NAC users driven by regulatory compliance

* NAC can help with ensuring regulatory compliance

Increasingly, businesses deploying NAC are worried about proving to regulators that they are following appropriate industry and governmental guidelines for protecting data.

Specifically, they want to be able to show that those who accessed data were properly authorized, and this is something that NAC can help with.

By authenticating users and their machines and checking that the devices assume an acceptable security posture, businesses can demonstrate that they restrict access to just authorized users. Further, by restricting the access that is granted, they can show that authorized users access only a limited set of data.

Post-admission NAC monitors whether users maintain their security posture and checks that their network use doesn’t stray from what is acceptable. Post-admission NAC can also shut down access for those whose behavior looks suspicious.

Regulators want more. For instance they are concerned that sensitive data doesn’t travel outside the network and if it does, that it is appropriately protected via encryption, but other technologies handle.

Still, more than half of those planning to deploy NAC say they are driven by the need to demonstrate regulatory compliance, and that number is growing, according to Infonetics Research.

Those considering NAC as a compliance tool should evaluate the reporting capabilities of the products they test. Do they keep comprehensive logs of who is granted access to what and whether they adhere to policies? Are these logs readily converted into reports useful to addressing the demands of regulators?

If chosen carefully, NAC can be an important component for answering regulators.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)