- Test Center Tracker: Packeteer sizzles at CIFS; RIA development heats up
- Managing Switches for Policy-Based Networking
- Preview: Globalpex's content certification uniquely verifies physical content in the envelope
- Standards? What Standards?
- Test Center Tracker: Bridging technology and finance
- Preview: Parallels Server beta looks promising
- Test Center Tracker: Greener docs and a six-month itch
- A NAC for policy enforcement: Lockdown Networks, RIP
- Train Signal knows training.
- Test Center Tracker: Sticky sweet Sun storage, plus a hardy Ubuntu beta
March 25, 2008 | Comments: (0)
A NAC for policy enforcement: Lockdown Networks, RIP
About three years ago, I was one of a core group of network engineers sitting at the Interop Hotstage facility working through the details of policy-based networking and the Interop Lab that we were designing to demonstrate it. There were a number of players in the marketplace, and it was clear that the technology was reaching a tipping point. In the intervening years, "NAC" (for Network Access Control) became a classic hyped technology, with dozens of companies creating products for the market, a number of established companies relabeling their existing products, and the confusion of multiple semi-compatible standards efforts.
Last week, yet another sign of the maturing of the market appeared when one of those companies involved in that early Interop demonstration announced that it was ceasing operations. Lockdown Networks is no more.
Although Lockdown Networks is not the first company to depart the market, it is perhaps one of the more widely deployed to do so. In Lockdown's announcement, the company cited "overall economic trends and slower than predicted adoption of Network Access Control (NAC) technology" for its failure to secure additional investment capital. However, its announcement was grist for industry insiders to expand the conversation surrounding the NAC and policy-based product marketplace.
And I think there is validity to their postulations.
If there are any key lessons that we can learn from the past waves of network-related technology, the first two are these:
1. Standards win
2. In-line devices collapse into the infrastructure
Although the marketplace is still far from consolidated, products from a broad range of providers including Cisco and Microsoft (whom we will be reviewing in the not-too-distant future), Enterasys, McAfee, Symantec, and Trend Micro (click the link to see our comparative roundup), and ConSentry (reviewed in February) demonstrate that companies already deeply involved in enterprise infrastructure understand the necessity of policy enforcement to protect that infrastructure from both rampant malware and the ever-present threat of data breaches.
You ignore policy enforcement at your own peril. Ignoring the risk will make you more vulnerable. Trying to implement without design won't work, either.
The focus of your decisions around policy implementation are directly related to the granularity of your policies, the importance of your information infrastructure, and the critical nature of your data. Only you can decide.
Given that, though, focusing on infrastructure-centric solutions to policy enforcement makes the most sense. Whether in your switches, endpoint security agents, or the systems that manage these and other network components, using policy management that integrates with the components that see the traffic and client characteristics makes the most sense, don't you think?
Posted by Stephen Hultquist on March 25, 2008 10:18 AM
RATE THIS ARTICLE:
-
- COMMENTS
For every argument, there is a counter-argument. I would have to agree that in the Internet age, standards have generally prevailed. However the standard of what? And by whom?
Many years ago I worked in telecomm (as it was then called). Countless person-years were expended upon planning, support and implementation for Integrated Services Digital Network (ISDN). Anyone remember that? I do.
ISDN was a beautiful, scalable, non-proprietary telecomm standard. That never caught on. To the point that even telecomm people joked that it stood for I Still Don't Need it.
You mention Microsoft in your article. Microsoft Windows and Office are standards too. De-facto, proprietary standards, but standards nonetheless. Adobe markets the de-facto standards Acrobat and Flash. The fact that Adobe recently submitted the Acrobat format to a standards body doesn't count--that's years after the fact, when the popularity of the tools and format are a done deal.
Let's get back to Internet age arguments. If open standards were everything, Internet static graphics would be dominated by the PNG and SVG formats. Instead those are also-rans, rarely seen in the wild.
It's easy to say that standards are king. The reality is a delicate balance between the responsiveness of the standards bodies, the availability of proprietary solutions, distribution models, costs, customer expectations, and so on.
TOP STORIES
Top 10 stories of the weekA new place to hide rootkits
Sun exec on OpenSolaris, Linux
AT&T: No free iPhone Wi-Fi info
MS to appeal E.U. fine
XP SP3 causes endless reboots
Vista as insecure as Win 2000
Google grilled on human rights
Java ubiquity an edge in RIA battle
The InfoWorld news quiz
ADDITIONAL RESOURCES
- Virtualization: A Step by Step Approach to Success
- Dialing up Agility with Business Transformation
- 5 Things You Need to Know About Storage Virtualization
- Virtual Test Lab Automation: Manage development infrastructure
- Improve Resource Utilization and Lower Operating Costs
- Protect Your Data with SSL
