Let’s come back to our little piece of malware. It can’t get in on his own, meaning it needs to ride along with something or someone. But as this something (e.g. a printer) or someone (e.g. an employee) tries to come into the network, it first comes up against a Network Access Control solution. This means that it runs into a virtual customs that uses pre-defined rules to check whether the user and his device comply with corporate security policies. It can tell who the user is, whether he uses a laptop, PC or tablet and whether he connects to the company network through cable, Wi-Fi or VPN. Users and devices that are cleared can come in, but only to specific network sections. In bullets, this clearance process looks like this:
The great thing is, that this all happens before any connection is made between the device and the network. It’s why this type of Network Access Control (called port-based NAC) is so effective in managing users and devices in and around your company walls. And it gets even better: today’s NAC solutions are often automated too.
NAC solutions don’t scan incoming devices for malware. Instead, they simply decrease the chance of malware and other bad things coming into the network by only giving access to cleared devices and users. The more the device is governed by IT, the more rights its user will have. This means that company owned PCs are allowed to enter special parts of the network where they can access critical business applications, whereas a privately-owned device is quarantined and only gets access to e-mail. So, even if that little piece of malware could make it into the company network, it wouldn’t be able to do much damage as it can’t spread.
This puts you in control without having the extra labour or needing to fix problems- as it’s not very likely they will happen. In other words, Network Access Control relieves a lot of access worry without complexity and hassle. Whether an HR intern is accessing the network from their smartphone, a freelance web designer is connected to the system on their own laptop, or the CFO is doing a deep dive into the company cash flow: correct BYOD and employee versus non-employee access is ensured. Security breaches are minimised and if that piece of malware could somehow find a way to get in, you’d instantly know it travelled through the 3rd-floor IoT printer. Because at the end of that day, it would still be there, feeling powerless and isolated.
Having said that, not all NAC solutions are created equally. And as the point of Network Access Control is to make your life easier, you probably don’t want to start implementing a so-called “solution” only to find it adding an extra layer of burden to your work and stress load. That’s why we’ve broken it down into two main areas you can keep in mind when considering a NAC provider. First, make sure you evaluate a provider on whether they’ve avoided high complexity and ensured user-friendliness. Like we said, NAC isn’t a new idea in IT, but it can be made very complicated, and it shouldn’t be. Next to keep in mind is whether the vendor is operating based on the old proprietary system model, which could lead to a technical or financial lock-in. Lock-ins sabotage agility and keep your organisation from responding quickly to changing internal and external demands. And that’s the point. The security demands that technology is making on your system are the result of the need for a free-flow of people, devices and data, not silos and static solutions.
Ready to dive into the flexibility and freedom of the new style of Network Access Control? Download our free white paper below.