Network Access Control: Deploy now or wait?

CIO - Network Access Control (NAC) sounds like something of a panacea: technology that can not only authenticate who is using your company's network, but also ensure that users' methods of access are virus-free and fully comply with your company's security policies. And NAC has been getting a lot of press lately -- proponents tout its ability to keep corporate networks clean and healthy in ways that technologies of the past couldn't.

As technologies like virtual private networks (VPN), personal digital assistants (PDA) and wireless technologies proliferate, the situation at many companies has become untenable.

Enter NAC. Many companies are beginning to see the technology as an answer to the network access problem, especially for guest or contractor access, but also for remote and wireless users.

"If you have a business partner visiting who needs Internet access to do a demo or a contractor temporarily working in your offices, you want to be able to provide them with network access, but without potentially introducing malicious programs they might have running on their systems to the network or giving them access to the entire network," explains Paul Roberts, senior analyst for enterprise security at The 451 Group in New York. "NAC provides a way to ensure that when they connect to your company's network, they are who they say they are, their systems are up to date, and they aren't infected with anything."

But it's far from a perfect technology. It's still maturing, and there are several competing factions and little in the way of industry standards, leading some to wonder if it might make sense to wait.

Every company doesn't need it today, says Joel Snyder, senior partner at Opus One Inc., a consulting firm in Tucson, Ariz. However, you should strongly consider it if you are worried about the authentication of people using your network or about the status of endpoint security on your systems, or if you need stronger, more granular access controls at the user level.

But there are signs that companies are ready to adopt the technology. According to a February 2008 report from The 451 Group, enterprises are now ready to deploy NAC technology because of compliance issues, the need to lock down guest access and the threat of data loss.

"It's definitely maturing," says Andrew Braunberg, research director for enterprise software and security at Current Analysis Inc. in Sterling, Va. "Major players like Cisco and Trusted Computing Group have realized that they have to play nice with Microsoft, so they now have interoperability agreements with Microsoft. That's just one example of how interoperability issues are being worked out. But it will take some more time.