Tim, the extreme general position you are advocating - to heavily favor user productivity over network security in setting an organization's security policies for employees/students is incomprehensible - as it is both unwise and unnecessary. Read my article "Balancing Network Security And the User Experience" to better understand the more reasonable and comprehensive set of policy trade-offs available with leading NAC products (http://www.secureaccesscentral.com/breakaway/news_mar2007.php).
Would you recommend that investors buy and hold stocks for only one day - once every 30 days - in order to generate a "rational" risk-adjusted return on their money?
NAC scanning performance and NAC policies should minimize or eliminate user wait times. And remediation policies should never be simply binary.
And computers used by regular employees should never be viewed as materially more "safe" than visitors. There is simply no objective basis for this view.
Dana Hendrickson, Publisher, Secure Access Central.
compromise for poor design
Dana - I have to wholeheartedly agree with you. I think this is just marketing spin by companies that do not have purpose built NAC health or posture checking and cannot do the testing in time. Their trade off then becomes testing less. Not good security! I have written more about this on my blog here
Post new comment