Next-generation network access control
© Quocirca 2013 - 2 -
generation network access control
Advancing governance, risk and compliance controls in the frenetic enterprise
Next-generation network access control (NG-NAC) systems enable organisations to not just know who and what is on their network, but also to put in place the role and device-based policy controls. The aim is to ensure devices are compliant before full or limited network access is granted by fixing configuration and security issues and then, once access is granted, maintain control and prevent on-going policy violation.
IT governance, risk and compliance controls challenge all organisations
There are numerous requirements of any organisation with regard to meeting its governance, risk and compliance (GRC) obligations. These are necessary to meet internal and external business expectations as well as those legally imposed by industry or government regulators. To this end the IT function has to map management and security tools against varying control specifications. Maintaining these IT controls presents one of the biggest challenges when it comes to satisfying GRC objectives.
Diversity in the way IT resources are accessed exacerbates the problem
The growing use of mobile devices, the trend to bring-your-own-device (BYOD), broad availability of network-based resources, the growing use of wireless networking, cloud-based services and end-point proliferation through increased virtualisation all add complexity to the task of making sure IT systems are capable of meeting GRC control requirements.
NG-NAC enables IT-GRC controls and increases competitiveness
NG-NAC can enable network visibility and granular policies around all users, devices, configurations and applications. NG-NAC can ensure any IP-enabled endpoint is in compliance before access is granted and to take remedial action if it is not. The broad capabilities of NG-NAC systems enable a level of visibility and reporting that many organisations have found hard to achieve before and are providing those that have deployed them with a competitive edge.
Deployment must be sensitive to the requirements of the business and users
Whilst it is in the interests of a business to ensure the use of its IT resources is in line with GRC controls it is also necessary to make sure that the restrictions put in place do not overly limit users from doing their jobs and the business from achieving its goals. To this end NAC deployments need be staged, with policies being tested and adjusted according to business requirements as well as user, device and data access risks. Policy flexibility and manageability are critical since policies will change over time as both business requirements and technology evolves.
NG-NAC delivers IT resource optimisation
NG-NAC systems interface with network infrastructure and security systems. Through such interoperability real-time operational and compliance details can be provided to IT managers. Furthermore, details can be provided to other systems such as security information and event management (SIEM) and mobile device management (MDM) tools. Conversely, these external reporting and alerting systems can send instructions to NG-NAC tools to request the mitigation or remediation of certain issues.
NG-NAC satisfies GRC requirements across different industries
The financial services sector is highly regulated and likely to become more so. For the organisations reviewed in this report, NAC ensures IT managers know about everything on their network and that traders are working on compliant systems. The healthcare industry is also heavily regulated and, beyond traditional endpoints, medical devices also need managing. In the creative services industry there is a need to secure both employee and visitor use of unmanaged PCs, tablets and smartphones whilst maintaining a good user experience.
The three case studies presented in this report show how NG-NAC has been effectively deployed to satisfy various industry requirements to improve not only GRC controls, but also operational efficiency and competitive advantage. They have used NG-NAC (in this case Fo
to support a range of IT applications, optimised the use of IT resources and created a more secure work environment for all users, be they employees or guests.