In the second part of our series on NAC, let’s look more closely at the way the industry has tried (and, we think, failed) at solving the complexity around NAC. Rather than dealing with the complexities of NAC head-on, many vendors have stirred confusion and conflict, but ultimately, very few viable solutions.
NetworkWorld’s Joel Snyder taps into this frustration in his recent piece on NAC: What Went Wrong. He points out:
NAC’s three components are authentication, end-point security and access control, but vendors tend to deliver NAC products based on their particular strong suits. This means NAC products tend to focus on one of those three components, often ignoring the other two… The broad variation in products is also due to legitimate disagreement on the best way to reach the final goal. The problem with this lack of consensus is that it causes confusion in anyone who is interested in adding NAC capabilities to their network. For example, is authentication important or isn’t it?
At VPN Haus, we believe that endpoint policy enforcement is the most critical NAC function. The reason is, this gives the customer the flexibility to make remote access as easy as possible for the end-user, while still maintaining high security standards. Once the process gets too sticky for end-users, they often start scouring ways around NAC. And ultimately, that’s just as dangerous as forgoing NAC altogether.
What are your thoughts? What’s the most important component of NAC?