Network Access Control Made Easy

Network access control technology was the darling of the security industry in 2006, as vendors spent much of their time squawking about how their NAC offerings could do just about everything but cure cancer. Yet now that the hype around NAC has quieted, a clearer picture is emerging about what the technology means for the channel.

So far, the news is good: Solution providers that have made time and financial commitments to learn how to deploy NAC are seeing steady services revenue before and after the actual implementation. Driven by compliance pressures, NAC itself has become a household term, although some solution providers still find they need to educate consumers as to why they need the technology and how it can help their security posture.

There appears to be lots of room for growth in the NAC market, which IDC expects to jump to $3.2 billion in 2010 from $526 million in 2005. So far, most of that is being driven by verticals such as finance, health care and education—all of which have compliance-related reasons for compartmentalizing their networks through access policies.

Universities are one of the fastest adopters of NAC—a result of their open networks and students bringing notebook PCs in and out of their networks on a regular basis, leaving the digital equivalent of muddy footprints all over the network at the start of every semester.

Yet, VARs will find that NAC readily extends well beyond the education and financial markets. The very concept of controlling access to the network is tantamount to security practices. Basically, the size of the business becomes immaterial when it comes to protecting information, and the best way to protect that information comes of knowing who has access to the network and if that access is appropriate.

Many solution providers believe the key to cutting through the hype around NAC is to understand the nature of what the different solutions are designed to achieve and be able to clearly explain to customers how it will benefit them.

Perhaps the most important concept to grasp is how NAC differs from traditional security measures. In the past, security was built around file access—in other words, who could access which files. While that proved to be effective for protecting intellectual data, file-level security did not offer any control over what was done with that data.

With security needs growing to encompass endpoints and connectivity, it quickly became clear that controlling file access was not enough to protect a network, which is where NAC comes into play. In short, NAC unifies security controls and focuses on the controls in place to allow access to the network. Of course, file-level security remains a key tenet of data protection, but NAC enhances security by keeping unauthorized persons and devices from connecting to the network in the first place. That translates to building file-level security to handle the needs of the trusted insider, while NAC solutions keep every one and every thing else out of the network to begin with.

"The primary aim of NAC is endpoint risk mitigation from notebook PCs, flash drives, wireless devices and endpoints in an open environment, which have a much bigger risk footprint than environments that are more locked down and restricted," said Peter Bybee, president and CEO at Network Vigilance, a San Diego-based solution provider.

Next: Flash The Skills