Head in the Cloud, feet on the ground: the future of NAC

NAC blog 5If we are to believe practically everyone around us, we’re doomed to fail unless we take all of our belongings to the Cloud. There, we can store and analyse data, exchange it with others and build cool apps with the speed of lightning. Of course, there’s a grain of truth in these threats. The Cloud is probably the most interesting invention since frozen yoghurt, as it provides businesses with the agility they need so badly in these modern times. But when we do go to the Cloud, how do we secure our systems and data? Can we still water tighten our network through, for example, compartmenting, or do we need to come up with something completely different? In this article, we’ll tell you about the consequences of a Cloud strategy for your security solution.


IT security as we know it

Now before floating away, let’s get back to basics. Generally, there are two main approaches to IT security. One is through tools like virus scanners that detect wrong-doers, like malware or viruses. With the second approach, IT managers prevent wrong-doers from entering in the first place by controlling access to the network. Such a Network Access Control approach works by checking and clearing who is trying to gain access to your network and on what device. It then enforces a role to that user based on pre-defined policies. Privately-owned devices, company-owned devices, marketing employees, C-suite execs – they all receive access to only those parts of the network they need, thus mitigating security risks. In that way, NAC acts as a virtual customs agent; different users are granted access to different territories. You might have guessed it: we’re huge fans of this second approach. We do recommend topping it off with tools from the first approach, though, so your IT security solution is a combination of proactive and reactive tools.

But here’s the thing...


What happens when you go the Cloud?

A Network Access Control solution manages access to a network, but the Cloud doesn’t have physical networks. In fact, the Cloud is one big network, so you need to approach security differently. Once you’re no longer working on the company network, a NAC solution can’t check who you are and what device you’re working on. Theoretically, you could circumvent this if you maintain a physical network and insist that users be physically connected to the company network before gaining access to Cloud services, but this has quite some impractical consequences. Second, NAC can’t help you secure the connection to many of the most common “online” office apps, like Word online, Google Drive and Dropbox. Big picture, when IT goes 100% Cloud-bound, Network Access Control becomes obsolete.


If that’s true - why are we still talking about NAC then?

The answer to this question is simple: we’re not there yet! Despite the fact that many people say that the Cloud is the standard, most businesses (especially SMEs) still work with physical networks. Cloud adoption isn’t easy and not every business has all the tools and knowledge to make the switch today. Moreover, the tendency in Cloud-adoption is for businesses to take only part of their IT infrastructure cloud-bound and leave the rest on premises. Others go with something called “hybrid Cloud”, where applications are available both on premise and in the Cloud. Either way, it means that even in the (near) future, organisations will still have physical networks to protect, meaning that Network Access Control will still be relevant.

When you think about it, the Cloud is just like the electric car, slowly conquering the automotive industry. But until it becomes the standard, drivers still need gas cars (or hybrid ones) to get from A to B.  Therefore, we believe businesses would do well to protect their pressured physical networks with a grounded solution that reliably minimises risks and damage. Hence, a solid NAC solution.  

Want to know more about Network Access Control and how you can keep it simple? Download our free ebook below!

Learn more about NAC

Hans-Peter Ponten

Subscribe Here!