- 10 open source companies to watch
- Mythbuster busts his own tale
- $208 million petascale computer gets green light
- Sony recalls 73,000 Vaio laptops
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
I read a lot of conflicting stories about NAC - some very positive and some dismissive. Is NAC over-hyped, or is there value in it?
The short answer is yes, and yes. The key is to figure out whether it will be over-hyped or of value for you. To do that, you need to look at what issues you're struggling with.
Two dynamics play a recurring role in whether NAC is portrayed as hyped or valuable. One is how NAC is defined, and the other is how much work is needed to deploy that version of NAC. Essentially, when NAC takes a lot of work and returns little value, it should be no surprise that it's portrayed as over-blown. But when NAC doesn't take too much work and returns a good degree of security as well as other useful functions, then - again no surprise - it's seen as providing good value.
If you look in detail at most of the negative stories about NAC, they tend to showcase an example or understanding of NAC as basically a pre-admission technology. In other words, the Network Admission Control version of NAC - validating that a user can successfully authenticate onto the network and that the user's machine is in compliance with some degree of endpoint posture check.
We'd be the first to agree that this version of NAC is both too much work and returns insufficient value. Often, the endpoint checks require the installation of software, and the IT team gets very little real security or control in return for pretty exhaustive work. Network World, in fact, recently profiled an organization that struggled with just such an implementation. This definition of NAC emerged two to three years ago, in response to virus outbreaks, and it fails to address the primary business drivers for implementing access control.
When NAC is portrayed as providing more control over how users can access the LAN, the coverage tends to be far more positive. So when enterprises use NAC, for example, to segment users on the LAN and limit access to sensitive corporate data, those customers tend to be much more positive about the benefits of NAC.
The key is that these kinds of NAC implementations, in addition to providing stronger controls, must also not create an operational burden for IT. Initial deployment and policy creation will always take some work, but NAC that's rooted in role-based controls, leveraging information in existing identity stores, vastly simplifies IT's job in LAN segmentation. IT doesn't need to change the endpoints, network infrastructure, or directories, and they can avoid the significant operational expenses associated with achieving and maintaining LAN segmentation via VLANs and ACLs.
Rss FeedRss Feed
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
The ROI and TCO Benefits of Data Deduplication for Data Protection in the EnterpriseThis paper examines and quantifies the costs and benefits of backup with deduplication storage as...
Life on the edge of your WAN has changed dramatically. With the need to deliver advanced services,...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
We have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment