Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

NAC's Missing Piece

Is it too early in the nac game to start talking about revolution or evolution? The whole of NAC has centered around assessing an endpoint's health and controlling access by granting admission or enforcing quarantine. That's all well and good, but it's not really access control.

The problem with data security today is that access to resources is frequently not well-defined or controlled across a broad range of applications. It's impossible to centrally define a role with all the access controls for all the network applications a user might need because, quite simply, there are no common standards that all vendors--OSs, authentication systems and applications makers--adhere to. Sure, there has been work with SAML, but few systems support it.

Immersion Center


Many NAC products do take into account identity information before making an access decision, but the implementation is often coarse-grained--a host is managed or not, or the user is known. This is still not quite access control. The whole idea of "identity-based network access control" comes down to granting access within applications based on who you are. This is still beyond the purview of NAC as it is defined today. --Mike Fratto, [email protected]