Juniper, however, has great vision and follow-through. Juniper's Simply Connected program, which debuted in October, aims to simplify access anywhere and anytime. New additions extend the company’s management framework into more devices and better access controls. That's great news if you’re a Juniper shop, but does little for you if you aren't.
Juniper’s Simply Connected portfolio allows enterprises to uniformly apply a user or device policy to any device anywhere and at any time. Having a uniform policy lays the foundation of a consistent user experience while letting IT set adequate controls on IT assets or user-owned devices. Juniper is extending its security portfolio down into entry-level products like the SRX 110 appliance, which supports all the unified threat management (UTM) features of its larger SRX brethren but is aimed at small-office locations. Juniper also announced two entry-level access points, the WLA 322 and WLA 321, which support the same access control features as Juniper’s higher-end APs.
Juniper is adding user- and role-based access policies on the wireless access points, the SRX and its AppSecure application firewall. While address-based policies work well in a server environment where hosts are known ahead of time or many users are accessing a common server, controlling user access requires discovering and communicating user and role information to policy decision points so the correct policy is applied wherever a user connects.
AppSecure, which runs on SRX appliances, controls access to Web applications based on user or role. Web applications are sophisticated and modular in nature: While Facebook is a Web application, it also has thousands of other applications that run and interact with the user. AppSecure can control what users can do within Web applications such as Facebook, enterprise Web-based applications, or communications software like Skype and IM.
Juniper is also enhancing its mobile client Junos Pulse with the ability to monitor and control applications on mobile devices such as Apple's iOS and Android. The iOS Pulse client had posture checking and that same capability is on Android. Like its desktop host checking tool, Juniper's SRX, UAC and other equipment can use the posture check to determine access rights. The Pulse client communicates with the SRX appliances, EX switches and wireless access points using Juniper UAC Enforcement Protocol. Junos Pulse uses the same user-based policy management, allowing IT to enforce policies that target groups, rather than taking a one-size-fits-all approach.
Juniper isn’t alone in trying to unify user access policies across devices, access methods and locations. Cisco's TrustSec offers a similar promise to unify security policies and features across its campus, data, remote-office and mobile product lines. Like most programs, these overarching policy management products tend to support a limited set of products.
Standards like the Trusted Computing Group’s Trusted Network Connect, some of which is co-developed in the IETF Network Endpoint Assessment working group, would help foster a broader set of vendor products, if only more vendors would adopt the standard or get involved with the process. If you want unified access policies across numerous vendor products, you're generally out of luck.