Beating The NAC Standards Bush - InformationWeek
IoT
IoT
Software // Information Management
Commentary
9/16/2008
12:54 PM
Mike Fratto
Mike Fratto
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%
RELATED EVENTS
[Dark Reading Crash Course] Finding & Fixing Application Security Vulnerabilitie
Sep 14, 2017
Hear from a top applications security expert as he discusses key practices for scanning and securi ...Read More>>

Beating The NAC Standards Bush

Halfway through NAC Day at Interop, I moderated a panel populated by representatives from the sponsors. What became clear during and after the panel is that attendees are very concerned about standardizing NAC. Who wants to buy a proprietary product that won't play well with others?

Halfway through NAC Day at Interop, I moderated a panel populated by representatives from the sponsors. What became clear during and after the panel is that attendees are very concerned about standardizing NAC. Who wants to buy a proprietary product that won't play well with others?Populating the panel were Prem Ananthakrishnan, technical marketing engineer at Cisco; Rich Langston, senior manager of product management at Symantec; and Joel Maxwell, global technical support specialist at Sophos. The questions of standards support was raised. In addition to Cisco's Network Access Control partner program and Microsoft's Network Access Protection partner program, the Trusted Computing Group's Trusted Network Connect is the only vendor-neutral standards group that really has any legs.

It's not secret that the IETF Network Endpoint Assessment working group was formed to include Cisco in the NAC standards process. The only documents submitted to the NEA working group are all authored by the TNC. The IETF working group certainly won't rubber-stamp the TCG work, but I expect changes to be minor and Steve Hanna, co-chair of the NEA and TNC working groups, promises to normalize the standards documents from the two bodies.

In our last three NAC surveys, the 2008 NAC Survey is available[registration required], the message from respondents is that they want any standard to come to the fore. Standards make purchasing decisions easier since you're not tied to any one proprietary solution. Rip and replace is easier and integration is possible.

Langston as the de facto appointed TNC representative and Ananthakrishnan for Cisco were cornered after the panel by a few attendees that were expressing their frustration with the number of standards and the confusion and uncertainty multiple standards creates. Langston's point with the TCG is that it was started because a smaller, close-knit group can work faster and more effectively than a larger group like IETF working groups, which, while open, can take years to reach consensus. Ananthakrishnan's point about why Cisco doesn't participate in groups like the TCG is that established standards bodies like the IETF and IEEE, while slow-moving, generally create more stable and long-lived standards, which in turn are better for the IT industry.

Both arguments have merit, but the result is that the lack of a clear set of standard inhibits adoption of new technologies. There is plenty of room to innovate within a standard set of specifications. My vote, for what it is worth, is with the TNC working group. That group has published specifications that are available today to implement, provides a single point of standards which all vendors can adopt, and has the backing of many vendors in a diverse set of security technology markets (at least in name). Also, there should be no fear that the standards will unfairly promote one vendor implementation over another.

Vendors always tell me that they will implement a feature when their customers demand it. Are you listening?

9/17: Edited. I mistakently said Rich Langston said the TCG was closed. I meant close knit. My apologies.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll