Will TNC’s Open Source Standards Help Renew NAC’s Interest?
Trusted Network Connect (TNC), which is the working body of Trusted Computing Group (TCG) today announced extensions to the security architecture with new open source standards for remote access (IF-T), non-TNC enabled endpoints, and Security Assertion Markup Language (SAML) interface. TNC has collaborated with NAC vendors to standardize solutions that work with hybrid network components — NAC switches, appliances, and software agents. The TNC standards could integrate with any device that produces identity and policy information. In essence creating a repository of policy based on identity and behavior of the user which is completely transferable to any system via SAML interfaces. This work is specifically aimed at easing the deployment woes of many organizations that host diverse vendor solutions like Cisco, Microsoft, ProCurve Networking by HP, Juniper, Oracle, Symantec, McAfee, and so on….
We still hear many horror stories of how complex and cumbersome NAC implementations are. To top it off, choosing a vendor solution is never an easy task since there are many that claim to have NAC functionality but have proprietary ways of doing things. These two reasons have hampered the NAC market with failures. In the midst of all this, the interoperability of NAC solutions with other networking components remains an Achilles Heel. Policy creation and enforcement suffer the most due to these obstacles. With this recent announcement, the TNC security architecture includes a number of open source standards that help in policy creation and enforcement protocols that work without heavily updating the network infrastructure. Rather it leverages existing network devices and agents by requiring them to run a TNC code stack that makes the interworking of various security devices easier. Specifically, IF-MAP will help tremendously, given that the NAC market is already fragmented into infrastructure, out-of-band appliance, and software-based solutions.
Do you think TNC's standards are going to be fruitful in NAC's adoption or will it fail to revive NAC interest? If so, let us know what you think.
Have you started or completed a NAC implementation? We’d love to hear your experience on that, too.