What's at stake for Cisco in network access control
Dear Vorticians,
Let me start by saying I was wrong. (Save this and savor it.)
In last week's piece beginning my discussion on network access control, I stated that Check Point was not a member of Cisco's Network Admission Control (NAC) partner program. Au contraire, as the company informed me. Yours truly was not savvy enough to notice that, unlike Microsoft's one-Web-page listing of its partners, Cisco's NAC program participant site is broken down into three sections listing partners that are shipping product and partners currently developing products, as well as "Non-NAC Cisco partners developing solutions" - a distinction that isn't explained (or maybe I missed that too.)
In my oversight, I not only failed to notice Check Point prominently listed in the "currently developing" products area but, worse, gave Cisco short shrift in the number of NAC partners I cited. Cisco lists nearly 80 partners in one form or another. Two gaffes in one entry. Wow. My apologies.
I began last week by saying that I believe network access control represents one of the ore significant battlegrounds of the coming decade in IT. Why? The key word is control. (Isn't it always?) This week, I'll look at what network access control means to Cisco and in upcoming editions, we'll explore what it means for companies as diverse as Microsoft, Juniper, Enterasys, Check Point and Trend Micro, among others.
When it comes to Cisco and end point security, control takes on a variety of shades.
* First and foremost, NAC provides for continued customer control. If customers want to adopt Cisco's strategy for securing their shops, they need to commit to NAC pretty much on an end-to-end basis, from client software to switch upgrades and other pieces along the way. Network access control may eventually become standardized enough that you can mix and match components, but it won't be that way for quite a while. That makes it much more difficult for competitors to make inroads into customer shops. Also, even if customers aren't actively embracing NAC, as they continue to buy Cisco gear, they are buying into NAC capabilities as those features are baked into the products. Later, customers may decide that it isn't worth going with a competitor's approach to end point security because they already have a lot of what it takes to support NAC. As Roger Grimes put it in a good InfoWorld article on network access control, "Even if you are not considering a network access solution now, investments now may well lock you into one scheme or the other in the future."
* NAC provides control over commoditization. You can either buy dumb, fast, cheap networks, or more-expensive, more intelligent networks. It may be that standards-based end-point security will be built into even commodity network gear in the future. But, for today, if you want the network to "self-defend" you'll have to pay a premium to Cisco for NAC functionality - and Cisco wants you to do that very much. (Premium is a synonym for Cisco.)
* Cisco's strategy is also about grabbing control of a major market for the future: security. Security spending continues to grow and you can bet that Cisco wants and needs a big chunk of that. In order to keep the growth engine humming and make investors happier, Cisco needs to find new high-growth markets. Security fits the bill quite nicely, particularly if Cisco can change the whole paradigm of today's security. Why should customers spend their security dollars on IPS and IDS and firewalls, when they could spend them on networks that secure themselves? As you can imagine, and as we'll explore, this creates a real quandary for the security companies who are backing Cisco's NAC program. The better Cisco gets at security, the less customers need their point products.
* NAC also has the potential of aiding Cisco in its attempt to increase its visibility within the corporate environment. (Let's call that control over mind share.) Security is a red-hot topic in corporate boardrooms, where concern about protecting customer information, compliance and business disruption runs high. What better way for Cisco to bolster its standing in the C suite than to emerge as the white knight of security? (Have you seen the Cisco commercial in which the CEO visits the data center to learn the security is in the blinky Cisco boxes?) Why let IBM or Microsoft enjoy that perception among the white collar crowd?
The latter control point takes on even more significance when you put NAC in the context of other strategic Cisco initiatives, such as the Services Oriented Network Architecture (SONA) plan. Through SONA Cisco hopes to play a central role in virtualizing data center resources and ensuring that the next generation of services oriented applications works well. That would also increase Cisco's visibility and stature within the enterprise.
Next, we'll look at Cisco's competitors like Juniper and what network access control means for Microsoft as well.
Bye for now.
Back to Vortex Blog
Comments
Post a comment
