|
Lack of maturity and interoperability dog NAC adoption
By Ashwani Mishra
Organizations across the globe view Network Access Control (NAC) as an effective approach towards network security. Yet its progress inside the enterprise can be best described as a creeping one, largely due to lack of a solid definition that makes it difficult to identify the features that make a good NAC product or solution.
Vendors offer their own versions of NAC and the functionality itself can vary from basic allow/deny rules to remediation methods to upgrade non compliant computers system.
“Deployment of network access control system has been stalled at many companies as early adopters are still waiting for the technology to mature,” opines Manikkam V.S., Head IT, Henkel.
CIOs and IT heads who have already deployed NAC solutions say there are other concerns as well. One of the key concerns is the threat posed by portable computing devices that allows the threat to be carried on to the most protected areas of the network.
Networks often accommodate a variety of endpoint operating systems and owners as well as devices such as IP phones and networked printers.
“Consistent policy should apply to all these endpoints, regardless of whether they connect through VPNs, wireless access points, or hard-wired Ethernet ports,” says Mahesh Gupta, Business Development Manager, Security, Cisco India and SAARC.
In addition, there are few products in the market today that can support all operating systems, all access methods and policy exceptions in a scalable and manageable manner.
“Lack of interoperability amongst products is another major deterrent in the adoption of this technology,” says Anwer Bagdadi Senior Vice President and CTO, CFC India Services.
CIOs who have delayed buying NAC solutions cited that long wait times for the development of specific features and interoperability remain pain areas as it may cause a drop in productivity.
Deployment Drivers
Governance and compliance will continue to drive NAC deployments this year. Regulations like Clause 49, HIPAA, SOX and PCI to name a few shift the security focus to the network interior- exactly what NAC technologies are designed to monitor and protect.
The benefit of managing access with NAC is multifold. Any device connecting to the network is checked for network security compliance. If the check fails or if policy violations are detected, the device is automatically brought into compliance and continually monitored throughout the connection session to ensure the device remains complaint.
IT managers should ensure only users with complaint devices are granted access to network resources allowed by job function, providing a virtual, dynamically-segmented network with role-based access control for corporate users and network guests.
Other benefits include minimizing network downtime, reduce help desk cost and safeguard critical data and user productivity by protecting against malicious attacks at the endpoint.
“In order to maximize benefits of a NAC solution, it has to be seamlessly integrated into the network infrastructure without causing network disruptions,” says Manikkam.
Therefore multiple deployment approaches must be considered to determine the potential impact and level of disruption a deployment method will have on the overall infrastructure. Another determining factor is a NAC system's ability to leverage the existing investment into network infrastructure and equipment without requiring cost upgrades or causing network downtime.
Industry insiders feel that the interest in NAC would remain strong in 2008. Even enterprises which are unlikely to launch a NAC project would keep an eye on the development of the technology to see if its evolution would assuage their concerns.
|