You can't secure what you can't see: The case for NAC

Today's workplace is constantly changing; remote working, BYOD and IoT along with collaborative working practices are all part and parcel of business now. While that represents progress for a society and increased productivity for an organisation, it also represents serious security challenges for the IT department. All of these elements give rise to a variety of different people and devices requiring access to an organisation's network from numerous locations. With this, and the EU GDPR coming into force in less than two years, network visibility has never been more important to the IT department.

The latest Gartner research report looking at Network Access Control (NAC) supports this argument for the need for visibility. Indeed, the report claims that improved network visibility is one of the two primary drivers for adopting a NAC solution. So what is it about NAC, a solution that some would say had seen its heyday, that offers such good visibility and is such a good fit for the challenges of today?

Market conditions

First of all, the market conditions for NAC are perfect right now. BYOD has dramatically increased the sheer volume of endpoints trying to access the network and of course, these endpoints represent a range of different types of devices, all with various different operating systems from several manufacturers all deploying their software updates on their own schedules. And of course, the proliferation of IoT means that everything now needs an IP address, printers, scanners, etc, which means even more endpoints connecting to the network. Many of these 'dumb' devices have vast processing power and thus have the ability to real damage if not secured. Meanwhile, remote working means that these devices are also logging in from different locations so the IT department cannot physically see or check anything.

The risks of doing nothing

The hands of businesses are somewhat tied; they don't really have any choice but to implement these policies. By choosing not to introduce BYOD and not to allow remote working, they reduce productivity, being seen as behind the times, and regardless of the official policy, employees will still bring their own devices and log in from home, so the end result extends the business’ own security risk. In this situation, businesses simply have to move with the times and having the ability to see exactly who is accessing what data on what device and from what location, puts IT back in control.

Building essential visibility

NAC solutions offer consistent visibility over all of these endpoints. They can build up a picture of what kind of behaviour is safe and what is not and then use this information, in real-time, to decide whether or not to allow access. This element of the NAC solution is called context-aware security.

For example, the NAC system might not allow a device access to the network because another device belonging to the same person logged-in from a different location minutes before. The technology understands that it is not possible for the same user to be in both of these locations at these times so blocks access to the second request and then to the first request until it has more information.

Cafe culture

Another example is the NAC solution seeing when the user has logged in from an unsecured public Wi-Fi hotspot. Working on laptops from cafes with free Internet access is mainstream now and although users will be aware of policies regarding this, they will simply want to log on to get something done quickly. Or they may simply be logging on the Wi-Fi to access something personal on their device and may not want to access anything from the corporate network.

Depending on the policies set by the IT department, the system will restrict the user's access to areas of the network accordingly. Solutions that allow access on this granular level are key to getting the security balance right in this BYOD age.

Guest access

Another challenge for the IT department comes in the form of guests. No, the IT department isn't getting into the hospitality sector but it does have to permit visitors such as partners coming to collaborate, or contractors, access to the network. The IT department's ability to see the devices trying to access the system is the first step in the IT department being able to block infected devices from accessing the network, whether they come from guest devices or not.

End-to-end visibility

All of the above market conditions, coupled with the fact that we now live in a world where data breaches are reported on a daily basis, makes visibility of who is accessing data from what device and from where more valuable than ever. A NAC solution with one central management console that gives the IT department end-to-end visibility from endpoints to appliances and converged policy management for remote, mobile, and campus access security is exactly what is required. This and the fact that NAC solutions are simpler and less expensive than before is why NAC is a great solution for today's security problems. With a potential fine of up to 4 per cent of its global annual turnover, it's difficult for the IT department to protect an organisation from a data breach without the level of visibility offered by NAC solutions.

Adam Jaques is Senior Director of Corporate Marketing at Pulse Secure