This year, there is real buzz once again and by buzz I dont mean hype lacking substance. This years show features 475 vendors, 100 more than last year, and Interop organizers estimate that there have been 20,000+ attendees, also well up from recent years.
NAC is making news at the show in a big way. Enterprises are waking up to the fact that perimeter security isnt enough. Employees, partners, and customers enter the network from a variety of locations on any number of endpoints. To prevent intrusions and maintain network integrity, end points must be vetted as stringently as users. Well, more so, since user authentication is only now moving beyond single-factor.
Simply put, the goal of NAC is to put IT back in charge of the network. Users and their devices are checked for identity and system health, and rights can be determined beyond the simple all-in or all-out methods of the past. Access to network assets can be based on roles, location, and context.
Even though NAC makes sense and provides an obvious security benefit, many potential customers have adopted a wait-and-see attitude. Interoperability, or the lack thereof, has kept IT decision makers on the sidelines, with various vendors slicing and dicing NAC differently. With few of the major vendors playing well together, customers rightly feared vendor lock-in.
The big NAC news is that Microsoft and the Trusted Computing Group (TCG) have reached an interoperability agreement. The two announced that they will work together on NAC interoperability. Microsofts NAP (network access protocol) will be supported by TCGs Trusted Network Connect (TNC) architecture.
For IT, this means that two of the three major NAC players will work together, with only Cisco remaining a question mark. While this news is only a single step forward along the path to standards and interoperability, its still a big step.
Should Vendors or Customers Drive Interoperability?
Identity Engines Identity Engines, a NAC startup, believes that the push toward vendor-initiated interoperability is important, but even if the major vendors drag their feet, other solutions can fill the void.
Along with five other networking and security vendors (Extreme Networks, Infoblox, Symantec, TippingPoint, and Trapeze Networks) and the UKERNA (United Kingdom Education and Research Networking Association), Identity Engines has formed the OpenSEA Alliance. The open-source group intends to tackle NAC from the client side, with an open-source 802.1X supplicant (the piece of software that communicates with an authentication server).