Trusted Computing Group

This week, Network World, a favorite resource for those involved in the trenches of networking issues and security, published a series of articles about NAC, or network access control. One discusses NAC standards and one notes "What Went Wrong with NAC."

Like many technologies over the years, NAC has experienced a great deal of hype accompanied by the usual rush of new companies, product innovations and venture funding. In 2009, Gartner Group analyst Lawrence Orans noted, "NAC functionality is increasingly being embedded in infrastructure and in core security products such as firewalls and endpoint protection platforms, which will help make NAC more affordable and easier to implement and manage," said Mr. Orans. "We currently rate the technology as early mainstream and estimate that it will reach maturity within two to five years." 

Well, we agree with both Mr. Snyder at Network World and with Mr. Orans. Certainly the path to NAC products has been neither short nor particularly easy, but today, there are a lot of good products to choose from and people ARE using NAC successfully.

Trusted Computing Group has created an open NAC architecture that is available free of charge and can be used by any vendor. The first Trusted Network Connect specifications rolled out in 2004, followed by a series of additional specifications. In 2008, TNC added the IF-MAP (Metadata Access Protocol), which provides a powerful publish/subscribe model that allow data from a variety of networking and security devices and applications to be collected and communicated throughout the network.

An open standard like TNC means a variety of network and other products can provide various NAC capabilities and work together in the enterprise. IT is not be limited to a single vendor or proprietary approach.

Today, several dozen products support TNC. These include products from Aruba Networks, Avenda, Extreme Networks, Enterasys, Juniper Networks, HP Microsoft, IBM, Infoblox, Trapeze, Q1 Labs, Lumeta, Trapeze Networks, Tofino and UUNETsystem, among others. TCG announced a certification program and products from Juniper Networks and Fachhochschule Hannover (FHH) have been certified. Others will follow as TCG members go through the program.

So who is using NAC today? Some complain it's not in use. Not true. Organizations using TNC NAC include St. Mary's County Public Schools , Bangchak Petroleum and  St. Monica's College. Others include Cadence Design Systems and the City of Helsinki.

So while NAC certainly did not happen "overnight," it has happened and is helping enterprises secure their networks and data.