A single standard for NAC?
As Mitchell mentions in his blog, we are up in NY for the Interop show. I have attended a few Interop shows now and am increasingly heartened at the expanded role security plays at Interop. I used to think of Interop as just a network show as opposed to an RSA or InfoSec show. Not anymore, security is top of mind here. Anyway, as Mitchell wrote about, Dave Greenstein, our chief architect appeared on a NAC expert panel chaired by Joel Snyder and with other NAC "experts" from Microsoft, Cisco, Juniper and TNC (OK the TNC guy is Steve Hanna who is actually from Juniper, giving Juniper two guys on the panel, but I digress). It was billed as a panel of experts who have really worked on NAC with customers and a no spin look at what the market says. The fact that Juniper's official rep was a technical marketing manager spoke volumes about what they were there for. The Cisco guy, Thomas Howard, was a bona fide engineer and had been through it on NAC for sure. Dave Greenstein has been involved in many of our customer implementations as well as working with many of our OEM partners in designing their solutions, so was highly qualified for this panel, though frankly Dave is the last person in the world you would call a spinmiester.
The good part came at the end of the discussion when a fellow on behalf of Deutsche Bank asked some questions about where each group was going and how to pick the winner among competing standards. So of course, yours truly (who as you know, doesn't mind stirring it up) then followed on with a question about when are we going to stop dicking around and align around a single standard of NAC that we can all inter-operate with. Joel Snyder followed it up by saying, all three standards (NAC, NAP,TNC) are all so close to each other, how hard would it be. With Microsoft and Cisco showing how they work together and Microsoft (a TCG member) already saying they would support TCG/TNC, it only remains for Cisco and TNC to work together. I asked the Cisco rep, when would they make their NAC compatible with TNC. The answer was basically a cold day, you know where. Instead Cisco says they only work with real standard bodies (I guess implying TCG is either not real or not a standards body), and are working with the IETF. I will tell you that I am not as familiar with IETF, however everything I hear is that they move as quickly as continental drift. I don't want to wait until the next geologic epoch to see a unified NAC standard and you shouldn't either. The only way we will see a unified standard is if the market demands one. That is what drove the Cisco-Microsoft colloboration and is what can bring the TCG-NAC standard. They are very close from a tech standpoint, lets make it happen. Cisco's refusal to play nice with the TCG is just proof that as John Chambers alluded to in his RSA keynote speech, Cisco NAC is just a way of locking you into a Cisco only network. We all deserve better.
Comments