What is NAC and why it might find a revival? NAC the policy-based network-access control is a decade old technology which was proposed to manage mobile (as well as desktop) devices then (which was mainly laptops) mainly for endpoint security to control, monitor what is there on those laptops and what can be allowed and not allowed into the corporate network. Would have made huge sense if enterprises allowed employee’s laptop into the corporate network *but* there were not too many who wanted their personal laptops to be used for official work with many legal and liability issues, CIOs didn’t want that to allow either and started giving out corporate owned laptops with tightly integrated software and hardware combo and all was controlled completely by the IT on what goes on that laptop and what doesn’t. It was not uncommon at all for people have two laptops – one was company’s and other was personal.
Fast forward to 2012, now almost everyone has their own device which we call a smart-device (the concept of BYOD) that allows people to mix both personal and official work and makes people smarter (?), very productive and is the dawn of the new work-life culture where your device and your work follows you literally everywhere be it pub, vacation, outing, your golf etc.
So NAC is now making a comeback because of the popularity of BYOD at workplace (88% companies in US and UK are allowing BYOD and more scary, more than 30% devices are not officially allowed but are plying in the corporate network – for complete statistics please refer to my earlier blog here & here) and seems the right technology for this kind of devices. (Full Disclosure: i7 networks products: BYOD-Secure (the BYOD access control tool) and Hawkeye (the BYOD visibility and discovery tool) both are using NAC technology).
If I feel this is the right technology to use to monitor, policy manage, do access control and other security measures for BYODs, I am not alone. This is what Gartner has to say. Gartner, for one, is predicting the bring your own device (BYOD) phenomenon, in which employees are being allowed to use their own personal Apple iPads, iPhones, Google Android devices and other mobile-ware for business purposes, will lead to a revival of NAC.
NAC was supposed to be used to provide computer (be it desktop or laptop) access to corporate networks doing many things like checking whether right updates are there, whether anti-virus has been installed etc. This technology looks ripe now for the usage of controlled access for BYOD. Many MDM are rushing to use NAC to provide complete control of BYODs (Full Disclosure: i7 is taking a different approach of providing agent-less non-intrusive way of detecting and controlling access of BYODs but also uses NAC technology).
We feel agent-less non-intrusive way of detecting all of BYODs that are on the enterprise network becomes very critical considering that fact that one third of devices are unofficially on the network and second read this quote.
Speaking at a roundtable organized by BT at the Infosec 2012 conference, Simon Wise, deputy head of the Ministry of defense (MoD)’s global operations security control center, said: “We have a bring you own device (BYOD) policy and it’s simple: Don’t!” “The key risk is unauthorized devices and the threat they pose to the rest of the network,” he said. The MoD currently has around 750,000 IP devices, he said. “We need to be able to detect if they have been brought into our systems so we only allow authorized devices.”
Detecting these unauthorized devices and allowing (access-control) only authorized devices and to access only authorized data/servers requires next generation technology of “non-intrusive agentless way” of detecting these devices and enforcing the access control (where NAC becomes very handy). NAC will ensure that all corporate requirements (OS level, anti-virus software, anti-malware, right patches etc) are met before they allow BYODs on the enterprise network.
"NAC has been around for almost 10 years," says Gartner analyst Lawrence Orans, who acknowledges the "first wave" of NAC crested with a fairly modest adoption, mainly by financial institutions and some high-security situations, plus a few universities. But NAC is getting a second chance to go mainstream because of BYOD, and this time it will gain much more ground as a security approach, Orans predicts. "BYOD is an unstoppable trend," he predicts, with businesses in ever greater numbers allowing employees to carry enterprise data on personal tablets.
NAC being forged into mobile security tools offers some advantages, says Orans, in terms of allowing IT managers to set policy-based controls on BYOD tablets and smartphones in the enterprise. In the mobile-device context, NAC might check to see if there's BYOD "containerization" in place, for instance, to make sure personal and business data is cordoned off in some way before granting network access.
Seems like, BYOD is surely here to stay and NAC will get a second breather – we @ i7 believe strongly so :-)
Let me end with a nice quote from the VP if IT @ Cisco (March 2012), “BYOD has delivered savings of around 20 per cent; We don’t pay for it [BYOD], and our users are happier.”
Manjunath M Gowda
ceo, i7 Networks
“Got BYOD? Get control”