The uptake of outsourcing and the use of contractors have initiated an increased need for network access control (NAC) solutions. As these solutions evolve to meet the demand, the debate on which offering is best - an open or proprietary solution - rages on.
So says Jack Ward, MD of Demand Data, who describes NAC as a method of bolstering the security of a proprietary network by restricting the availability of network resources to endpoint devices, which comply with a defined security policy.
Ward maintains the uptake of NAC solutions has resulted in the development of a range of proprietary and open, or standards-based, offerings. Regarding open NAC solutions, he believes proponents of proprietary systems will argue there has been little time for a meeting of minds between NAC vendors, and that the technology is still in an embryonic form.
Gaf Khan, business development manager at Cisco, agrees, noting there are a number of free and open source NAC products available. These products have rapidly growing feature sets and appeal to those trying to implement NAC on a low budget.
“These products offer enterprise-class features, such as integration with Active Directory, virtual machine support, and reporting and monitoring,” he explains.
However, argues Khan, “what these products don't offer is the slick user interfaces and advanced support available from a commercial vendor. They also don't offer the wide range of third-party vendor support available from a commercial product.”
Open view
Presenting the argument for open-standards-based NAC solutions is Trusted Network Connect (TNC), a subgroup of the Trusted Computing Group. The non-profit group formed in 2003 to develop, define, and promote open standards for hardware-enabled trusted computing and security technologies across multiple platforms, peripherals and devices.
TNC explains that its open specifications encompass the definition of software interfaces and protocols for communication among endpoint security components and between endpoint hosts and networking elements.
This framework, says the TNC, provides for interoperable solutions from multiple vendors and offers greater choice in selecting the components best suited to meet endpoint integrity and NAC requirements.
According to the TNC, an open standard emphasises the level of interoperability between components and provides interoperability with other technologies and products, ensuring the best-of-breed selections made by the organisation will work seamlessly together.
Adoption of a proprietary solution, on the other hand, can decrease flexibility and increase total cost of ownership, limiting the ability to create heterogeneous environments based on best-of-breed technologies, and ultimately limit selection and choice, states Ward.
Closing arguments
Ward believes the decision of whether to implement an open or proprietary solution boils down to a few key issues.
These include: The real value a given technology, whether proprietary or open, brings to the business; the time, effort and expense needed to integrate, test and deploy a selected solution; and how many user, device and network related security and access control technologies can be seamlessly integrated.
“Deploying NAC is a resource-intensive process that often requires a high degree of user involvement. If NAC is appropriate for your environment, you'd probably be better off carefully selecting the right product, rather than a 'starter' product, and deploying it in a careful, methodical manner,” argues Khan.
“Open NAC solutions based on accepted standards provide organisations with easy deployment, interoperability, high ROI, and choice. They give users the opportunity to select the network infrastructure and software that best meet and adapt to their ever-changing networking needs without fear of constraint or vendor lock-in,” counters Ward.
Related story:
Business meets information security 2.0
Share