Why use NAC when you have IAM???

debate with Joel Snyder this week how much he fell back on access management as a value of NAC (now defined by just about everybody to be Network Access Control).  Joel has an equation (he claims it is calculus because of the time component but no Joel, it is algebra) that ignores units but defines NAC as access control plus end point configuration plus network behavior.

I was surprised during my

Driver's license and key

Good NAC versus Bad NAC column where I specifically break access control out as a good thing.

I find that most of the irate vendors that have piled on my lonely rail against NAC focus on the fact that I hate using end point state as part of the authorization process.  They realize that that concept, first put forth by Cisco, is flawed from a security standpoint but, because they cobbled a solution together they are pushing it and cannot abide my critique.  Thus, the debate quickly turns to access control which of course is as fundamental to security as firewalls and AV.  You may have seen my

So, alright, the industry is going to re-label the technology.  Fine. I will continue to criticize using end point health for anything tied to user rights management.  

Dave Kearns for those names) With a vendor list like that I have trouble understanding why people are looking at StillSecure, Mirage, Napera, Forescout, Infoexpress, for network access control. (See comparisons )

One of the greatest disservices the analyst community, vendors, and consultants such as Joel have done for the security industry is this attempt to co-opt an entire industry segment.  From questions received during the live debate you could tell that folks think that without NAC they have no way to manage user access to their networks.  Well here are some resources you can use to answer the question: “How do I control access to my network ?”   It’s called Identity and Access Management which includes enterprise single sign-on, provisioning, revocation, etc.   Vendors include Oracle which has rolled up a number of specialist vendors such as Oblix, Phaos, and OctetString.  You may recognize other vendors in this space including Sun, IBM/Tivoli , Courion, Imprivita, Beta Systems, BMC Software, CA, Novell, M-Tech, HP, MaXware, nCipher, Siemens, and Microsoft (thanks to

So if you are responsible for network security within your organization, before you start to evaluate NAC solutions check with your identity and access management team. You might discover that you already have the technology you need in-house.

My Zimbio

Top Stories

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)