Network Access Control (NAC): Securing Networks by Device

https://www.okta.com/resources/access-management-leader-gartner-magic-quadrant-2021-id101/

Who should gain access to your network? What devices do you allow, and when should you worry about intruders? Answer these questions with a network access control (NAC) program.

Network access involves more than setting policy. Software can deploy the rules you create. Those tools can also help you fix hidden problems (such as unguarded routers). And you can craft reports to prove that you’re doing all you can to keep your servers safe.

NAC capabilities

Plenty of organisations compete in the NAC space. In 2014, experts said the market was worth about $551 million. Every product is different, but they may share core functions.

Most NAC software solutions can:

  • Integrate. Your NAC should notch into your software solution set without a great deal of additional programming.
  • Address. Incident response modules should address urgent risks even if you're not there to manage the problem.
  • Monitor. Security checks, run at both the user and the system level, ensure that all is functioning properly.
  • Manage. The system should tackle both known users and guests regardless of the device or operating system they use.

While NAC solutions are powerful, they should be somewhat self-automated. You program the system with your rules and regulations, and you allow it to do the work while reporting to you.

How does NAC work?

Gartner defines NAC solutions as those that can control access by both devices and users. Administrators set policies, but the software does the work. Companies tackle these tasks in different ways.

An NAC provider makes decisions about:

  • Inspection. Should the software look over users before they’re allowed on the network? Or should the software watch how people behave on the network and take them off as needed?
  • Automation. Does the software include scanning capabilities? Or will it integrate within existing systems to watch how traffic behaves?
  • Reporting. Does the software reuse existing infrastructure, or does it include everything required to handle traffic and keep users informed?

Some NAC systems are standalone products that you can turn on, program, and let loose. Others require integration, as they only work when they can tap into the structures and systems you’ve already set up.

Pros and cons to both options exist. For example, if you run a small company with outdated protocols, you likely want to start fresh with new software that can work independently. But if you’ve already spent a significant portion of your budget on software you like, merging makes sense.

Who uses NAC?

Any company that has users could benefit from NAC software. With these tools, you can let the right people in and keep the bad actors out.

But some industries lean heavily on NAC solutions. They include companies that have:

  • Remote workers. About a quarter of all Americans are projected to work from home this year. Many use their own devices in addition to company versions. NAC reduces management complexity allowing for this functionality.
  • Steep regulatory environments. Lax access control allows bad actors in. Some businesses, including those in the banking sector, face steep fines if they allow this to happen. You may need NAC to prove compliance.
  • Internet of things (IoT) devices. Connected devices (including healthcare accessories like blood pressure monitors and glucometers) need almost constant access to servers. Managing that access is easier with a NAC.
  • Small staff size. Without NAC solutions, companies must manage every request manually. If you have few employees, the work can be overwhelming.

Find the right NAC vendor

Plenty of reputable, talented companies want to work with you on NAC software solutions.

  • Which company should you choose? Think about these issues as you shop:
  • Support: How much help will you need to set up your software and keep it running? Do you want someone to come to your worksite and help, or would you prefer mobile assistance?
  • Integration: Will this tool work nicely with your current software solutions? Will it work for the options you might add on in the future?
  • Compliance: Will the tool provide the reports you need for your regulatory environment? Will it check off all the boxes you need to prove you take compliance seriously?

Still have questions about access control and why it's so important? Check out our blog post.

References

Network Access Control Market Size. (February 2016). Grand View Research.

Network Access Control (NAC). Gartner.

1 in 4 Americans Will Be Working Remotely in 2021, Upwork Survey Reveals. (February 2021). CNBC.

Connected Medical Devices, Apps: Are They Leading the IoT Revolution or Vice Versa? (June 2014). Wired.