gain real efficiencies.
Commercial DDI solutions eliminate many manual tasks and free network engineers to devote more time to high-value work. These solutions also reduce risk by eliminating errors that can introduce security vulnerabilities or outages.
The most successful users of DDI technology were more likely to cite automation initiatives as a driver of DDI investment. And users of full-stack DDI management platforms were twice as likely as DIYers to cite automation as a driver.
Indeed, respondents to both EMA surveys pointed to how ill-suited a DIY approach is to supporting automation.
“We had too many things we were doing manually with our small staff. We were spending an hour a day just doing DNS entries,” a senior network engineer with a Fortune 500 retail company told EMA. “Now, we have ServiceNow integration. You can open a DNS ticket and it automatically generates a DNS request and a DNS update [in our DDI management platform]. We are trying to automate more mundane tasks in DDI so our engineering team can focus on more important things.”
Application modernization or cloud-native applications
Behind automation, 47% of international respondents cited application modernization or cloud-native applications as their top driver of DDI investment.
As organizations adopt cloud-native application platforms like Kubernetes, they are discovering that a modern approach to DDI is essential. It better supports collaboration between network teams and DevOps teams. And it supports modern applications that developers can iterate easily and scale rapidly.
Public cloud migration or transformation
Public cloud migration or transformation (such as cloud-first or multi-cloud) was the third driver of DDI investment for small and medium international enterprises, at 43%. A modern DDI solution allows organizations to achieve the flexibility and scalability of the cloud by unifying DDI management across on-premises and cloud networks.
Meanwhile, the priority of key drivers differs for large enterprises in North America and the UK. For 62% of them, public cloud migration or transformation was the top driver for investing time or money in DDI technology. A network or IT automation initiative fell second at 56%, and a security incident was the third-highest driver at 48%.
DDI maturity rates are even higher internationally
Even when driven to invest in DDI solutions, it turns out that enterprises can vary widely in their approach.
EMA’s research found three distinct stages of maturity among small and medium international enterprises:
- Nearly 70% of enterprises employ a full-stack DDI management platform (Stage 3)
- 26% of enterprises fall in the middle, using a commercial IPAM solution that integrates third-party DNS services into an overlay (Stage 2)
- 4.2% take a DIY approach to DDI, using spreadsheets or open-source software (Stage 1)
EMA found that DDI maturity is highest in Latin America and Europe and lower in the Middle East and Asia-Pacific region.
However, small and medium international enterprises are all a bit ahead of their large enterprise counterparts in North America and the UK. In those latter locales, only 65% have employed a full-stack DDI solution.
EMA asked international enterprises in Stage 1 and 2 to identify the DNS technologies used in their DIY or IPAM solutions. By far, DNS services offered by cloud and/or content delivery network providers (e.g., Cloudflare, AWS Route 53) were the most popular, cited by 71% of respondents.
DNS services or infrastructure offered by DDI specialists like BlueCat was secondarily popular, at nearly 48%. Free or bundled commercial solutions—namely, Microsoft DNS—followed next, at 38%. And open source or homegrown DNS solutions were least popular.
Further, the latter two were nearly twice as popular in Europe (43%) than in the Asia-Pacific region (22%).
Security fuels investments in DDI solutions over DIY
Many organizations now at Stage 3 likely started with a DIY approach. What was their reason for seeking to move up the maturity ladder?
In a word: security.
For small and medium international enterprises, the top reason they chose to move from DIY to a commercial DDI solution was to address security issues or concerns. This was the top reason for nearly half of all respondents (49%).
Commercial DDI can tighten security through role-based access control, reduce errors through automation, and improve auditing and reporting capabilities.
DNS as a vector for cyberattacks
DNS has real vulnerabilities and potential as a vector for cyberattacks. It was built to correctly and efficiently respond to queries, not question their intent.
A DNS attack is one in which a bad actor either tries to compromise a network’s DNS or takes advantage of its inherent attributes to conduct a broader attack. A well-orchestrated DNS attack can bring an organization to its knees.
Denial-of-service (DoS) attacks and distributed-denial-of-service (DDoS) attacks are what most people think of when they think of a DNS attack. Indeed, there were more than six million global DDoS attacks in the first half of 2022.
Other major types of DNS attacks include DNS hijacking, DNS tunneling, and DNS poisoning and cache poisoning.
Many commercial DDI vendors offer multiple tools for improving DNS security. For instance, nearly 69% of respondents have implemented a DDI vendor’s security solution, like a DNS firewall. The most successful users of DDI were much more likely to use a DNS security solution. Further, respondents in the Middle East were more likely to report using such protection than respondents in Europe or the Asia-Pacific region.
Additionally, 63% have implemented secure DNS protocols like DNSSEC, which encrypts DNS traffic and hardens DNS services against exploitation. Users of commercial DDI solutions were much more likely than DIY organizations to adopt these protocols. They were also more popular in the Middle East than in the Asia-Pacific region.
And 52% are monitoring and analyzing DNS activity. This is more common in Latin America than in Europe or the Middle East.
ITSM integration requirements and other reasons for making the leap
Right behind security, just under 49% of respondents cited integration requirements as what fueled their pursuit of a DDI solution over DIY.
In fact, 84% of respondents required their DDI solution to integrate with their IT operations or service management (ITSM) system, such as ServiceNow. EMA’s research found that this ITSM and DDI integration was primarily aimed at reducing security risk, addressing compliance requirements, and automating the processing of change tickets.
Furthermore, there were other top reasons for choosing to make the leap from DIY to a commercial DDI solution. These included operational efficiency and automation (47%), service problems caused by manual errors (40%), and cloud complexity (37%).
Security functionality: The top requirement in a DDI solution
Once enterprises decide to take the plunge on implementation, there is one requirement when evaluating potential solutions that stands above all the rest: security.
We’ve had our share of attacks, especially on our external services. We need rich functionality for distributed denial-of-service prevention and for self-repair.
Among small and medium international enterprises, 47% cited security functionality, such as DNS security protection or monitoring, as the most critical requirement for commercial DDI solutions. And for large enterprises in North America and the UK, 59% cited it as the most important requirement in a DDI solution.
The most critical requirement
In both surveys, it was, by far, the most critical requirement—at least 10 percentage points above any other.
Security functionality can include DNSSEC support as well as access controls to prevent unauthorized changes to DDI infrastructure. And it can include network security solutions such as DNS firewalls.
“We need resiliency overall, and resiliency when it comes to denial-of-service attacks,” a network engineer at a large aerospace and defense company told EMA. “We’ve had our share of attacks, especially on our external services. We need rich functionality for distributed denial-of-service prevention and for self-repair.”
Organizations that reported the most success with DDI were more likely to make security functionality a priority.
Other requirements: compliance, auditing, cloud, and resiliency
Other critical requirements for a solution for small and medium international enterprises included compliance, such as role-based access control or auditing, at 37%; cloud support for hybrid or multi-cloud architecture at 36%; and resiliency, such as high availability or failover, at 34%.
There was some variation in solution requirement priorities by international region. Cloud support was a major priority in the Asia-Pacific region but Latin American respondents said scalability was one of their top requirements.
What’s behind your investment in a DDI solution? Learn more about the benefits of integrated, full-stack DDI management and tips for succeeding in your DDI approach by downloading EMA’s report today.
Want to read more about the report covering North America and the UK? Learn how two-thirds of enterprises realize the benefits of full-stack DDI solutions. Or how cloud, automation, and security drive the pursuit of DDI solutions.
BlueCat acquires Men&Mice to boost its industry-leading DDI platform
With the acquisition, BlueCat’s enhanced portfolio will offer organizations of all sizes the tools to simplify and improve their network.
BlueCat hires Francisco Velasquez as Chief Financial Officer (CFO)
BlueCat will leverage his experience scaling businesses organically and through mergers and acquisitions as it embarks on its next phase of growth.
BlueCat accelerates IT network automation and orchestration with Integrity 9.5
Latest software version establishes a new API benchmark for DNS, DHCP, and IPAM (DDI) management to help network teams automate manual DDI tasks.
Manifest V3 doubts? Try a DNS-based solution
Learn how Google Manifest V3 changes may impact anti-tracking and ad blockers and how a DNS solution might be a better option for your enterprise network.