Network Access Control: Still Hard to Deploy, Users Say
Five years after it burst on the scene as a response to the Blaster and Sasser worms, network access control has yet to make significant inroads into corporate networks. In fact, during a NAC session at RSA, only a handful of the 250 attendees said they had fully deployed NAC, while the vast majority said they were still in the planning stages.
Wed, April 22, 2009
Network World
—
Five years after it burst on the scene as a response to the Blaster and Sasser worms, network access control has yet to make significant inroads into corporate networks. In fact, during a NAC session at RSA, only a handful of the 250 attendees said they had fully deployed NAC, while the vast majority said they were still in the planning stages.
Gartner analyst Lawrence Orans, who moderated the panel discussion featuring the Big 3 of NAC (Cisco, Microsoft and Trust Computing Group (TCG), noted that this was the fourth year of the NAC session. Yet, adoption remains disappointing and the same old obstacles have yet to be cleared away.
Primary among them is the fact, acknowledged by Cisco representative Russell Rice and Microsoft's Khaja Ahmed, that NAC is still too hard to implement. "Putting together a solution is more difficult than it should be," Rice conceded.
Ahmed agreed with that assessment. "Current solutions demand a little too much of IT organizations. We need to make it easier to deploy." He pointed out that by its very nature, NAC straddles server, network and desktop silos within IT, which makes it tricky from both a technology and an organizational perspective.
Audience members, when asked which obstacles were the most daunting, said that political and operations concerns were high on the list, as was money.
Orans pointed out that while Cisco and Microsoft have pledged to make their products work together, making that happen in an enterprise network with the current crop of vendor tools is no small feat. And the conflicting schemes and definitions used by the various players doesn't help either.
Another issue that came up was standardization and certification. The Wi-Fi Alliance was cited as an example of a group that certified specific products and is credited with driving the growth of wireless networking.
Currently, there is no group that certifies NAC products, although Juniper's Steve Hanna, representing TCG, said a certification program is on the drawing board.
Until some of those obstacles are overcome, customers will continue to use NAC simply for guest access, or they will roll out a limited NAC deployment but only turn on monitoring and not policy enforcement.
Still, Orans said interest in NAC is strong. And session attendees confirmed that they are looking at NAC not simply for guest access, but for endpoint security checking and for policy enforcement.
"Nobody doesn't want it," Orans said. He added that the demise of a number of smaller NAC start-ups doesn't signal a fundamental lack of a NAC market; it was simply the natural thinning of the herd that takes place in any emerging market.
So, five years might seem like a long time for a technology to remain in the kicking-the-tires phase, but Rice insists that NAC is "still an emerging technology" that has the potential to take off, once those obstacles are swept away.
