 
Network Access Control Technologies and Symantec Compliance on Contact The Essential Elements of Comprehensive Endpoint Security
Internet Security Threat Report |
 |
Managing NAC implementationsBusinesses interested in implementing NAC should look at the management of the products they are considering.At its best, NAC will address the status of every endpoint that tries to log in to the network, which can be a lot of machines. There's no way any IT executive wants a machine-by-machine implementation of widespread NAC deployment without tools and automation to streamline the task. NAC is rich with possibilities such as combining multiple authentication factors to determine not only if a device gains access but how much access it warrants. These factors can include the security posture of the device, the job category of the user, whether the user is a guest or employee, the type of machine being used (personal PC, company-issued PC, kiosk PC, handheld), time of day - the list goes on and on. For a simple trial implementation, which is all many businesses are attempting right now, the scope of the project may be small enough that management tools are not critical. Or if the final implementation is select enough that few machines are involved, then individual management of endpoints is tolerable. Long-term though, NAC vendors need management that can create policy groups readily, integrated with existing directories to cut the labor involved in setting up these categories. Potential NAC customers need to ask what management tools are available now and what tools are planned down the road, when customers are more likely to be ready for full deployment. The answer in many cases will be that excellent management platforms are planned for later and it then becomes the customer's task to weigh the vendor's track record and concrete evidence that the vendor is actually headed in that direction. It's a tough task and an inexact science, but one that cannot be ignored.
|
