Transitioning to identity-based networking
Network access control (NAC) is slowly changing and moving in the right direction toward identity-based networking.
Network access control (NAC) has certainly had a boisterous lifetime.
Cisco Systems first coined this term in 2005 when introducing an initiative to ensure that only "healthy" endpoints could access the network. In the intervening years, the NAC concept gained popularity, drove tremendous VC investment, and most recently came crashing down in a micro boom-to-bust cycle.
So what's the future for NAC? Out of the ashes, NAC is slowly changing and moving in the right direction toward identity-based networking. Rather than a myopic security tool, identity-based networking initiatives:
Span the enterprise. NAC was primarily based upon one-off appliances while identity-based networking is built into the entire network. Wired, wireless, and remote users must walk through a security line regardless of where their network journey begins.
Are anchored by policies. Aside from when and where I can gain network access, policies span security, compliance, and quality of service. Identity-based network policies are used for blocking bad stuff and accelerating good stuff.
Manages user and device identity. Identity-based networking marries network access controls to specific users, networks, and devices. In other words, my access privileges may change depending upon whether I'm sitting in my office or logging on from an Internet cafe in Sao Paolo. This helps cover the growing need for user "roles" and audit reports for regulatory compliance and IT governance.
While NAC was limited in scope, identity-based networking is boundless. Once the network gains intelligence on users and devices, it can offer a helping hand inside and outside the enterprise. NAC as a concept may be a bit long in the tooth, but identity-based networking is just beginning.
The irony in all this is that Cisco really nailed this concept with another initiative called directory enabled networking (DEN), back in the 1990s. In the end, it doesn't matter what you call it, identity-based networking will supersede vendor-based initiatives and become mainstream over the next few years.