This month we looked at remote access and access control. In one case our products are in a growing category and in the other convergence is slimming the category down considerably. SSL VPNs are a growing product category largely because they are very well-suited to use with remote clients in very large numbers. IPsec is great for point-to-point VPNs. However, it is easier to deploy simple SSL VPNs to large numbers of ever-changing personal computer users, such as road warriors.
Additionally, we saw a trend toward SSL VPNs integrated with easy-to-use web portals. This is adding to the growth of the market because these relatively secure portals also are very easy to setup, customize and deploy.
On the other hand, network access control, or NAC, is morphing and converging as if it is having a tough time finding itself. These products are becoming increasingly feature- rich as they search for points of differentiation in an increasingly competitive market driven by compliance requirements.
There have been those who have predicted the demise of NAC and labeled it a fad. I don’t agree. What I see is more of an identity crisis than a pending death. NAC vendors are looking at what the market really means and as they do they add mountains of functionality. This functionality will, ultimately, morph these products into something different from what they are today.
In some cases, NAC is disappearing into other products that have authentication capabilities, are part of firewalls, wireless systems or other pre-existing product types. This is in keeping with the trend of thinning down the perimeter. Multiple capabilities are combining into multipurpose appliances. The road that NAC is following is no exception.
With SSL VPNs, we are seeing a bit of the same thing as vendors look for additional functionality that they can put on a portal. Certainly access control is important, and it is good if VPN access control is viewed the same way as any network access control is viewed. This is more than simply a way to enter the network. It is a way to route users to those assets and only those assets for which they have rights. Thus, in both product groups, we are seeing cooperation between the devices and such access management tools as Active Directory and RADIUS.
The convergence of NAC and SSL VPN is an interesting thing to contemplate, especially with wireless becoming increasingly common. The notion of pervasive computing is approaching very rapidly and it poses serious challenges. Pervasive computing describes a scenario where a user can gain authorized access to a system or device reliably and securely even if they will only access that target once.
An example of pervasive computing in the extreme is the European practice of buying products from vending machines using only a cell phone and IR beam. The access control and authentication is explicitly in the cell phone and the user’s cell phone account. The purchases are charged to the user’s cell phone bill. Consider using an SSL VPN to access networks using some sort of authentication system tied to something everyone uses, such as the cell phone scheme in Europe and Japan.
Converging NAC, strong authentication and SSL VPN offers a possibility for such universal access.
Of course with pervasive computing comes a whole new set of security challenges. It remains to be seen what types of roles this month’s product groups will play in this evolution.
This month, our reviewers were Mike Stephenson and Justin Peltier. Congratulations to Mike and new wife Dana. For the first time in three years, Mike’s testing was done two weeks ahead of plan. Getting married in Maui provides that sense of urgency, I guess. — Peter Stephenson, technology editor