Whirlpool takes Cisco NAC for a spin

Test of Cisco wares proves network access control works, but you have to make the business case

After a pilot lasting more than three months, Whirlpool is confident that network-access-control technology will not only help keep its global network more secure, but also play a role as the company implements a new generation of Web services applications.

Alex Petrov, global principal network architect for the Benton Harbor, Mich., home appliances company, presented his NAC findings at the recent Network World IT Roadmap Conference & Expo in Chicago. Whirlpool’s tests of Cisco NAC products verified that they performed their basic functions as advertised, disallowing network access to client machines that were not sufficiently secure. While the technology may cause a temporary increase in help-desk and desktop-support costs, longer-term the Whirlpool tests indicate NAC will reduce overall security costs and risks by introducing more self-service and automation.

Perhaps more importantly, however, Petrov expects NAC, together with other network security technologies, will position Whirlpool to take advantage of Web services internally and externally. “We’re talking years away,” he said in a follow-up interview. “But we absolutely think this is where enterprise architecture is headed, and we need to know what kind of security mechanisms we need to have in place to support it.”

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

After a pilot lasting more than three months, Whirlpool is confident that network-access-control technology will not only help keep its global network more secure, but also play a role as the company implements a new generation of Web services applications.

Alex Petrov, global principal network architect for the Benton Harbor, Mich., home appliances company, presented his NAC findings at the recent Network World IT Roadmap Conference & Expo in Chicago. Whirlpool’s tests of Cisco NAC products verified that they performed their basic functions as advertised, disallowing network access to client machines that were not sufficiently secure. While the technology may cause a temporary increase in help-desk and desktop-support costs, longer-term the Whirlpool tests indicate NAC will reduce overall security costs and risks by introducing more self-service and automation.

Perhaps more importantly, however, Petrov expects NAC, together with other network security technologies, will position Whirlpool to take advantage of Web services internally and externally. “We’re talking years away,” he said in a follow-up interview. “But we absolutely think this is where enterprise architecture is headed, and we need to know what kind of security mechanisms we need to have in place to support it.”

In pursuit of NAC

Before embarking on its NAC test, the $18 billion company explored alternative technologies, but fairly quickly decided that NAC would be fundamental to its multitiered security strategy, Petrov says. Whirlpool then explored NAC products from Cisco, Microsoft and others. “To us, it was really important to have two things: compatibility with existing infrastructure, and futureproof technology, something that would not require fork-lifting,” he says.

Click to see: Whirlpool gives NAC a spin

Key to going with Cisco was the fact that Whirlpool already was standardized on Cisco equipment for its LAN and WAN infrastructure. “It wasn’t that hard of a decision,” Petrov says.

For its pilot test, Whirlpool sought to simulate multiple environments, including its 1,500-user headquarters, 800 users at a major plant and 100 users at a regional distribution center. “Essentially it was a scaled-down version of our production network with NAC elements added to it,” Petrov says. Specifically, those elements were Cisco NAC software on switches and routers, Cisco Security Agent on clients and the Cisco Monitoring, Analysis and Response System to identify and isolate potential security threats.

The pilot, which the Whirlpool engineering team ran with Cisco and Cisco partners in the spring and summer of 2006, tested the overall NAC process, with emphasis on validating that user devices had all the most current antivirus software and operating system patches. The tests also validated how the quarantine process would work when a client system was out of compliance, and how it would go through the NAC process again once it was remediated.

“It was important for us to see how the Clean Access server and clients would talk to each other and to validate the admission process,” Petrov says.