Software // Information Management
Commentary
9/16/2008
12:54 PM
Mike Fratto
Mike Fratto
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Beating The NAC Standards Bush

Halfway through NAC Day at Interop, I moderated a panel populated by representatives from the sponsors. What became clear during and after the panel is that attendees are very concerned about standardizing NAC. Who wants to buy a proprietary product that won't play well with others?

Halfway through NAC Day at Interop, I moderated a panel populated by representatives from the sponsors. What became clear during and after the panel is that attendees are very concerned about standardizing NAC. Who wants to buy a proprietary product that won't play well with others?Populating the panel were Prem Ananthakrishnan, technical marketing engineer at Cisco; Rich Langston, senior manager of product management at Symantec; and Joel Maxwell, global technical support specialist at Sophos. The questions of standards support was raised. In addition to Cisco's Network Access Control partner program and Microsoft's Network Access Protection partner program, the Trusted Computing Group's Trusted Network Connect is the only vendor-neutral standards group that really has any legs.

It's not secret that the IETF Network Endpoint Assessment working group was formed to include Cisco in the NAC standards process. The only documents submitted to the NEA working group are all authored by the TNC. The IETF working group certainly won't rubber-stamp the TCG work, but I expect changes to be minor and Steve Hanna, co-chair of the NEA and TNC working groups, promises to normalize the standards documents from the two bodies.

In our last three NAC surveys, the 2008 NAC Survey is available[registration required], the message from respondents is that they want any standard to come to the fore. Standards make purchasing decisions easier since you're not tied to any one proprietary solution. Rip and replace is easier and integration is possible.

Langston as the de facto appointed TNC representative and Ananthakrishnan for Cisco were cornered after the panel by a few attendees that were expressing their frustration with the number of standards and the confusion and uncertainty multiple standards creates. Langston's point with the TCG is that it was started because a smaller, close-knit group can work faster and more effectively than a larger group like IETF working groups, which, while open, can take years to reach consensus. Ananthakrishnan's point about why Cisco doesn't participate in groups like the TCG is that established standards bodies like the IETF and IEEE, while slow-moving, generally create more stable and long-lived standards, which in turn are better for the IT industry.

Both arguments have merit, but the result is that the lack of a clear set of standard inhibits adoption of new technologies. There is plenty of room to innovate within a standard set of specifications. My vote, for what it is worth, is with the TNC working group. That group has published specifications that are available today to implement, provides a single point of standards which all vendors can adopt, and has the backing of many vendors in a diverse set of security technology markets (at least in name). Also, there should be no fear that the standards will unfairly promote one vendor implementation over another.

Vendors always tell me that they will implement a feature when their customers demand it. Are you listening?

9/17: Edited. I mistakently said Rich Langston said the TCG was closed. I meant close knit. My apologies.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.