Network access and control tactics have traditionally focused on authenticating users and preventing network security breaches. Now, however, efforts are being made to also mitigate the damage when bad things happen to good data resources. The latest Network Access Control (NAC) solutions provide exacting details of an incident and an unauthorized user's activities, so that safeguards can be put into place to prevent it from happening again.
"There is clearly a corporate ecosystem focus and migration to risk management and away from strictly the practice of security," says Jack Phillips, Co-Founder and Managing Partner at the Institute for Applied Network Security (IANS). The Boston-based research company focuses on the fields of information security, regulatory compliance and I.T. risk management.
There is definitely a strategic shift from authenticating and authorizing users on a network to tracking what those users do and where they go once they are on the network, says Brendan O'Connell, Senior Manager of Product Management for Cisco Systems' NAC division. "There is a need for information on users that is relevant to what they are doing, so we are not just looking at the machine state but the user state as well," O'Connell says.
As a result, members of enterprise I.T. departments now find themselves sharing the burden of network security with members of networking departments. In fact, network security and control are the driving forces behind most enterprise strategies as companies take an increasingly holistic approach to the information-processing ecosystem.
Management + Mitigation
The move from network management to management-and-mitigation will continue. Wired and wireless pipelines are increasingly serving as conduits for all things digital, and even for non-digital applications such as physical security and facilities management. In fact, many physical security vendors have already put a new-school spin on traditional physical security solutions to take advantage of networks and provide remote access capabilities.
For example, the 25-year-old International Electronics, Inc. (IEI) has developed an integrated security management and access control system that can be managed from anywhere there is an Internet connection and access to a standard browser. It is based on the industry-standard Linux operating system and allows users to control and monitor doors and other physical elements, as well as capture real-time video information. The result is that locked doors and windows, as well as plain old people traffic in a hallway, are suddenly a part of the networking infrastructure.
Current research seems to support the notion that threat mitigation is an increasingly important part of overall network management and control. A recent study by Infonetics Research reveals that two of the key drivers for NAC deployment are limiting the impact of security problems and halting threat propagation. The study also points to the need to demonstrate policy and regulatory compliance as big factors in NAC purchase decisions.
Infonetics surveyed executives from 162 medium and large organizations across a wide range of vertical markets, many of whom are on the fence in terms of deploying NAC solutions and tools over the next year or so.
One strategy in satisfying the need for both management and mitigation is to take a distributed intelligence approach and dynamically structure the NAC environment to fit the users and the data they access. This is the strategy behind Juniper Networks Unified Access Control (UAC) products, which allow network administrators to dynamically encode users and data so that access to specific enterprises resources can be restricted to individual groups or business problems and applications.
The UAC system can identify these groups no matter where they are inside or outside an organization, and then track their activities to satisfy compliance and accountability policies.
"Dynamic structuring alleviates a lot of the balancing act problems with network security and ease of use," says Karthik Krishnan, Director of Product Management for Access Solutions at Juniper Networks. "The technology is definitely becoming more intuitive.
"One of the things we can do is provide an unparalleled level of visibility into the network to provide a whole bunch of user information about people and then tie that back to the applications and what they are trying to do."
Of course, all of these intuitive and intelligent methods have to be designed and deployed with the user in mind, which means keeping it as simple and uncomplicated as possible.
"A bank, for example, cannot make it too difficult for customers," says Simon Ford, International Director at NCP Engineering GmbH, a provider of endpoint security and VPN solutions. "If we put in too much security software they will go to another bank. The bottom line is to make it intuitive for the end user and not the security expert."
"The user interface is definitely front-and-center," says Cisco's O'Connell, pointing to the eternal balancing act between creating an effective user experience and securing access and control. "The goal is to make sure the user experience satisfies the business needs as well as provide something that is easy to interpret and understand."
This NAC balancing act may become a bit more difficult, though, as more companies make use of such emerging trends as collaborative computing, social networks and even cloud computing