This year might see a groundswell regarding the need for identity-based access control of networks, and it’s been a long time coming, said Jon Shalowitz, Applied Identity vice president of products.
“Ten to 15 years ago, technologists stood back and said, ‘There really is a need to throw identity into networks and for them to be identity driven,’” Shalowitz said.
Instead, companies in the network access control (NAC) space have focused on integrity-driven solutions.
“(This means) ensuring that the PC is who they say they are, so you’re identifying, ‘This is John’s PC,’ and then you also make sure that there’s nothing nasty on it, so what is the integrity of that machine or that system coming on the network,” Shalowitz said.
Over time, this approach has become inadequate, and governmental and economic institutions are realizing this.
“We are a data- or bit-driven economy, and if you look at the amount of and the criticality of the information that’s stored electronically, that’s grown exponentially over the last five to 10 years,” Shalowitz said. “The current (approaches to design) in networking infrastructure out there, whether they’re firewalls or whatever network access-control solutions you have, aren’t sufficient to understand who the user is and what the need-to-access privileges are.”
This is where identity-based access control comes into play. Applied Identity sells Identiforce appliance and PolicyCAD policy management software. Unlike NAC solutions, which protect at user workstations, Identiforce protects at servers, controlling access based on the identity of the user who initiates the network traffic.
Essentially, it acts as an identity-aware firewall, kicking in after a NAC device has allowed a user onto the network.
“We assign a cryptographic identity tag to every single IP packet that goes through the network, so it is undeniably provable that this indeed was that user or that identity of that traffic that went to that critical resource or server,” Shalowitz said.
Bottom line: This makes sure the right people get to the right resources, and the wrong people don’t get to them.