It's May in the IT industry and that means Interop is only two weeks away. For those not familiar with Interop, it is a huge networking geekfest in Las Vegas where booze, IP jargon and acronyms flow like water.
At this year's shindig, I anticipate a lot of Interop buzz focused on NAC, or Network Access Control. Of course, this is the generic industry acronym and one of many that basically describes the same thing.
Cisco NAC, aka CNAC, stands for Network Admission Control. Microsoft calls its flavor NAP, or Network Access Protection. And the Trusted Computing Group has a similar set of standards that combine to form an NAC framework called TNC, or Trusted Network Connect.
Confused? You are not alone. I speak with IT and security folks all the time, and they can't make heads or tails of this mix of industry rhetoric.
Enter industry analysts--the ones who are supposed to translate all this stuff to make it more palatable but, more often than not, simply throw more dirt into muddy water. In this case, an unnamed analyst shop decided that NAC is doomed to fail. (See my recent blog on the frequent analyst ploy: "Technology X is dead.") The same unnamed analyst then proclaimed that what the industry really needs is PERM, or Pro-active Endpoint Risk Management.
So here's my problem. First and most obvious, do we really need ANOTHER acronym here? I mean, aren't four enough?
Second, there is a whole NAC vision and framework that is extremely flexible and can be used in an assortment of different ways on both clients and networks. In other words, I think that PERM is really another way to describe NAC. We are arguing about subtle differences, so why exactly do we need another way to describe the same thing. As the old show tune goes, "You say potato and I say potato. Let's call the whole thing off."
Finally, NAC is an evolving framework in which lots of the standards and implementation choices have yet to be defined. Now I know that the tech industry moves quickly, but are we really at the point where technologies that haven't even been developed are already dead? I say let's give little guys like Cisco Systems and Microsoft a chance here.
I know I sound like Andy Rooney, but it seems to me that we analysts are too focused on re-naming stuff and not focused enough on clarifying stuff. Rather than creating context and taxonomy, we simply introduce more spin. In the existing world of NAC/CNAC/NAP/TNC, it's hard for me to see how this is at all useful.