By Elaine Chen
Today, almost everything is in the network – making network security more crucial than ever. The four-billion dollar industry also makes the security business lucrative to many companies we haven’t thought of as being in the security business. Like Cisco.
As hackers continue to step up their game, IT managers are turning away from patchwork solutions in favor of intelligent network access control (NAC) products – soon predicted to become a $3.9 billion industry.
For large enterprise networks, access control goes far beyond letting the right people in and keeping the wrong ones out. Instead, NAC products must be able to authenticate many different kinds of devices, from PCs to PDAs to printers and beyond; provide those devices with select access to resources based on definable policies; and constantly monitor their activity to ensure they aren’t being hijacked or misused.
Network security threats such as viruses, denial of service attacks and data theft can bring down a company – cutting off its communications, shutting down its stores and putting its customers at risk.
These new pressures are encouraging the development of complete end-to-end solutions for network security, a departure from the past. A mixture of firewalls, password management programs and anti-virus software is no longer sufficient: IT managers now need intelligent networks that can police and heal themselves.
Furthermore, any truly comprehensive solution will have to work with networking equipment, software and clients from many different vendors, creating a truly complex challenge for prospective NAC providers.
For traditional security companies, the new NAC trend means continued vigilance will be essential. As IT managers become more confident that their networks are hacker-proof, they will be more likely to allow users to access confidential data and applications from a variety of different clients - including mobile devices like notebooks, cellphones and PDAs that are easily lost or stolen. Even if enhanced network security means these devices can't easily be used to break into networks, the data downloaded onto each one remains at risk, making it more essential than ever that they remain under lock and key.
That’s exactly the challenge Cisco took on when it announced its Network Application Control initiative in late 2003. Since then, Cisco has released products for two different platforms: an end-to-end NAC solution for networks with predominantly Cisco equipment; and the Network Admission Control Framework, for mixed environments. Currently, it has 1,500 engineers dedicated to developing security solutions, and it’s been the first to roll out viable products.
However, with Infonetics Research estimating global revenue from NAC products will reach $3.9 billion by 2008 – from only $323 million in 2005 – it’s no wonder that Cisco is facing some tough competition. Offerings from Microsoft and industry consortium The Trusted Computing Group are also on the way, leaving IT managers with many choices to make in this important arena.
Microsoft’s Network Access Protection (NAP) platform will be built into its upcoming Windows Vista and Windows Server (Longhorn) products; additional standalone products such as NAP Agent software will also be available.
The Trusted Computing Group’s Trusted Network Connect (TNC) standard is designed to be compatible with both Cisco’s Network Admission Control and Microsoft’s NAP; three new specifications for the standard were released this year. Third-party vendors are also creating a range of products that comply with the various standards.
Hard choices ahead
When it comes to technology standards, having choices isn’t always a good thing. While Cisco and Microsoft had originally pledged to work to make their standards interoperable, products released and announced to date have not actually been so, and the TNC standard is not yet mature enough to truly bridge the gap.
IT administrators and third-party vendors who commit to any of the three standards could potentially lock in their infrastructures and products for years to come; the resulting uncertainty has not done much to encourage sales in the nascent NAC market, where virtually all products are less than two years old.
Industry consensus is that Cisco is so far the furthest along, but its solution’s heavy dependence on Cisco networking hardware limits its viability for those with multivendor networks. Microsoft’s NAP may end up being the lowest-cost solution for those who were planning on upgrading to Windows Vista and Longhorn anyway, but some industry experts believe it will not provide the same levels of protection as Cisco’s solutions, which secure the deepest levels of the network.
The next year will be an important proving ground for NAC, and the three major platforms were a prominent topic of discussion at the Interop networking industry conference in Vegas this spring. As part of the conference, the multi-vendor InteropNet Labs tested products from all three platforms. They found that while NAC has strong potential, it’s not yet ready for adoption.
But with Cisco, Microsoft and a host of other vendors actively pursuing this multibillion-dollar market, that won’t be true for long.