Examining the Effectiveness of Digital Twins in Network Modeling

In the context of networking, shared data models or “digital twins” are an accurate software representation of all aspects of the network and its traffic, ideally updated in real-time. Such data models also incorporate the ability to interrogate the digital twin for problem resolution or to explore the impact of changes on the relevant model before they are made in the live network environment. The digital twin functions as “the single source of truth” for the network, with relevant views of it accessible by different job roles.

A typical network comprises a large number of hardware components — often sourced from multiple suppliers — and has a complex, constantly changing data stream flowing through it. Understanding what the network physically consists of and what is, or will be, happening on it is essential information for ensuring efficient and secure operations. Different aspects of this information are relevant to NetOps, SecOps and CloudOps, and each of these groups may have evolved their own tool set and data feeds to meet their needs. Different role-specific tools may not provide an equivalent level of detail or timeliness regarding the state of a system, which can hinder troubleshooting and problem resolution.

The survey first asked respondents about the perceived digital maturity of their companies relative to their peers. The following question was posed to the entire survey base of 150 individuals: “Digital maturity describes an organization’s ability to engage digitally with stakeholders (business, IT, OT and front line). Overall, how would you rate your organization’s digital maturity relative to its industry peers?” Nearly half of respondents (49%) thought their company was substantially more digitally mature than their peers, while 40% said they were somewhat more mature. The fact that a significant majority of 89% view their organizations as being ahead of peers could be an indication of complacency or of the sentiment that current approaches to network operations are essentially as good as they can be within large companies.
The survey then asked how data is shared operationally, in order to gauge the prevalence of digital twins/shared data models — with responses ranging from “We have a single shared data model/digital twin, with groups having direct access relevant to their job roles” to “We have completely separate systems and processes for each group.”

Figure 1 illustrates the variety of perspectives across different job roles and focus areas within an organization. SecOps has the most full or partial shared models, while NetOps ranks second and CloudOps has the least advanced sharing among the three roles. The survey then goes on to explore those differences in shared data models/digital approaches for respondents by job role. 

The vast majority of those surveyed consider their company more digitally mature than peer organizations, yet not everyone is using a shared data model/digital twin, and those that do are not generally achieving resolution of problems in under four hours. This should not come as a great surprise because even though a large number of survey respondents have shared or partially shared data models and access to network information pertinent to their role, many of the systems in use are likely to have evolved from more basic logging and event recording systems, rather than ones specifically built to ingest and present live system-wide data. The goal should be a single real-time and accessible description of a constantly changing network and its traffic.

The speed with which issues can be resolved is a good indicator of the effectiveness of any form of shared system or model. An accurate and integrated real-time system should provide faster resolution times than a set of slower, siloed systems. Here it is instructive to look at the survey responses regarding the types of shared or disjointed systems in use for each of the three main operational roles. Each is classified by response time in solving problems to identify similarities or differences.

In this section, we look at the respondents who identify as being part of CloudOps teams, which represent 27% of the total respondent base. In Figure 2, we see a wide spread of response resolution times (in hours). A small spike exists in four-hour resolution times for those with a partially shared data model. Those with a one-hour response time include organizations with separate systems for each group, which is the least digitally mature category. Overall, 37.5% of respondents are in the four-hour turnaround group, equaled by 37.5% in the 24 hours or longer (including up to a week) response-time group. The remaining 25% are in the group with an hour or under — the most efficient response times.
This wide range of response times, combined with a lower number of shared data approaches for CloudOps, as seen in Figure 1, indicates a low maturity level in terms of network-related operations for this job role.
Cloud operations are an application layer reliant on network and security functions, and they are the newest of the three areas of work included in the survey. Given this placement, CloudOps teams are better positioned to engage with, or ask for, new tooling closer to a complete digital twin.

Here we examine the respondents who identify as NetOps professionals, representing 33% of the total survey base. As with CloudOps, the NetOps cohort has a spread of response times, with the majority clustered around a four-hour time for resolution of issues. Among those respondents in the four-hour time frame, a majority cite having the more advanced shared data model/digital twin to work with, and this large group does not include any respondents with completely separate systems.
For the NetOps group overall, 53% of respondents sit in the four-hour turnaround tier, with 28% sitting at one hour or less. The remaining 19% have turnarounds of a day or longer, up to a week. NetOps places in between SecOps and CloudOps in terms of the number of companies using shared data models/digital twins, and this position is mirrored in the spread of response times, too, showing a relatively moderate level of digital maturity in this space. With the evolution of ever more complex network technology and approaches, NetOps teams need to be driving and demanding changes to improve instrumentation, management and diagnostics.

In this section, we consider the respondents who identify as SecOps specialists, accounting for 40% of all survey respondents. As shown in Figure 4, the SecOps cohort shows a peak in response times of four hours, and this occurs where a full or partially shared data model is in use. For SecOps overall, 49% of respondents have a four-hour turnaround, and 28% fall in the bracket of less than one hour. The remaining 23% have resolution times of 1-2 days, but none longer than that.
Most respondents with faster turnarounds have a single or partially shared data model, which is indicative of how security staff tend to be engaged across all systems in order to be most effective. SecOps teams are in a constant arms race with bad actors, and with an increased understanding of the integrity of various enterprise systems, they can set policies and rules that place the timeliness of problem resolution as a key performance indicator for other parts of business operations.

As a check on the responses regarding resolution times and access to shared digital twins, the survey asked each of the three operational roles how often, on average, they engage with the other two roles. As shown in Figure 5, CloudOps and NetOps staff ask for responses from one another at a very similar frequency — primarily, daily and weekly rather than monthly. This same pattern applies to how often CloudOps and NetOps interact with SecOps.
However, SecOps staff tends to show a weekly engagement with CloudOps and NetOps peers rather than daily interaction. The ability to solve problems directly maps to more accessible and accurate digital twins, and this corelates to the finding of security teams being the most advanced in this area, as illustrated in the responses discussed earlier.

There is plenty of room for improvement in resolution and response times for each of the CloudOps, NetOps and SecOps groups. The perception within large US companies of advanced digital maturity relative to their peers is not matched when it comes to fast response times for solving problems — even in those organizations with a more advanced shared data model.
Having a digital twin, of any type, in place is a good starting point, but digital twins and modeling systems vary in terms of accuracy, and particularly with regard to the timeliness of data. The ability to access an always up to-date view of a system — a shared single source of truth — regardless of operational role should bring much greater efficiency gains for all.