Protecting organisational assets has long been a priority for IT leaders. However, safeguarding these assets is becoming increasingly difficult. With attacks growing in sophistication and a distributed, on-demand workforce the new norm, securing a network perimeter that gets blurrier every day is a big challenge.
If we just look at securing network access as a starting point, traditional methods are no longer adequate to meet a mobile workforce, where access is not restricted to a single device or location. This is especially true in education environments where the diversity of endpoint devices and student and teacher access requirements is incredibly high.
Adding further complexity has been the requirement for most education providers to rapidly spin up (and spin down) remote ‘schooling’ capabilities, with students and staff using a wider range of devices to access online learning.
To enable this and gain a complete picture of the network, you obviously need visibility of who’s accessing what, where, when and how. But you also need more than just this basic information to truly assess the risk and vulnerability to your systems of any particular user or device.
This is where Network Access Control (NAC) comes in.
As a mature technology, NAC solutions from a range of vendors will adequately manage the most common network access issues of device and user management across different types of networks. And while these powerful platforms are often the unsung heroes at the forefront of institutional security, controlling an ever-growing list of devices and users – each accessing a vendor mix of wired and wireless networks - has resulted in new requirements for NAC. Examples include improved visibility, granular policy settings, integration with other security tools, plus segmentation and contextual data that demands AI and machine learning technology.
With the right NAC in place, your network could be dynamic enough to adapt to the student or teacher’s requirement based on their location and immediate need, or the context of the information they want to access. For example, students who connect remotely can only access the network and the apps they need while at home, to do the work assigned to them. Smarter authentication means that student’s access could then be elevated or adjusted once they return to school. This type of role- and location-based segmentation will significantly simplify your network operations and dramatically improve both the student and teacher experience and their efficiency.
Machine learning and AI are helping to drive this evolution and will give you the rich insights needed to allow your network to make better, real-time access decisions - but to do this effectively you need to elevate your NAC capabilities to sit apart from the underlying network. As much as we’d like them to be, networks aren’t homogenous environments, so when it comes to NAC you need capabilities that are above, yet deeply connected, to whatever network infrastructure you have. Some might argue that the integration that comes from using NAC made by the same vendor as your underlying network infrastructure is a smart approach - and with some parts of the network that is often the case. But NAC is different.
NAC really needs to be independent of whatever cycle you’re going through in the network, whether that’s network refreshes and updates, network maintenance or rearchitecting your network. The ability to keep security policies and self-service workflows consistent ensures the security and integrity of your network over a long period of time.
With this approach, you don’t have to start again when your network evolves. You keep all your learnings and all your policies which is a powerful capability.
A real-world example
A leading Australian university recently discovered this for themselves. Running Cisco and Juniper as part of their network, the university initially chose ISE from Cisco for their NAC solution. With the initial set-up in place, further optimisation was still required to deliver a workable solution – so after more than 18 months of ongoing analysis and configuration updates they conceded it wasn’t able to do what they needed.
Ultimately the decision was made to change to Aruba’s ClearPass, which in addition to delivering multi-vendor support provided some incredibly powerful platform features that could be more easily customised for the university’s specific networking policy needs.
The amazing outcome of this shift was that ClearPass was sufficiently configured in only a week, meeting the university’s needs with plenty of room for ongoing scaling as required.
A quote from the university’s IT manager sums it up:
“We are a large enterprise client with quite specific needs - and in the current climate, the departmental costs of educational institutions are really under the microscope. ClearPass has helped us to cost-effectively streamline our operations, and with features like ClearPass’s dynamic segmentation it adds confidence that we can better manage our network infrastructure.”
The right solution needs to look at the bigger picture
This is obviously just one example and the right NAC solution will be the one that best meets an institution’s wired and wireless networking and security requirements, not only in the short-term but for years to come.
Ultimately though technology leaders must seek security measures that can respond to changing environments with agility, and a key component is leveraging the right capabilities from the latest advanced technologies. When it comes to NAC, those capabilities might not exist in the tool you’re using, but it’s likely they are available via third party applications. Being able to incorporate those tools quickly and simply is so important and that’s what following a vendor agnostic path for NAC will give you. Flexibility and simplicity.