Transitioning to identity-based networking

Network access control (NAC) has certainly had a boisterous lifetime.

Cisco Systems first coined this term in 2005 when introducing an initiative to ensure that only "healthy" endpoints could access the network. In the intervening years, the NAC concept gained popularity, drove tremendous VC investment, and most recently came crashing down in a micro boom-to-bust cycle.

So what's the future for NAC? Out of the ashes, NAC is slowly changing and moving in the right direction toward identity-based networking. Rather than a myopic security tool, identity-based networking initiatives:

• Span the enterprise. NAC was primarily based upon one-off appliances while identity-based networking is built into the entire network. Wired, wireless, and remote users must walk through a security line regardless of where their network journey begins.

• Are anchored by policies. Aside from when and where I can gain network access, policies span security, compliance, and quality of service. Identity-based network policies are used for blocking bad stuff and accelerating good stuff.

• Manages user and device identity. Identity-based networking marries network access controls to specific users, networks, and devices. In other words, my access privileges may change depending upon whether I'm sitting in my office or logging on from an Internet cafe in Sao Paolo. This helps cover the growing need for user "roles" and audit reports for regulatory compliance and IT governance.

While NAC was limited in scope, identity-based networking is boundless. Once the network gains intelligence on users and devices, it can offer a helping hand inside and outside the enterprise. NAC as a concept may be a bit long in the tooth, but identity-based networking is just beginning.

The irony in all this is that Cisco really nailed this concept with another initiative called directory enabled networking (DEN), back in the 1990s. In the end, it doesn't matter what you call it, identity-based networking will supersede vendor-based initiatives and become mainstream over the next few years.

Jon Oltsik is a senior analyst at the Enterprise Strategy Group.

[hoplite3]

NAC is a great piece of the identity puzzle. What companies need to be mindful of is holistic identity management that incorporates workflows, transaction verification, identity lifecycle and policy management that spans multiple systems (DB, NAC, Application, physical access, etc) for both internal and external identities.

The pain I see companies suffer is that specific technologies are deployed by various IT functions to solve tactical problems or initiatives which in turn creates a hegemony of solutions. These solutions then compete for existence as they expand their reach. The investments into these tactical solutions are often too great to overcome and thus grind most companies to a halt.

For most companies, there's hope. The investments can be salvaged (albeit with some lower ROI than originally forcasted) and bigger, better solutions can come into play. The key to all of this is standards and DEN was a great foundation to build from.

[benjaminstraight]

Cool