The number of security technologies is proliferating on an exponential basis, and each, when seen in a vacuum, makes sense. Companies don't get launch products and startups don't get initial or ongoing funding without solid ideas.
So here is a good idea: A technology that makes sure the machines trying to reach into particularly sensitive nooks or crannies of a network are authorized to do so. That describes Sun's new Role Manager. This IT Week story says the new package tracks role changes and automates identity-based controls. The software also checks that the proper segregation of duties is being followed.
Companies are beginning to come to grips with the idea that it is not a good idea for a database administrator to both be able to award access rights to a database and also be able to access the data.
The description of the Role Manager sounds a lot like network access control (NAC). A NAC device controls whether a machine is allowed on the network and precisely where it is allowed to go. Further, if anything is askew with the machine's security, software creates a quarantine until proper updating or other remediative work is done.
The question is whether the NAC category can begin to thrive. That could happen this year, according to a report from The 451 Group. The report, according to this eChannelLine story, says 2008 is a "do or die" year for NAC. To date, there have been an overabundance of architectures and too many approaches and products. The firm says a healthy number of enterprises are for the first time deploying NAC or are expanding trials. Compliance and the need to create an access control platform throughout the business is driving the newfound openness to NAC.
There has been no shortage of NAC news. CRN looks at Symantec's NAC (SNAC), which extends Symantec NAC support to Microsoft, apparently for the first time.
NetClarity also made NAC news recently, with the introduction of EasyNAC. The system doesn't require an agent on end defines and no infrastructure upgrades. The package is meant for small offices and remote corporate sites, this Network World piece says. EasyNAC can send an alert or block traffic when it finds out-of-compliance machines. EasyNAC also has a couple of ways to isolate the offending devices.
What will be determined during the coming months is if these bits of news are adding to the confusion alluded to by The 451 Group, or a sign that the sector finally has fully arrived.