Business size and NAC needs

Clarifying issues surrounding this emerging security architecture

As NAC matures, it is becoming clear that the needs of smaller businesses and those of enterprises call for different solutions.

A business with a few sites and relatively few employees can get by with NAC appliances that sit at key crossroads within small networks where they can block access to devices deemed out of compliance with NAC policies.

The same devices would work in large enterprises but would not scale well because of the number of end users and the number of appliances needed to enforce NAC on all users. Managing all those appliances would add complexity and expense that would outweigh their usefulness.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

As NAC matures, it is becoming clear that the needs of smaller businesses and those of enterprises call for different solutions.

A business with a few sites and relatively few employees can get by with NAC appliances that sit at key crossroads within small networks where they can block access to devices deemed out of compliance with NAC policies.

The same devices would work in large enterprises but would not scale well because of the number of end users and the number of appliances needed to enforce NAC on all users. Managing all those appliances would add complexity and expense that would outweigh their usefulness.

So large enterprises need network-based NAC that is a component of other infrastructure, not a separate add-on that performs just one function. This situation gives the makers of network infrastructure a leg up with the largest businesses if they have NAC offerings.

Cisco's NAC comes in many flavors including appliances as well as NAC capabilities that are built into the network infrastructure, the model that fits the largest deployments. With its domination of the enterprise switch and router market, this is not surprising.

Recently Juniper, which has a set of enterprise gear but nowhere near the breadth and penetration of Cisco, announced its new Adaptive Threat Management architecture that builds on its NAC offerings, which it refers to as Unified Access Control.

The architecture calls for security devices to share data they gather via a common server, giving each separate security technology a richer set of data on which to make decisions. It’s no accident that the server in Juniper’s model is its UAC server where data about endpoints is gathered, evaluated and acted upon. That same engine can take in additional data from other sources, sort it and publish it to other devices.

In the Juniper model NAC becomes a component of a larger network security scheme that goes beyond NAC, making it an embedded part of the network infrastructure suited for the largest of businesses.

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.