The Undeniable Advantages and Challenges of NAC Security


The fact that this survey was conducted by a network-access control (NAC) vendor clearly raises a yellow flag, but doesn't mean the results shouldn't be considered at all. A survey that Mirage Networks commissioned through Opine Consulting found that 86 percent of respondents said controlling network access is a high priority, but 45 percent believe they are supporting end points they don't know about.


This is a big deal. While not putting too much stock in the survey itself, the idea comes through that the industry is going through growing pains, moving from focusing on securing devices directly to mediating the access all devices have to the network. This is a common-sense approach, considering the intense proliferation of devices.


It ain't easy, however. Some experts feel that NAC is a good idea, but extremely complex. That's the theme of this Network World piece, which offers a tremendous amount of useful information. The writer discusses why NAC is a good idea and its potential for creating an easier way for companies to drive security, especially in cases in which visitors need access to a corporate network.


The writer balances the positives with caveats about lack of standards and differing approaches to NAC. He writes that in-line systems, as the name implies, get between the user and the network to arbitrate access. Out-of-band approaches enable communications between the networks and the switching infrastructure to identify and catch anything that is amiss. Perhaps most importantly, the story identifies the various vendors and the approach they take.


PCWorld.com also has written an informative NAC-is-promising-but-complex-type of story. The writer's take is that companies deploying systems didn't recognize how tricky NAC would be. Moreover, many deployments were aimed at specific applications, such as securing networks from guest access. It is difficult to expand a system to across-the-board use. An interesting note in the story is that Gartner says NAC sales will double this year, but that after 2010, NAC-specific sales will decline as the functionality becomes embedded in equipment.


Verizon Business Security Solutions is offering one way for companies to handle the complexity: Hand it off. Earlier this month, the company said its consultants will talk to customers, select a NAC provider, design and install the system and train users. The piece doesn't say what, if any, ongoing role Verizon Business will have.


This Information Security Short Takes piece begins with a concise definition of what NAC is and the goals of those who implement it. The heart of the piece, however, is short lists of the problems facing NAC. For the CEO, NAC is costly to implement and entails a significant effort. Network administrators see NAC as another point of failure, while system administrators consider it an added layer of software to be integrated into the infrastructure. Users, the writer says, can be inconvenienced by NAC system errors. The conclusion is that NAC has its advantages, but must be analyzed carefully and deftly implemented.