Chapter 2 The Business Value of Cisco DNA

The network empowers digital transformation. After all, it is the network that tightly and pervasively connects users with business applications, enabling new experiences or streamlining operations, all while being actively protected from a constantly changing threat landscape. However, due to rapidly evolving business needs and trends, a traditional approach to networking cannot provide such benefits, and thus a new approach is needed. This new approach is referred to in the industry as intent-based networking (IBN). Cisco Digital Network Architecture is an expression of intent-based networking for the enterprise route/switch/wireless network.

This chapter discusses the business value of Cisco DNA, including

The business requirements of the network
Intent-based networking
Business-value propositions of Cisco DNA

Business Requirements of the Network Architecture

As discussed in Chapter 1, “Why Transform Your Business Digitally?,” organizations across the world are engaged in digital transformations in order to gain or maintain competitive advantage. Since the network serves as a central interconnect between all elements of digital transformation, including users, applications, devices, and the Internet of Things (IoT), it offers the greatest platform toward digital transformation initiatives.

However, traditionally, the network also has been one of the biggest barriers to business evolution, being monolithic and disconnected from evolving business, user, and application requirements. Thus, to serve as an effective platform for digital transformation, the network must be secure, agile, flexible, intelligent, and simple to operate. These combined and evolving requirements necessitate a new intent-based, architectural approach to networking, one that offers considerable business value to the enterprise—this approach is discussed in this chapter.

The business requirements of a network as a platform to drive digital transformation are many, but can be organized into a few key areas, primarily including

Cost reduction
Risk mitigation
Actionable insights
Business agility

Each of these business requirements will be discussed in additional detail in the following sections.

Cost Reduction

According to a 2016 study by McKinsey, companies spend over $60B in network operations and labor. This is hardly surprising when considering that most enterprises have thousands of users, thousands of applications, and often tens of thousands of network-enabled devices. Furthermore, IP traffic is projected to more than double from 2016 to 2020 (per the Cisco Visual Networking Index forecasts); additionally, 20 billion more IoT devices are expected to come online within the same timeframe (per industry consensus). Managing all of these manually is becoming increasingly untenable for IT departments, a challenge that is exacerbated by the myriad of inconsistent and incompatible hardware and software systems and devices in the enterprise. Companies that can get a handle on these skyrocketing operational costs stand to gain considerable profitability and advantage.

More than operational costs can be reduced. For example, capital expenditures can also be economized by network infrastructures that are elastic, flexible, and agile. Such gains are realized when scalability is flexible and easily achieved, with seamless ability to make moves, adds, and changes as specific network demands shift. The network needs to operate at a capacity that comfortably supports its application environment, but also be agile enough to elastically align to changing needs, without needing expensive hardware installations to keep up with shifting demand. Networking hardware likewise needs to be flexible and adaptable, keeping up with the evolution of networking protocols, services, and policies as they continue to be defined, developed, and deployed.

Risk Mitigation

Emerging digital demands raise new security challenges that are best addressed through the network. Malicious actors that breach enterprise networks not only gain access to sensitive organizational and customer data but can also take down mission-critical systems and applications. In the past, security tools were often deployed and managed disparately from the underlying network infrastructure. For some organizations, this disparate management has led to gaps and misalignment between networking technologies and security coverage.

In addition, legacy network security solutions treated the enterprise network as an insular entity—assuming that as long as the network was sealed off from the outside, it was protected. This made sense in previous eras. However, with the proliferation of public cloud–hosted applications, Bring Your Own Device (BYOD), and mobile workers, threat vectors find pathways to the network from both the inside and the outside; it is therefore imperative for network security to take a 360-degree approach.

Given these factors, network security solutions need to be tightly intertwined with the network infrastructure in order to protect against today’s internal and external threat vectors. Organizations that fail to do so sometimes make news headlines, as was the case with Target Corporation in 2013 when a data breach affected the personal data of over 70 million customers; similarly in 2017, Equifax suffered a breach that affected the personal data of 143 million customers. Such breaches can cause the loss of customers, and corresponding revenues, for years after the fact.

Additionally, an increasing number of organizations must conform with regulatory compliance demands, with harsh fines and penalties imposed when these are not met (as well as extensive productivity impacts incurred during any required remediation processes). Such organizations benefit greatly by having an automated and systematic approach to enforcing compliance through their architecture.

Actionable Insights

Typical enterprises are overloaded with data; however, in contrast, actionable insights are relatively rare. In this context, actionable insights refer to data-driven findings that can create real business value. Such insights are key catalysts to achieving digital business transformation.

For example, improving customer experience was discussed in the previous chapter. To provide effective new experiences for customers, it is vital to know the following:

Who is buying your product or service?
Where are they buying it?
When are they buying it?
Why are they buying it?
What do they like about it?
What don’t they like about it?
Is your product or service meeting their needs?
Are there customer needs that your product or service doesn’t meet?

Similarly, delivering beneficial new employee experiences depends on knowing the following:

Are your employees able to achieve their work goals?
What applications are your employees using to meet their goals?
Where are they using these applications?
Are these applications meeting their needs?
Are there any needs that are not being met?
What do they like about these applications?
What don’t they like about these applications?
How well are these applications performing?
How much does it cost to run these applications?

Such questions can also be posed for operational procedures, security threat analysis, compliance requirements, etc.

The point is that when companies have data points to answer these questions, rather than relying on opinions, anecdotes, or any other imperfect and/or biased form of information, they are much better poised to make the right decisions to meet their specific transformational objectives.

Furthermore, it is often the correlation of different data points that reveals key insights. For example, in recent years, market analysis done by cinema companies identified an underserved niche market: parents of young children, looking for a relaxing night out, but also desiring a shared experience. This insight has led to several cinema operators now offering child-free showings, alcohol, and theatres equipped with loveseats (i.e., paired seating). Such theatres are enjoying considerably higher revenues and profits than their less-tailored peers.

As another example, a few years ago Cisco IT began noticing significant amounts of traffic from an unknown application that was sourced from within their campus (i.e., not from within their data centers, where most internal applications are hosted). Further investigation revealed that the application in question was an internal video-sharing service (similar to YouTube), hosted by employees, and exclusively for employees. The information being shared helped to accelerate research and development, yet could not be posted to YouTube, as the material in question was proprietary and confidential. These insights led to the development of a Cisco IT–sponsored and maintained video-sharing service for employees, resulting in improved and secure information exchange.

Business Agility

Insights alone are not enough to capture new opportunities or to respond to threats—these must be coupled with the ability to take action. For example, application analytics may reveal a new security threat, but this insight needs to be acted on in order to serve any business value, such as quarantining infected hosts, dynamically adjusting firewall policies, rerouting flows for additional inspection, etc.

Business agility can span several layers. At the infrastructure layer it can include self-defending and self-healing networks. At the application layer it can include applications that can interact with the network in new ways, such as by dynamically requesting devices, services, and policies to be deployed on demand. At the operator layer, it can further include the reallocation of IT resources away from mundane operational tasks and toward the development of innovative and transformational projects. At the business and organizational layer, it can likewise include the morphing of entire business models and operations to deliver new products and services so as to capture new market opportunities.

At any dimension, however, delivering business agility requires an architecture that is flexible, extensible, and interoperable.

Intent-Based Networking

In 2017 a new buzz acronym was added to an already overcrowded IT lexicon that previously included SDN (software-defined networking), XaaS (Anything as a Service), AI/ML (artificial intelligence/machine learning), and 5G (5th-generation wireless systems); specifically IBN (intent-based networking).

While definitions of IBN vary (even as do definitions of SDN and other similar industry terms), some common elements are well agreed-on, including:

Translation
Validation
Automation
Analytics
Assurance
Remediation
Learning

Let’s briefly examine how these elements work together to form an intent-based networking system.

As the name implies, an intent-based network system begins with the expression of business intent by an operator. Examples of such expressions include

“This group of users can access these services.”
“This application matters to my business.”
“Infected client devices should be quarantined.”

Note

These expressions of intent are declarative, meaning that the objective is expressed (i.e., what you want to happen), but the underlying details of execution are not (i.e., how is it to happen). To illustrate, you might express your intent to a taxi driver by declaring, “Take me to the airport,” but you may leave the specific details of the route up to him.

While operators speak the language of business, network devices do not. As such, expressions of business intent need to be translated into validated network device configurations.

Additionally, as business intent needs to be expressed across the network, the configurations of dozens, hundreds, or even thousands of network devices may need to be updated in order to deliver on the newly expressed intent. Therefore, to scale, expedite, and minimize errors, these configuration deployments need to be automated. Automation thus allows a network operator to treat thousands of network devices as a single software-enabled, programmable entity.

However, it is not enough to simply configure network devices and hope for the best, but rather, network telemetry must be ingested so as to determine the current state of the network. This network state must be analyzed in context of the expressed intent. Thus the system provides assurance via quantitative metrics that the intent was delivered OR triggers a remediation action in the event that it was not. Remediation may be guided, but ultimately it is the goal of IBN that this is completely automated—to achieve the vision of a “self-healing network.”

Furthermore, the IBN system should be continually self-learning, so that it recognizes

What is normal versus abnormal
What are the most common root causes of issues
What are the most effective remedial actions for a given issue

In this manner, the IBN system becomes not only smarter, but also more reliable, available, and adaptable to ever-evolving business requirements.

Cisco DNA is an IBN system for enterprise route/switch/wireless networks. Before examining the technical details of this architecture, let’s first consider some of the business value propositions that it offers.

Business Value of Cisco Digital Network Architecture

To meet the business requirements of digital transformation, Cisco has reimagined the network architecture from the ground up, by:

Custom-engineering programmable and flexible hardware application-specific integrated circuits (ASICs) that deliver the networking protocols, services, and policies—not only of today but also of tomorrow—at multigigabit speeds
Rebuilding its operating systems with rich, model-driven, programmable application programming interfaces (APIs)
Embedding network-wide security—across routing, switching, wireless, and the cloud—to help IT continuously detect and contain threats
Automating network operations to enable IT to provision, orchestrate, adapt, and manage with simplicity at scale
Providing network-wide deep visibility into user, application, and device information exposed through open APIs, which is centrally analyzed and correlated to reveal actionable insights
Integrating with cloud services to provide IT on-demand scalability, flexibility, and faster time-to-value of anything as a service (XaaS), for public cloud, hybrid cloud (that is, public and private cloud), and multi-cloud environments

Before delving into the technology specifics, let’s take a closer look at specific business benefits of Cisco DNA.

Reducing Costs Through Automation, Virtualization, and Programmable Hardware

The automation of provisioning and configuration tasks—previously done manually—saves tremendous amounts of time and money.

Consider the following examples:

Day-zero automation has been shown to lower network deployment costs by as much as 79 percent.
Automating the deployment of quality of service (QoS) across the enterprise has been shown to save customers between $200,000 and $1M, as well as three to six months’ worth of time, per deployment.
Customers have reported multimillion-dollar savings of WAN operational costs by deploying Cisco SD-WAN solutions, and the deployment of such solutions is 85 percent faster when automated.
Studies have shown over 200 percent reduction in configuration times and over 50 percent reduction in troubleshooting times (due to fewer configuration mistakes) in IT departments that are automated versus manual (wherein the latter case, 70 percent of network violations and 35 percent of network downtime were attributable to human error).

Network virtualization also yields significant cost savings, which include the following:

Virtualized platforms make more efficient utilization of hardware resources; for example, a single hardware device can function as a router, a firewall, a wireless LAN controller, and a container for third-party applications.
Virtualized systems require less space, less power, and less maintenance than their physical counterparts.
Virtualized systems can be deployed without a truck roll and can be updated, managed, and maintained centrally, reducing the need to dispatch technicians to remote locations for such operations.

Considerable capital-expenditure savings can also be realized by investing in hardware platforms built on flexible and programmable ASICs, as these have nearly double the average lifespan of their fixed ASIC counterparts.

Mitigating Risks with Integrated Security and Compliance

Next-generation network security is built upon the concept of “foundational security,” meaning that security tools and functionalities are tightly integrated with every piece of the network infrastructure, evolving in lockstep with the network and arming the network to protect itself holistically in a digital era where the threat landscape is more dynamic.

Analytics capabilities allow security tools to establish baselines for a normal security environment and provide automated alerting and, in some cases, remediation when the network security environment shows an anomaly. This use of the network as a security sensor can reduce mean time to repair (MTTR), preventing disruption to the business.

Furthermore, pervasive and embedded security within Cisco DNA detects and deters over 99 percent of network breaches—by using the network as both a sensor and an enforcer.

Revealing Actionable Insights Through Analytics

As previously noted, manual provisioning and configuration tasks can be automated to save network administration tremendous amounts of time. These time savings are further enhanced by data-driven remediation.

Building on this, evolving capabilities in network analytics and machine learning enable increasingly automated remediation, setting the stage for greater levels of self-healing. Network analytics go beyond fixing problems with network performance—they also show great potential in detecting security anomalies and identifying customer behavior patterns that can drive customer experience initiatives.

For example, Intercontinental Hotel Group (IHG), which is the largest hotelier in the world, with 5200 properties in 100 countries, partnered with Cisco to build a new enterprise architecture to implement guest entertainment, engagement, and personalized marketing, based on the insights from precise metrics gathering. With this granular data integrated into loyalty programs and customer relationship management (CRM) systems, IHG is able to continuously personalize the guest experience—even anticipating guest needs—and thus continue to build satisfaction. This has resulted in double-digit growth in guest satisfaction for IHG, which is correspondingly being reflected in its revenue.

Accelerating Business Agility Through Open APIs

As previously noted, there are many dimensions of business agility, yet Cisco DNA can serve to innovate faster and drive transformation at any of these levels, including the following:

Infrastructure level: Cisco DNA detects and contains threats up to 1000 times faster than the industry average by enabling threat-detection systems to deploy remediation and/or quarantining policies to the infrastructure in real time.
Application level: Cisco DNA delivers applications up to 17 percent faster and drives better user experiences with analytics feedback. Additionally, Cisco DNA supports application policy integration with the infrastructure, such that applications can request services from the network in real time.
Operator level: Cisco DNA increases IT time allocations to innovative projects by up to 600 percent, by saving time from network operations and troubleshooting; additionally, recent studies estimate networking staff teams to be 28 percent more efficient with Cisco DNA
Operations level: Cisco DNA integrates with non-network systems via open APIs, including as lighting, heating ventilation and air-conditioning (HVAC), power, and other IoT systems, resulting in increased efficiency, improved experiences, and new possibilities. For example, the University of British Columbia leveraged mobile-user location analytics information from its 58,000 students, so as to determine which rooms students were in (and likewise which rooms were empty), and integrated these analytics with the university’s HVAC systems so that the right rooms could be heated/cooled at the right time (rather than just every room all the time), resulting in 33 percent lower gas emissions and 5 percent energy savings ($200–400K per year).
Business and organizational level: Cisco DNA enables business-level transformation, such that businesses can identify and capitalize on new opportunities, markets, and business models. For example, Quantium, an Australian data analytics firm, had the epiphany that location analytics data from mobile devices could be used not only to provide customer insights, but also to provide organizational behavior insights. For instance, volunteers (and it really needs to be stressed that all participants in this organizational behavior exercise were volunteers) offered to be tracked throughout their workday, so as to provide their leaders with organizational insights such as
- Where are employees working?
- How long are they in meetings?
- How much time do employees get to spend with their managers?
- Do employees work in teams or in silos?
- Which teams work well together? Which don’t?

Such insights were so valuable to Quantium internally that its quickly productized its methodology, becoming the first mover in a whole new market space.

Adding It All Up

In 2017, Cisco worked with International Data Corporation (IDC) to develop a five-state Digital Network Readiness Model, as shown in Figure 2-1.

A figure shows the five-state Digital Network Readiness model of Cisco. — **Figure 2-1** *Cisco Digital Network Readiness Model (Source: www.cisco.com/go/dnaadvisor*)

The column header labeled "Stage" reads best effort (1), manual (2), semi-automated (3), automated (4), and self-driving (5). The row header labeled "Network area" reads, architecture, automation, security, service assurance, and analytics. Each row shows a rightward arrow that points from the first column to the fifth column. Row 1 reads, hardware and device centric; and open, extensible, software delivered, and cloud enabled. Row 2 reads, fragmented, manual management; and policy driven, automated, self-optimizing. Row 3 reads, perimeter-focused security; and rapid networkwide threat detection and containment. Row 4 reads, patchy quality of service (QoS); and closed-loop automated service assurance. Row 5 reads, device-specific event capture; and integrated IT, business, and security data analysis and reporting. Note: The rightward arrow indicates the network area moved from best effort state to self-driving state.

Additionally, IDC found that moving from one state of network readiness to the next results in reduced network infrastructure costs of $24,200 to $38,300 per 100 users per year, and that—on average—interviewed organizations were achieving benefits of $188,000 to $750,000 per 100 users per year by advancing their digital network readiness.¹ Some of these benefits are illustrated in Figure 2-2.

1 “Why a Digital-Ready Network Makes Business Sense,” IDC White Paper, sponsored by Cisco, January 2017.

A Stacked bar graph depicts the percent Average Annual Benefit of Digital Network Readiness Model for an organization. — **Figure 2-2** *Digital Network Readiness Model (Source: www.cisco.com/go/dnaadvisor*)

The horizontal axis is with markings Revenue Growth and Reduced costs. The revenue growth is depicted as total of $12.3M. The percentages of the benefits listed 43% - Faster Time to Market, 32%- Security and Risk Mitigation, 21% - New Customers, and 4% - Enablement of New Services and Applications. Reduced Costs is depicted as $3.8M. The percentage of benefits listed are 3% - Infrastructure, 12% - IT staff, 41% - Security and Risk Mitigation (Lost Productivity), and 44% - Improved Business Processes.

Summary

This chapter discussed the business value of Cisco Digital Network Architecture. The key business requirements of the network architecture as a platform for digital transformation were set out from the start, including: cost reduction, risk mitigation, actionable insights, and business agility. This discussion was continued by sharing data points from various analyst reports and customer case studies that illustrated both achieved and projected business values for each of these requirements.

Chapter 2

The Business Value of Cisco DNA