Cisco's Chief Security Officer Explains NAC Strategy Shift

As chief security officer for Cisco Systems, John Stewart is tasked with securing an enterprise network of more than 60,000 PCs and managing the San Jose, Calif., networking giant's security programs. At the Black Hat security conference in Las Vegas this week, Stewart talked with CRN about recent developments in Cisco's Network Admission Control (NAC) initiative as well as larger issues affecting the security industry.

CRN: Why did Cisco decide to reposition the Clean Access Appliance, now called the NAC Appliance, for enterprise NAC deployments? What does this mean for the industry framework that Cisco envisions becoming a standard for deploying NAC?

STEWART: The framework is progressing as expected. In the past year, we've moved from a purely framework approach to NAC to one that includes the framework and the NAC Appliance. That move has resonated very well with customers who are interested in bridging a multivendor network--or bridging a network that's being upgraded to make it ready for NAC--but would like some usable results immediately.

We've learned that we have enterprise customers who feel the appliance model is what they would like to do philosophically. Instead of placing NAC onto every port or every single network jack, they want to deploy the appliance. We've also learned there are customers looking for immediate, short-term results where they can deploy NAC quickly--and to a degree seamlessly--without changing their network topology.

While customers have bought into the framework vision and want to deploy network security all the way to the port, they're feeling short-term pain. As a result, we've had customers ask Cisco for an interim step they can take as we work toward the NAC framework topology, because it's going to take years for us to roll it out.