Future of Network Access Control (NAC) on BYOD Wireless Networks
Network Access Control (NAC) is one of those technologies that we’ve been talking about for 10 years but never seemed to go main stream. It feels like every three years it’s talked about in the trade mags and customers ask about it, then the buzz dies down. Then all of a sudden, it comes back from the dead.
Today, the talk about NAC has come back from the dead once again, but with a little different twist. The market today is different than five years ago. The drivers for NAC and more specifically Mobile Device Access Control are different today than 5 years or so ago…or are they?
To break down NAC in a basic form, it was primarily doing two things:
1) Control the Role of the User - we like to call this Role Based Access Control today. It simply means the network needs to recognize the identity of the user, and only allow them access to the resources that are necessary by applying the appropriate User Role. For example: a campus wireless network with NAC would have a Student, Faculty, and Guest role. Each with the specific set of privileges appropriate for them.
2) Enforce Policies - This is called “integrity checking” or “endpoint compliance”. Does the machine connecting to the network have anti-virus? Does the machine connecting have the latest updates? These are some of the policies controlled by traditional access control.
You may be wondering, Is NAC really necessary? If Role Based Access Control and Policy Enforcement are so important, why didn’t NAC go main stream?
NAC never took off because most companies were accomplishing the major NAC functions with existing tools. Look at the two items above in an all windows world- Directory Services is primarily controlling the user’s role (role based access control). If you owned the devices, you dictated what image gets loaded on the machine including programs, etc. You could use Network Access Protection (NAP) and Group Policies to make sure the machines on the network were updated with the latest firmware and patches (Policy Enforcement). You had a few guest users, but not enough to justify a NAC system.
This is why in the past, the adopters of NAC were primarily Colleges and Universities who had a large number of users who needed to bring their personal laptops to school (you can already see where I’m going here).
So here we are in 2012, hearing about access control again. But today, the two things that drove adoption for NAC in certain markets (primarily EDU), are now going to drive adoption of NAC for everyone. Here’s what drove NAC for specific markets:
1) BYOD - If you don’t own the machines, you need a way to control the device. And bring your own device is not just for colleges and universities anymore. At SecurEdge, we’ve got Banks, Enterprise, Healthcare and even Retail clients now calling because they want to have the ability for employees and guests to bring their own devices. The trend is only going to grow as the adoption of smartphones and tablets increase. Everyone is building large scale wireless networks that allow for BYOD access…..NAC is back.
2) Diversity in operating systems - Not only do you not own and control all of the machines, you also can’t rely only on windows only tools……because it’s not a windows world anymore. We started implementing these large scale wireless networks in 2005-2006. Back then, the machines were all windows machines. We began tracking some campuses with a device profiler- to let us see the operating system and machine type. The shift away from Windows started with the iPhone and blew up when the iPad and Android launched in 2009. Consider the graph below. In 2005, Windows accounted for 98% of the operating systems being used. In 2011, Windows was responsible for only 50% of devices!
This time, NAC is back from the dead, and it’s going to be walking around for a long time. Today’s mobile networks have to have the ability to control behaviors of different platform types. Wireless networks have to be built for secure BYOD access and the way to do that is incorporating NAC for mobile devices.
SecurEdge designs, deploys, and supports large wireless infrastructure incorporating NAC and advanced security features. If we can help, you can contact us here. We also have some free resources on the site we hope you find useful.
Philip is the founder and CEO of SecurEdge Networks. He’s the consummate strategist and frequently writes for the strategy blog. You can follow him at @philipwegner