At the Security Standard conference being held here through Sept. 7, the two industry leaders finally delivered on their 2004 promise to build ties between Ciscos NAC (Network Admission Control) security architecture and Microsofts NAP (Network Access Protection) policy enforcement system.
After the two companies detailed a joint road map for product launches and showed off tangible software links already being built into future technologies, including Microsofts next-generation Longhorn server software, conference attendees said they may now be more willing to dive in and begin adopting the tools.
NAC and NAP both aim to help companies find a way to better authenticate devices and users attempting to log onto their IT networks. While the authentication software industry already represents a significant slice of the overall security applications sector, most IT executives concede that they will be investing an even greater proportion of their budgets on such technologies, specifically NAC- and NAP-oriented products, in the coming years.
One of the major issues facing companies hoping to utilize NAC and NAP in their infrastructures has been concern that investing in one of the platforms could make it harder to work with the other, attendees said. Thus, knowing that the two companies have found a way to allow the technologies to co-exist could encourage adoption.
"We dont currently do network control, but we think we will need to do so, and it makes a big difference to see two industry leaders coming together like this," said Wilson Dillaway, an infrastructure planning administrator for Tufts University, in Medford, Mass. "Theres always a big concern in our organization over the issue of putting a large amount of effort into one product before realizing that something else may have worked better, so this is the sort of thing that can help us move forward, as we know we cant wait forever to get something in place."
Tufts, with IT operations that support roughly 10,000 students and professors, has been researching ways to adopt the IEEE 802.1x standard, a key piece of both NAC and NAP technologies. However, most of the technologies utilizing the standard, which aims to help provide authentication for devices attached to LANs, havent proven mature enough for the school to adopt. Cisco already markets a number of NAC-ready products, while Microsoft has yet to deliver NAP in its software.
"There have been a lot of incomplete solutions out there for a long time for 802.1x," Wilson said. "But this sort of work being done by Microsoft and Cisco is encouraging."
Other attendees agreed that having the two IT giants on the same page will make a significant difference in helping them formulate their plans for adopting network access security tools. As part of the interoperability announcement, Cisco and Microsoft said that companies will be able to piece together components from their respective systems in order to tailor the NAC and NAP tools to meet their own needs.
For customers already running technology from both companies, such as Microsofts Windows operating system and Ciscos networking gear—which includes a majority of large enterprises, according to Microsoft and Cisco executives—the integration capabilities could be even more beneficial.
"The work theyre done absolutely will help in our planning moving forward," said James Ballou, CIO for Driscoll Childrens Hospital, in Corpus Christi, Texas. "Being a Microsoft shop, were definitely looking for collaboration with Cisco in adding security products that will protect our networks."
Some attendees cited the need for industry standards, and additional work between such high-profile vendors, as key to their plans to adopt NAC and NAP. Dixon Greenfield, manager of data center operations for Valmont Industries, a manufacturer of utility poles and lighting structures, based in Omaha, Neb., said any investment the midsized company makes must favor products that have been designed to work with other vendors technologies.
"If its not standards-driven, we will have trouble down the road. Were building out with this type of technology in mind, but we dont buy anything that isnt built around standards," Greenfield said. "Its inevitable that we adopt these types of technologies, but they will need to integrate well with everything that weve already got."
Executives from Microsoft and Cisco conceded that it may have taken the two firms longer than they would have originally hoped to pull NAP and NAC closer together, but said the timing of the announcement will fit well into the developing interest in adopting the two security architectures. While interest has been growing rapidly, many customers are only now beginning to seek budgets from their companies to invest in products bearing the advanced authentication tools.
"People have been waiting for us to come out with sufficiently mature products to help them defend the spending they want to do in this area of security, but its happening now," said Mark Ashida, general manager Microsofts Enterprise Networking Servers group, based in Redmond, Wash. "Were not really surprised that up until now complex deployments of these types of technologies have been metered; were still in the early days of these technologies, but we feel the benefits will be too good to ignore in the future."