Is the BYOD craze going to bring a revival of NAC, the policy-based network-access control that was hyped a decade ago but didn't end up widely adopted for endpoint security?
Gartner, for one, is predicting the bring your own device (BYOD) phenomenon, in which employees are being allowed to use their own personal Apple iPads, iPhones, Google Android devices and other mobile-ware for business purposes, will lead to a revival of NAC.
NAC, you may recall, was supposed to be widely used for employee and guest worker computer access to enterprise networks, doing things like checking to make sure antivirus or patch updates were in place before allowing users on. Though a respected technology, NAC just didn't catch on to big effect. This time around though, NAC will be wedded to mobile-device management (MDM) software and the NAC function will be there to ensure MDM requirements are being met before allowing that Android and iPhone device or Windows mobile devices onto the networks -- at least that's the idea.
"NAC has been around for almost 10 years," says Gartner analyst Lawrence Orans, who acknowledges the "first wave" of NAC crested with a fairly modest adoption, mainly by financial institutions and some high-security situations, plus a few universities.
But NAC is getting a second chance to go mainstream because of BYOD, and this time it will gain much more ground as a security approach, Orans predicts. "BYOD is an unstoppable trend," he predicts, with businesses in ever greater numbers allowing employees to carry enterprise data on personal tablets.
It seems the software industry may be willing to bet on it, too. The first integrated NAC/MDM was announced today as Fiberlink, which provides MDM via its cloud-based MaaS360 mobile-device management service, detailed how it's partnering with ForeScout with its agentless CounterAct appliance for NAC.
According to Scott Gordon, ForeScout vice president of worldwide marketing, anyone with the Fiberlink MDM will now be able to exert NAC controls for Apple iOS or Google Android devices with a CounterAct add-on module. And ForeScout in turn will soon be selling what it calls "ForeScout MDM powered by MaaS360" under a licensing arrangement with Fiberlink. ForeScout anticipates similar arrangement with other MDM vendors.
There are a lot of MDM vendors today -- London-based consultancy Ovum estimates there are about 70 MDM vendors of varying types angling for attention.
NAC being forged into MDM offers some advantages, says Orans, in terms of allowing IT managers to set policy-based controls on BYOD tablets and smartphones in the enterprise. In the mobile-device context, NAC might check to see if there's BYOD "containerization" in place, for instance, to make sure personal and business data is cordoned off in some way before granting network access.
Fiberlink and ForeScout say their approach for BYOD allows for a policy to isolate personally owned devices in a limited access zone, where they may access a subset of applications and data.
Employees may find advantages in the NAC/MDM controls, too, said Fiberlink's Neil Florio, vice president of marketing, because it will allow for the enforcement of privacy settings. "Employees have the fear that management will have the ability to see things on their devices they wish they wouldn't," he noted. But an IT organization can set that, determining not to look into personal data on a BYOD tablet.
Orans says the Fiberlink/ForeScout partnership may be the first to meld NAC and MDM but there are going to be several more to follow in the future.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.