Sean Convery

My 2007 predictions are, of course, now open to criticism. I figure I’ll call myself on some things preemptively and then folks can give me some feedback via comments.

1. “NAC as a term will grow out of favor…” As I said last year, some of these are tough to measure but I think at least a B on this one is appropriate. NAC as a term is growing out of favor and/or morphing in meaning. The definition has shifted away from pure endpoint security controls and more towards identity. So even when the NAC term is used, it means something more today than a year ago. As another data-point, take Cisco’s marketing introduction of TrustSec for example. In their white paper describing the proposed solution the word “posture” appears four times, the word “identity” appears 12 times, and the acryonym “NAC?” Zero.
2. “One of today’s NAC vendors will go under…” This one is clearly an A, Caymas shut its doors in the first half of last year.
3. “One of today’s NAC vendors will get acquired by a larger firm…” AV vendor Sophos picked up NAC vendor Endforce in January so this is another clear-cut A grade. I expect more consolidation in 2008.
4. “An open-source 802.1X supplicant will emerge as a viable alternative to commercial and OS-native supplicants…” OpenSEA was announced, has garnered wide industry support, and is set to find its way into multiple commercial offerings (see my previous posts on this topic). My company was a founding member and we’ve seen lots of participation in the group. JANET(UK) is in the midst of testing the client and has a user-base of 18 million. Though the supplicant is not yet GA, I expect that soon. Given all this an A might be appropriate but I think given where customers are with their production Xsupplicant deployments a B is a safer assessment. As an aside, momentum for Xsupplicant going into 2008 is huge.
5. “Wired 802.1X turns the corner from rare occurrence to early-adopter chic…” I don’t have any objective data to draw from yet but I think this is happening now. At my company we’re seeing much more interest in wired 802.1X; with wired you now authenticate everywhere and so role-based access control (RBAC) is completely viable. That said, I expected more production deployments by now so a B seems fair.

Technorati Tags: 802.1X, NAC, security

This entry was posted on Wednesday, January 16th, 2008 at 2:51 pm and is filed under General Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.