From Network World
For all the lovely talk about access control emanating from so-called NAC vendors who must have invoked Merlin to magically transform the unworkable Network Admission Control into Network Access Control, there is still one huge problem with access controls. Most enterprises really have no idea who should have access to what resources. The granularity of access control needed to secure the enterprise is beyond the ken of most IT guys. Let’s face it, knowing what applications, networks, and data sets any one of say 10,000 people should have access to is not a simple problem.
Camelot attempted to address the failings of most identity and access management (IAM) systems by building in a learning component. What happened to Camelot? I wish I knew. For some reason the IT press is great at recording the history of startups as long as they have an active PR program. As soon as vendors start to die the historical record seems to get wiped clean. I would guess that part of the problem was that they were too far ahead of their time. Another issue was they relied on host agents to do the learning and enforcement, a company killer if there ever was one.
Now, in what appears to me to be the second coming, a new vendor is born from the knights of Cisco. Five top networking guys have apparently recognized that the marketing department at Cisco is not really that good at inventing security solutions (admission control) but that there truly is a need for automated tools to discover and enforce access control policies in the enterprise. The company, Rohati, came out of stealth mode in time for the Gartner IT Security Summit last week in DC. They are calling their technology Network-Based Entitlement Control or NBEC. No agents, automated discovery, policy management. I love it. This could work.
I hope the ever flexible NAC vendors get out of the end point health check business. Then we could have an industry that is all pulling in the same direction: towards better policy management, more granular authorization, and ultimately, better security.
Camelot attempted to address the failings of most identity and access management (IAM) systems by building in a learning component. What happened to Camelot? I wish I knew. For some reason the IT press is great at recording the history of startups as long as they have an active PR program. As soon as vendors start to die the historical record seems to get wiped clean. I would guess that part of the problem was that they were too far ahead of their time. Another issue was they relied on host agents to do the learning and enforcement, a company killer if there ever was one.
Now, in what appears to me to be the second coming, a new vendor is born from the knights of Cisco. Five top networking guys have apparently recognized that the marketing department at Cisco is not really that good at inventing security solutions (admission control) but that there truly is a need for automated tools to discover and enforce access control policies in the enterprise. The company, Rohati, came out of stealth mode in time for the Gartner IT Security Summit last week in DC. They are calling their technology Network-Based Entitlement Control or NBEC. No agents, automated discovery, policy management. I love it. This could work.
I hope the ever flexible NAC vendors get out of the end point health check business. Then we could have an industry that is all pulling in the same direction: towards better policy management, more granular authorization, and ultimately, better security.
No comments:
Post a Comment