You have to learn to walk before you can run. That’s what Pitney Bowes discovered as it developed a unique security system designed to lock down access to its global network.

Pitney Bowes, a leading mail system vendor, had to upgrade its IP infrastructure — particularly how it handled DNS and DHCP — before it could tackle the complicated task of authenticating users connecting to its network and controlling access to network resources based on who they are.

Pitney Bowes cobbled together its system using DNS and DHCP appliances from Infoblox, configuration management software from BigFix and endpoint security software from Endforce.

The company spent $700,000 on its new network access control (NAC) system, but says it is already reaping returns on that investment both in improved network security and better performance.

"There has been a reduction in unknown devices on the network. That was our primary driver for this project," says David Giambruno, director of engineering, security and deployment at Pitney Bowes. "But we have also seen an increase in network performance that is improving the user experience. We’re able to measure improvements in the network’s overall latency."

Pitney Bowes may be on the leading edge, but it isn’t the only company to roll out NAC. While 4% of corporations have deployed NAC, 36% plan to purchase the technology in 2006, according to a recent survey of 149 companies by Forrester Research.

Robert Whiteley, a senior analyst with Forrester, says only a handful of corporations are rolling out comprehensive NAC solutions that include upgrades to DNS and DHCP infrastructures.

"The most common thing I see is folks trying to start out with software like Endforce that does endpoint integrity checking. Then they realize they have to upgrade DNS and DHCP," Whiteley says. By tackling the IP infrastructure and security problems at the same time, the Pitney Bowes approach is "world class"’ he adds.

"The thing that’s smart about what Pitney Bowes is doing is that by improving the underlying IP management infrastructure, they’ve also enabled a better VoIP architecture and a better wireless architecture and a better mobility architecture,’’ Whiteley says. "This is good common sense."

Creating a unified IP management infrastructure was a challenge for an organization as large as Pitney Bowes, which is a $5.5 billion manufacturer of hardware and software for managing mail and packages in 185 countries.