Interop: NAC is Back
May 11, 2012 Leave a comment
- Several vendors have announced enhanced network access control (NAC) products for addressing BYOD
- The Trusted Computing Group announced a new revision to an important NAC standard (TNC IF-MAP)
I spent the week in Las Vegas at Interop and one of the meta-themes at the event was the issue of how to deal with consumerization of IT and the associated business policy of allowing employee-owned devices on corporate networks. (i.e., BYOD). As I have noted before on this blog, consumerization of IT has far-ranging impacts on enterprise IT requirements and product development strategies. This includes products being enhanced to support the increasing traffic requirements inherent in broad deployment of mobile devices, but it also includes old products finding new life when applied to mobile use cases. A great example of the latter is the re-emergence of NAC to address consumerization of IT.
We have seen several vendors announce (this week and last) solutions designed to address consumerization of IT that leverage NAC technology. These include: Juniper (Simply Connected), Aruba (ClearPass), Avaya (Identity Engines), and ForeScout/Fiberlink (ForeScout MDM powered by MaaS360). This week we also saw a surprising amount of interest in the latest revision to the Trusted Computing Group’s TNC IF-MAP specification. A big part of the buzz around that NAC standard is the fact that consumerization of IT is being positioned as an important use case for the specification. The IF-MAP protocol defines a publish/subscribe/search mechanism and an extensible set of identifiers and data types. Clients supporting the protocol can publish metadata and consume metadata published by other clients.
For those of us that have watched the painful rise and fall of the NAC market and of many NAC vendors, the phoenix-like rise of this technology and its vendors can only be viewed with a mix of amusement and admiration. NAC vendors have finally found a mainstream problem they can really sink their teeth into. NAC solutions have long been used to address guest user access onto corporate wireless networks. BYOD can be thought of as a similar problem. NAC can be used to determine the posture/health of any device attempting to access a network. This data, along with other important elements, such as user identity, can be used to determine access policy. The appeal, of course, is that access control can be much more fine-grained than simple access permission or denial. As more employees use mobile devices at work and access more sensitive data on these devices, this will be an increasingly important capability.