Interop: NAC is Back

A. Braunberg

A. Braunberg

Summary Bullets:

  • Several vendors have announced enhanced network access control (NAC) products for addressing BYOD
  • The Trusted Computing Group announced a new revision to an important NAC standard (TNC IF-MAP)

I spent the week in Las Vegas at Interop and one of the meta-themes at the event was the issue of how to deal with consumerization of IT and the associated business policy of allowing employee-owned devices on corporate networks. (i.e., BYOD). As I have noted before on this blog, consumerization of IT has far-ranging impacts on enterprise IT requirements and product development strategies. This includes products being enhanced to support the increasing traffic requirements inherent in broad deployment of mobile devices, but it also includes old products finding new life when applied to mobile use cases. A great example of the latter is the re-emergence of NAC to address consumerization of IT.

We have seen several vendors announce (this week and last) solutions designed to address consumerization of IT that leverage NAC technology. These include: Juniper (Simply Connected), Aruba (ClearPass), Avaya (Identity Engines), and ForeScout/Fiberlink (ForeScout MDM powered by MaaS360). This week we also saw a surprising amount of interest in the latest revision to the Trusted Computing Group’s TNC IF-MAP specification. A big part of the buzz around that NAC standard is the fact that consumerization of IT is being positioned as an important use case for the specification. The IF-MAP protocol defines a publish/subscribe/search mechanism and an extensible set of identifiers and data types. Clients supporting the protocol can publish metadata and consume metadata published by other clients.

For those of us that have watched the painful rise and fall of the NAC market and of many NAC vendors, the phoenix-like rise of this technology and its vendors can only be viewed with a mix of amusement and admiration. NAC vendors have finally found a mainstream problem they can really sink their teeth into. NAC solutions have long been used to address guest user access onto corporate wireless networks. BYOD can be thought of as a similar problem. NAC can be used to determine the posture/health of any device attempting to access a network. This data, along with other important elements, such as user identity, can be used to determine access policy. The appeal, of course, is that access control can be much more fine-grained than simple access permission or denial. As more employees use mobile devices at work and access more sensitive data on these devices, this will be an increasingly important capability.

About Andrew Braunberg
As Research Director for the Business Technology and Software group at Current Analysis, Andrew manages the Enterprise Security, Data Center Infrastructure, and Enterprise Network Systems coverage. As the lead analyst for Enterprise Security coverage, he focuses on the market and technology dynamics that are transforming the industry, including virtualization, mobility, the consumerization of IT, embedding of security into the broader IT fabric, and a shift to data centric security.

What do you think?

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: