Richard Stiennon comments on Amrit's NAC post
I decided to do Rich the favor and list his comments into the center section for everyone to see. I don't agree with Richard on this (that is no secret) but wanted to give his point of view its due. So Amrit has his take, Richard his and I mine. Thats what makes the world go round!
Too bad one can't comment at Enterprise Systems. So I'll comment here instead! You have to admit Amrit lays out his arguments pretty well even though they are tainted by a configuration management perspective. But, you know what? NAC is all about configuration management. The way it is being promulgated (Thank you FireFox for in-line spell checking!)NAC addresses the issue of out-of-policy devices and what to do with them. Security is a side issue although the vendors like to push that aspect. But NAC cannot address security issues beyond the prevention of the spread of a worm or virus- at the expense of loss of productivity.
To me the issue is: After investing all that money in NAC what have you done to counter the threat of a healthy machine being used to attack you?
Yes, configuration management, NAC, and security all overlap. But I would draw the diagram with NAC inside Config Management and both intersecting a small piece of security.
Comments