In the most current offerings, NAC happens in four phases: assessment, validation, decision and enforcement.
» ASSESS: If IT assets remained static, a host of ills would be eradicated. Dream on. Devices change state constantly during use, so if a NAC product performs only a pre-assessment, as in Nortel's Secure Network Access and StillSecure's SafeAccess, the system can't detect changes on the host and, quite frankly, the value of the product plummets. Access control cannot be fire and forget. Assessments and reassessments, continuous or periodic, are critical (see "Assessment Strategies" left).
Posture assessment updates are triggered using a variety of mechanisms. These can be simple--802.1X re-authentication, a scheduled reassessment or passive monitoring--or complex, like triggering an assessment based on host activity. We surveyed NAC vendors about their reassessment strategies; most claim to continuously reassess hosts (see "Good Posture?" right).
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
