Information technology officials in Fulton County, Ga., say they believe in empowering their employees — to a point. When they realized they would need to grant systems administrator rights to one-fifth of the county’s 5,000 employees to make certain software programs work properly, they were instantly aware of the security issues they faced.
Having 1,000 employees with administrator privileges would be a security nightmare. Any of them could, against county policy, disable their firewall or virus and spyware protection, or decline new software patches. Any of those actions would threaten not only individual computers but also the entire network, said Robert Taylor, the county’s chief information officer and director of IT.
“We’re very dependent on endpoint protection to keep the network safe,” Taylor said.
The challenge was to guarantee that only healthy and fully protected devices could access the network. So county officials decided to try a new approach to security management called network access control.
NAC requires user names and passwords, but it goes a step further by verifying that a user’s device is compliant with the organization’s information security policies. It checks to see whether a device has properly configured security and system software before it grants access to the network. In addition, NAC often includes automated remediation capabilities for fixing noncompliant machines.
The technology is not a substitute for firewalls, virus protection and other endpoint security measures. Instead, it adds a layer of protection and enforces security policies. It can be especially helpful for an agency that must allow different groups of users to access its networks, including employees from other departments or outside contractors whose devices the agency does not control.
Although promising, NAC technology is far from being a quick and easy solution. Large-scale implementations are rare, and the market is characterized by incompatible products and vendor hype. Prices for products and installation can easily hit six figures. And creating the proper policies to harness the product’s capabilities is among the toughest challenges.
The tipping point for Fulton County officials came when a small breach of policy briefly brought down the entire network. A laptop PC in the Sheriff’s Office, an organization that manages its own computers, became infected with the Welch virus, which then spread to the county’s network.
Digg
De.licio.us
Slashdot
Technorati
