has been devoting a fair number of articles
on the difficulties that Network Access Control has had in gaining traction in the marketplace.
What the Security Wire editors are finding is that NAC is not being deployed
as widely as vendors
Why are organizations so hesitant to use this security technology? It's too complex to deploy easily, too difficult to justify the cost, and too much of a risk to invest in third-party products when Microsoft has embedded something similar within the soon-to-be-released Windows Server 2008, SearchSecurity asserts.
"It's very expensive for some, complicated for others and most IT shops have found other ways to deal with access management," said Bill Brenner, senior news writer, in the January 21 Security Wire Weekly podcast
In the January 23rd edition of the podcast
, Robert Westervelt interviewed Dave Bixler, the chief information security officer for Siemens IT Solutions and Services.
Bixler explained that the company, wishing to control its network access, started looking at NAC as an alternative to the 802.11x network access control standard
, which is complicated to deploy.
NAC didn't really make sense for the company though.
"There's a lot of infrastructure to make NAC work," Bixler noted. It would require some significant changes in the company's architecture.
"They kind of work, but they are not easy to deploy in an enterprise environment. If I have a small office, they are pretty easy to put in, but as I start looking in 11, 12, 15, 30 offices, it becomes a bit more challenging to deploy a really solid usable NAC solution ubiquitously," Bixler said.
Also, for its cost, NAC was hard to justify. Siemens hasn't had a case yet where an employee plugged an infected laptop into the internal network. Nor has anyone snuck into a work facility and tried to log into the internal network with his or her own computer.
If NAC sales have been sluggish, it may be due to the fact that most organizations are waiting to see what Microsoft and Cisco have in store.
Microsoft rolls out Network Access Protection
, a lightweight version of NAC built into Windows Server 2008 and Windows Vista. Cisco will support NAP with its own routers. As a result, organizations may not want to invest in third-party NAC products until they can see what the built-in NAP can do.
"With so many different security priorities, you kind of have to weigh if NAC is the one thing I need to put at the top of my list, or could I put it off for 18 months to see what Microsoft does," Bixler said.
Posted by Joab Jackson on Feb 21, 2008 at 9:39 AM