Beating The NAC Standards Bush - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
Commentary
9/16/2008
12:54 PM
Mike Fratto
Mike Fratto
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Beating The NAC Standards Bush

Halfway through NAC Day at Interop, I moderated a panel populated by representatives from the sponsors. What became clear during and after the panel is that attendees are very concerned about standardizing NAC. Who wants to buy a proprietary product that won't play well with others?

Halfway through NAC Day at Interop, I moderated a panel populated by representatives from the sponsors. What became clear during and after the panel is that attendees are very concerned about standardizing NAC. Who wants to buy a proprietary product that won't play well with others?Populating the panel were Prem Ananthakrishnan, technical marketing engineer at Cisco; Rich Langston, senior manager of product management at Symantec; and Joel Maxwell, global technical support specialist at Sophos. The questions of standards support was raised. In addition to Cisco's Network Access Control partner program and Microsoft's Network Access Protection partner program, the Trusted Computing Group's Trusted Network Connect is the only vendor-neutral standards group that really has any legs.

It's not secret that the IETF Network Endpoint Assessment working group was formed to include Cisco in the NAC standards process. The only documents submitted to the NEA working group are all authored by the TNC. The IETF working group certainly won't rubber-stamp the TCG work, but I expect changes to be minor and Steve Hanna, co-chair of the NEA and TNC working groups, promises to normalize the standards documents from the two bodies.

In our last three NAC surveys, the 2008 NAC Survey is available[registration required], the message from respondents is that they want any standard to come to the fore. Standards make purchasing decisions easier since you're not tied to any one proprietary solution. Rip and replace is easier and integration is possible.

Langston as the de facto appointed TNC representative and Ananthakrishnan for Cisco were cornered after the panel by a few attendees that were expressing their frustration with the number of standards and the confusion and uncertainty multiple standards creates. Langston's point with the TCG is that it was started because a smaller, close-knit group can work faster and more effectively than a larger group like IETF working groups, which, while open, can take years to reach consensus. Ananthakrishnan's point about why Cisco doesn't participate in groups like the TCG is that established standards bodies like the IETF and IEEE, while slow-moving, generally create more stable and long-lived standards, which in turn are better for the IT industry.

Both arguments have merit, but the result is that the lack of a clear set of standard inhibits adoption of new technologies. There is plenty of room to innovate within a standard set of specifications. My vote, for what it is worth, is with the TNC working group. That group has published specifications that are available today to implement, provides a single point of standards which all vendors can adopt, and has the backing of many vendors in a diverse set of security technology markets (at least in name). Also, there should be no fear that the standards will unfairly promote one vendor implementation over another.

Vendors always tell me that they will implement a feature when their customers demand it. Are you listening?

9/17: Edited. I mistakently said Rich Langston said the TCG was closed. I meant close knit. My apologies.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Will AI and Machine Learning Break Cloud Architectures?
Lisa Morgan, Freelance Writer,  6/10/2019
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
Humans' Fascination with Artificial General Intelligence
Guest Commentary, Guest Commentary,  6/6/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll