Examining the Effectiveness of Digital Twins in Network Modeling

Read the Pathfinder Report

A 451 Research custom survey examined the prevalence and effectiveness
of shared data models and “digital twins” in network modeling from
the perspectives of cloud operations, network operations and security
operations roles, examining how these approaches to data sharing
impacted each role and also the interaction between the job functions.
The survey base comprised 150 respondents at large (10,000+ employees)
US-based companies in various industries. In addition to illustrating the
effectiveness of digital twins where they are used in network modeling,
the survey responses also served to indicate the relative digital maturity
of these companies and of each job function, showing where there is
potential room for improvement in operational efficiency.

Key Findings

  • SecOps leads NetOps, with CloudOps trailing both of those roles in the application of a single or partial shared data model or digital twin for network-related operations.
  • Most survey respondents regard their companies as more digitally mature than their peers, yet problem resolution times of under four hours are reported by only 25% of respondents.
  • The fact that the majority of respondents cite resolution response times of more than four hours indicates that they are not using real-time data models/digital twins.

Unlock the Full Case Study and Exclusive Benefits!

Share your email to receive the complete case study and enjoy exclusive perks. Gain valuable insights, actionable strategies, and stay ahead with insider updates delivered to your inbox. Sign up now and elevate your success!

Approaches to Shared Data Models and Digital Twins

In the context of networking, shared data models or “digital twins” are an accurate software representation of all aspects of the network and its traffic, ideally updated in real-time. Such data models also incorporate the ability to interrogate the digital twin for problem resolution or to explore the impact of changes on the relevant model before they are made in the live network environment. The digital twin functions as “the single source of truth” for the network, with relevant views of it accessible by different job roles.

A typical network comprises a large number of hardware components — often sourced from multiple suppliers — and has a complex, constantly changing data stream flowing through it. Understanding what the network physically consists of and what is, or will be, happening on it is essential information for ensuring efficient and secure operations. Different aspects of this information are relevant to NetOps, SecOps and CloudOps, and each of these groups may have evolved their own tool set and data feeds to meet their needs. Different role-specific tools may not provide an equivalent level of detail or timeliness regarding the state of a system, which can hinder troubleshooting and problem resolution.

The survey first asked respondents about the perceived digital maturity of their companies relative to their peers. The following question was posed to the entire survey base of 150 individuals: “Digital maturity describes an organization’s ability to engage digitally with stakeholders (business, IT, OT and front line). Overall, how would you rate your organization’s digital maturity relative to its industry peers?” Nearly half of respondents (49%) thought their company was substantially more digitally mature than their peers, while 40% said they were somewhat more mature. The fact that a significant majority of 89% view their organizations as being ahead of peers could be an indication of complacency or of the sentiment that current approaches to network operations are essentially as good as they can be within large companies.
The survey then asked how data is shared operationally, in order to gauge the prevalence of digital twins/shared data models — with responses ranging from “We have a single shared data model/digital twin, with groups having direct access relevant to their job roles” to “We have completely separate systems and processes for each group.”

Figure 1 illustrates the variety of perspectives across different job roles and focus areas within an organization. SecOps has the most full or partial shared models, while NetOps ranks second and CloudOps has the least advanced sharing among the three roles. The survey then goes on to explore those differences in shared data models/digital approaches for respondents by job role. 

The Take

The vast majority of those surveyed consider their company more digitally mature than peer organizations, yet not everyone is using a shared data model/digital twin, and those that do are not generally achieving resolution of problems in under four hours. This should not come as a great surprise because even though a large number of survey respondents have shared or partially shared data models and access to network information pertinent to their role, many of the systems in use are likely to have evolved from more basic logging and event recording systems, rather than ones specifically built to ingest and present live system-wide data. The goal should be a single real-time and accessible description of a constantly changing network and its traffic.

Problem Resolution Times

The speed with which issues can be resolved is a good indicator of the effectiveness of any form of shared system or model. An accurate and integrated real-time system should provide faster resolution times than a set of slower, siloed systems. Here it is instructive to look at the survey responses regarding the types of shared or disjointed systems in use for each of the three main operational roles. Each is classified by response time in solving problems to identify similarities or differences.

Role: Cloud Operations

In this section, we look at the respondents who identify as being part of CloudOps teams, which represent 27% of the total respondent base. In Figure 2, we see a wide spread of response resolution times (in hours). A small spike exists in four-hour resolution times for those with a partially shared data model. Those with a one-hour response time include organizations with separate systems for each group, which is the least digitally mature category. Overall, 37.5% of respondents are in the four-hour turnaround group, equaled by 37.5% in the 24 hours or longer (including up to a week) response-time group. The remaining 25% are in the group with an hour or under — the most efficient response times.
This wide range of response times, combined with a lower number of shared data approaches for CloudOps, as seen in Figure 1, indicates a low maturity level in terms of network-related operations for this job role.
Cloud operations are an application layer reliant on network and security functions, and they are the newest of the three areas of work included in the survey. Given this placement, CloudOps teams are better positioned to engage with, or ask for, new tooling closer to a complete digital twin.

Role: Network Operations

Here we examine the respondents who identify as NetOps professionals, representing 33% of the total survey base. As with CloudOps, the NetOps cohort has a spread of response times, with the majority clustered around a four-hour time for resolution of issues. Among those respondents in the four-hour time frame, a majority cite having the more advanced shared data model/digital twin to work with, and this large group does not include any respondents with completely separate systems.
For the NetOps group overall, 53% of respondents sit in the four-hour turnaround tier, with 28% sitting at one hour or less. The remaining 19% have turnarounds of a day or longer, up to a week. NetOps places in between SecOps and CloudOps in terms of the number of companies using shared data models/digital twins, and this position is mirrored in the spread of response times, too, showing a relatively moderate level of digital maturity in this space. With the evolution of ever more complex network technology and approaches, NetOps teams need to be driving and demanding changes to improve instrumentation, management and diagnostics.

Role: Security Operations

In this section, we consider the respondents who identify as SecOps specialists, accounting for 40% of all survey respondents. As shown in Figure 4, the SecOps cohort shows a peak in response times of four hours, and this occurs where a full or partially shared data model is in use. For SecOps overall, 49% of respondents have a four-hour turnaround, and 28% fall in the bracket of less than one hour. The remaining 23% have resolution times of 1-2 days, but none longer than that.
Most respondents with faster turnarounds have a single or partially shared data model, which is indicative of how security staff tend to be engaged across all systems in order to be most effective. SecOps teams are in a constant arms race with bad actors, and with an increased understanding of the integrity of various enterprise systems, they can set policies and rules that place the timeliness of problem resolution as a key performance indicator for other parts of business operations.

Frequency of Communication Across Roles

As a check on the responses regarding resolution times and access to shared digital twins, the survey asked each of the three operational roles how often, on average, they engage with the other two roles. As shown in Figure 5, CloudOps and NetOps staff ask for responses from one another at a very similar frequency — primarily, daily and weekly rather than monthly. This same pattern applies to how often CloudOps and NetOps interact with SecOps.
However, SecOps staff tends to show a weekly engagement with CloudOps and NetOps peers rather than daily interaction. The ability to solve problems directly maps to more accessible and accurate digital twins, and this corelates to the finding of security teams being the most advanced in this area, as illustrated in the responses discussed earlier.


There is plenty of room for improvement in resolution and response times for each of the CloudOps, NetOps and SecOps groups. The perception within large US companies of advanced digital maturity relative to their peers is not matched when it comes to fast response times for solving problems — even in those organizations with a more advanced shared data model.
Having a digital twin, of any type, in place is a good starting point, but digital twins and modeling systems vary in terms of accuracy, and particularly with regard to the timeliness of data. The ability to access an always up to-date view of a system — a shared single source of truth — regardless of operational role should bring much greater efficiency gains for all.

"In the past year, we have scaled our deployment of Forward Enterprise to our entire network of over 15,000 devices.

Our network engineering team relies on the Forward platform to be the single source of truth for our network. It's a critical component for automating our infrastructure."
Managing Director, Technology @ Goldman Sachs

Your perfect multi-vendor solution

crossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram