Client management and the future of NAC

* Successful endpoint security requires both NAC and client management technologies

For more network managers, security is becoming a must-have feature in many operations products.

The two IT disciplines have been coming together over the years in the areas of security event or information management, network behavior analysis, and now network access control technologies.

NAC involves technologies from many vendors that in one way or another monitor networks for machines attempting to gain access to the network and assessing the patch and security status on those clients. This technology dovetails with client management systems, according to a recent Forrester Research report, that says successful endpoint security requires both NAC and client management technologies.

In its March research report entitled "Client Management 2.0" Forrester says that many security teams in enterprise companies are passing over client security and network access responsibilities to the IT operations groups.

"For example, desktop operations staffers handle not only upgrades to your PC, but also the patching and anti-malware updates that maintain system compliance. Similarly network administrators just as comfortably set firewall access control lists as switch and router ACLs," the report reads. "Consequently, security and access control are becoming part of the overall management of your IT environment."

While NAC technologies promise to secure networks from insecure client machines and also help IT managers keep client systems patched, Forrester doesn't think today's technologies will adequately address IT managers' needs going forward. Some of the issues with NAC are that today many IT organizations deploy NAC as a security framework not directly tied to securing endpoints. NAC is network-focused, Forrester says, but because much of the endpoint security lies with the desktop operations group newer technologies will emerge to enable better endpoint security.

Forrester predicts another technology will grow of out NAC, proactive endpoint risk management, or PERM. While the acronym instantly brings to mind some of my middle school hairstyles, Forrester says PERM would encompass multiple solutions and serve as NAC 2.0 for client systems management and security. The research firm defines PERM as "policy-based software technologies that manage risk by integrating endpoint security, access control, identity and configuration management."

And while like NAC, PERM is not yet fully-baked, Forrester predicts the technology will take enterprise management and security by storm in the next three years.

"Proactive endpoint risk management isn't far off - in fact, the landscape has already started to develop," the report reads. "Forrester predicts that client security suites will be the first to evolve, with Microsoft and Cisco only an acquisition - or two - away."

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.