KNOCKING-OFF NAC, JUST NOT YET!
By Mohan Krishnamurthy Madwachar
Happiest days of Networking? Desktop wired to a face plate, wired back to the switches and you must be physically present to access the local or corporate network resources. Then came the flexibility of laptops. You can carry it wherever you want. Presentation at a customer place, no issues. Design your presentation, off-you go, attach to the projector at the conference room and deliver a presentation. But back to the office network, you need that magic RJ-45 Ethernet cable to get hooked to the corporate network. One file server, and one print server, and somewhat advanced networks you used to have mail servers.
Then came the wireless networks. Laptops needed a PCMCIA card to make your connection wirelessly. Yet, some control with the network administrators. Introduction of built-in wireless devices, introduction of smart phones, tablets and umpteen other devices resulted in complete loss of control and administrators now with sophisticated designations as ‘Security Administrators’ started feeling the heat.
Network Admission or Access Control (NAC) is all about right people accessing right resources in compliance to the corporate security policies. No more and no less.
You want your employees to be connected 24×7? Mail clients on mobile, fancy mails tags such as ‘Sent from Outlook for Android or Sent from iPhone’? Now you are talking about what to control. How would you restrict an employee downloading a corporate email attachment to the phone and then sending it back to his or her personal email address?
Access to Corporate resources through mobile apps, Web based applications, Time and attendance, Sales and CRM from anywhere, anytime from any device, you are talking about a wide spectrum to monitor and control.
NAC is not the newest of technologies in the block. It has been there for at least two decades. Now why this renewed focus? Wireless infrastructure allowed employees, contractors and guests to access Corporate network. However, you want to restrict Guests to only access Internet and not the Intranet. You may want to allow contractors to Extranet, but not to access your internal file servers. Employees need to access certain resources, but only when they are in certain locations. Access to corporate applications from an Internet Café means a complete clean-up of session after your complete your work or risk of losing corporate data to outsiders. Organization’s decision to BYOD (Bring Your Own Device) may spell doom to CSOs and may mockingly become Bring Your Own Death (BYOD).
Protecting sensitive data, improved productivity, flexibility in BYOD, ease of deployment and ease of management are the factors a CSO to consider before deciding on a NAC solution.
Simple questions to ask yourselves before picking-up a NAC solution:
Can it provide complete visibility? Do I get detailed reporting for compliance? Can it offer context-aware policies based on user role, time, location and the kind of device he or she is accessing the corporate resource from? How much overhead it brings to the administration and management. Can the process of onboarding a user, enrolment and logging be completely automated to bring seamless experience to the users? How can I integrate with existing MDM (Mobile Device Management) solutions?
Now, we can call its NAC 2.0. A rejuvenated NAC. Or NAC reborn! Whatever you may choose to call, don’t knock-off NAC from your IT security budget. Not just yet!
Also read it on: http://www.csoonline.in/articles/knocking-nac-just-not-yet
