Network Access Control Gains Traction With BYOD

Network access control technology is a viable solution to some of the problems posed by BYOD, said Eric Maiwald, research vice president at Gartner. The maturity of the network access control vendors has resulted in technology that provides more granular controls. Network access control, or NAC, tools can check devices to ensure they meet certain security controls, restrict them if they are rooted, jailbroken or don't contain the latest security software updates.

"They're doing a more detailed examination at the endpoint," Maiwald said.

Cisco Systems and ForeScout Technologies are considered the NAC market leaders and both have been making inroads, teaming up with leading MDM platforms to address BYOD with their network access control appliances, according to Gartner.

Bradford Networks, meanwhile, continues to retain strong market share with universities and colleges. And Aruba Networks and Juniper Networks are strong NAC market contenders with products that address BYOD, Gartner said.

Businesses need to thoroughly evaluate a NAC vendor to understand how well its technology examines devices on the endpoint and what happens when a device falls out of policy, Maiwald said. Some NAC platforms set up a limited quarantine zone with limited network access for devices that don't pass company policy, giving the IT help desk a chance to investigate further and make changes to bring the devices in sync with policy.

NAC technology partnerships include ForeScout Technologies partnering with Fiberlink in an integrated platform -- ForeScout's CounterAct and Fiberlink's MaaS360 combine cloud-based MDM with device access control; MDM vendor AirWatch partnering with Bradford Networks' NAC in an integrated platform; Cisco integrating technologies from four MDM vendors into a combined BYOD platform; and Enterasys Networks working with several MDM vendors, including McAfee and MobileIron.

"There's no perfect solution out there and I'm not sure anything will emerge that will even come close to perfection," Maiwald said. "Most of these technologies and partnerships do enough to give you a warm, fuzzy feeling. They address some initial concerns while we're in the early days."

The problem with many products designed to address BYOD is that they are poorly implemented, said Chris Camejo, director of consulting and professional services at Integralis, a Bloomfield, Conn.-based security services provider. "You've got bigwig corporate executives that exempt themselves from corporate policy," he said. "There are many holes."

Patrick Hiller, CEO of Abacus, a solution provider based in Atlanta, told CRN that the security industry is moving toward integrated technologies to address mobile security. The goal is to reduce complexity and not increase it by applying yet another security layer, Hiller told CRN.

"When you start picking point solutions you can run into integration problems and usually spend more time with configuration and getting it to work right than you anticipated," Hiller said.

PUBLISHED JULY 29, 2013