Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Rollout: Applied Identity's Identiforce

The Upshot

Claim
Unlike conventional NAC solutions, which focus on the host and initial network access, Applied Identity's Identiforce integrates directly with an organization's directory service to authenticate users and apply their individual profiles to control access to network resources.
Context
IT groups use a combination of NAC, network segmentation and firewalls to allow the right users to get to corporate network resources. The services running on those servers must then decide the identity of the user accessing it, sometimes requiring additional authentication.
Credibility
Applied Identity lives up to its name--it applies a user's identity to all network traffic. Policies are easily created with the PolicyCAD tool, and configuration of the appliance is familiar to anyone with Cisco IOS experience. The user experience was the same whether authentication was through the Microsoft interface, standalone client or Web portal. All policies worked as designed.


Applied Identity's Identiforce

Monitoring network access is not enough to satisfy a slew of regulatory, legislative and self-imposed compliance demands. CIOs are pressuring IT to implement technological solutions that control and audit specific end users' access to certain data. Applied Identity's Identiforce appliance uses an organization's LDAP-based directory to grant that access.

Applied Identity stepped into the emerging IBAC (identity-based access control) market in early 2006, with the release of its Identiforce appliance and PolicyCAD policy management software. Unlike NAC (network access control) products, which sit directly in front of user workstations, Identiforce sits in front of servers and controls access based on the identity of the user who initiates the network traffic. Essentially, it acts as an identity-aware firewall.




Identity-Based Access Control


Click to enlarge in another window

Identiforce focuses on identifying users and applying that identity to network traffic. It kicks in after a NAC device has allowed a user onto the network. Therefore, a separate NAC device is still necessary to manage the endpoint compliance and health checks, as well as initial authentication and authorization.

  • 1