Network Access Control
The number of endpoints on IT networks is expanding at an ever-increasing rate. User devices have moved beyond the traditional desktop and laptop to include smartphones, tablets, and wearable devices with network connectivity, such as the Apple Watch. The rapid growth seen for mobile devices over the last decade may now have stalled, but the growth seen in that sector will pale in comparison to the explosion in the Internet of Things (IoT) embedded sensors and devices that will happen over the next decade. Forecasts put the number of IoT devices in use by 2025 at 75 billion. This is an increase of approximately 175% on the 27 billion estimated to be in use in 2019.
This substantial increase in endpoints will present a much larger surface area on networks. This will lead to a problem for system administrators who are tasked with ensuring the network is secured against malicious activity by cybercriminals. New methods for protecting networks and only permitting authorised access will be required. Network access control will need to evolve.
Enhanced Network Access Control
It won’t be possible for system administrators to manually configure rules for all the endpoints that will be accessing their networks in future. Indeed many organisations will already be in that position due to the proliferation of mobile devices, and by allowing staff to Bring Your Own Device (BYOD) smartphone or tablet onto the network. Even if BYOD access is provided just to give email access.
Organisations will need to use Enhanced Network Access Control (ENAC) going forward to manage the number of endpoints accessing their network, and to ensure data security. As the name suggests, ENAC solutions build on and enhance traditional network access control systems. They provide the tools and scalability needed to accommodate and secure the proliferation of mobile and IoT devices now and into the future.
An ENAC solution provides tools to cover the following areas. All of them are essential components:
• Authentication controls - a robust and secure way to authenticate requests from endpoint devices needs to be included. This should use existing secure authentication methods that an organisation already has in place. For example, by linking to Active Directory or another LDAP source. It should also be protected by secure certificates to prevent spoofing.
⁃ Guest Access - The authentication system should support minimal access to the Internet etc. for users or devices that don’t require full access to corporate resources on the internal network.
• Network Access Control - Groups based rules should be available to define and allocate access authorisation to resources and services on the network after successful authentication.
⁃ This should apply to all network access methods: WiFi, wired Ethernet, and mobile networks.
• Device discoverability and monitoring - Any devices that try to access the network should be detected, identified, and logged. Identification should be as granular as possible. For example, it should report the device model such as iPhone XS rather than just 'smartphone'. Similarly, the identification of IoT sensor types should be available.
• Endpoint scanning - Any endpoint devices that pass authentication should be scanned for known malware, viruses, or other threats before they are granted network access.
The projected growth of IoT endpoints means that ENAC systems need to be scalable and allow for the seamless management of thousands to millions of endpoints. Many ENAC solutions now provide Cloud-based deployment options that can grow as business needs increase. They also have intuitive workflow API’s and visual management tools that allow for the building of comprehensive onboarding workflows for devices. Cloud-based options and easy to use tools are essential to ensure that ENAC systems are easy to use and manage over time, and thus ensure that endpoint security is maintained. This is especially true for organisations with dispersed operations over multiple physical locations.
Renaissance and Partners are ENAC Experts
When you are looking for an ENAC system, either a new one or to upgrade an existing solution, then Renaissance and our Partners, with their industry leading solutions, are ideally placed to assist. We firmly believe in finding the best solution for every organisation's needs, and we provide ENAC options that will cover all eventualities. Irrespective of where an organisation is on its IT security roadmap, or where they like to deploy solutions across on-premise, cloud, or via hybrid deployments.
Renaissance have solutions which offer a suitable choice depending on requirements and existing IT infrastructure. Some organisations may even benefit from a combination approach that uses more than one solution across their IT estate. We are ready and able to engage with organisations of all sizes to design, deliver, and help implement the ideal ENAC solution for their needs. Contact us today to find out more and start a conversation.