In many previous articles, we have discussed "de-perimeterization," an ungainly term describing the erosion of traditional perimeters. Our research indicates that most companies are retrenching and redeploying their perimeter around the crown jewels: the applications and data residing in the data center.

This new, narrower perimeter focuses security controls at the point of access to the data center. The “perimeter of one” strategy layers firewalls, intrusion-prevention systems and anti-malware around every desktop, laptop and even handheld computer. Security policies then connect the two perimeters (the data center perimeter and the one around each endpoint) with an access-control policy that checks every endpoint before allowing entry into the network and data center.

There’s only one problem with this strategy: endpoint access control is currently dominated by proprietary and non-compatible “solutions” by Microsoft and Cisco.

But things may be about to change.

Cisco’s Network Admission Control (NAC) and Microsoft’s Network Access Protection (NAP) are the two most commonly cited approaches for controlling endpoint access. Despite public promises from both vendors for interoperability, the two approaches are still not compatible, almost two years after their introduction.

For IT executives with substantial investments in both vendors’ equipment this is a cruel choice: almost like having to pick one parent’s loyalty over the other. Both vendors seem intent on continuing down diverging paths despite the market demand for broadly interoperable products.

Predictably, Cisco and Microsoft are taking different approaches to endpoint control. One approach seems to emphasize the network, while the other emphasizes the endpoint. Both have a “consortium” of smaller vendors pledging interoperability, but the chasm between the two approaches is as wide as ever.

But NAP and NAC are not the end of the story. An industry standards body, the Trusted Computing Group, has worked with a number of vendors (including Microsoft) to develop a common architecture and interface specification for endpoint verification and access control.

The Trusted Network Connect (TNC) working group has published a set of specifications, and a number of vendors are building standards based endpoint access control. Not only is the TNC standard open, but it is also balanced between the network and the endpoint. For example, in the TNC standard, a policy check (checking the health of the endpoint) is not a one-time event and can be initiated by either the network or the endpoint.