Traditional network access control (NAC) solutions are incapable of protecting digital assets in a corporate world where cloud, mobile and third-party app sharing technologies dominate the workday. The problem lies in the security architecture of classic NAC, which leverages firewalled networks and infrastructure-based trust policies to defend against cyberthreats.
After all, just because a device is considered "safe" with up-to-date antivirus software and compliant with corporate use policies doesn't mean that hackers haven't compromised that system. And once a hacker finds his or her way onto a corporate network via a "trusted" device, classic NAC tools would allow those unauthorized users to access any digital assets within that "trusted" network. So, with traditional NAC, one of the biggest attack vectors is left wide open for cybercriminals to exploit.
We know that the traditional, infrastructure-based security model of NAC is ineffective and archaic because those kinds of attacks – ones where compromised credentials let hackers in – continue to occur. According to Verizon's annual data breach report, weak or stolen passwords accounted for 1,429 cyberincidents resulting in data disclosure, or 63 percent of all confirmed breaches in 2015.
Forgetting old-school NAC
Instead of using classic NAC solutions, organizations need to adapt their security postures to function in today's IT environments. Infrastructure-based NAC is ineffective against applications that are independent of IT infrastructure, routinely cross borders, and may exist wholly or partially in the cloud. Likewise, today's users are not constrained by perimeters and infrastructure, and they have disconcerting habits like using their own devices and their own cloud-based applications.
"Crypto-segmentation with role-based access controls is next-gen NAC."
In other words, it's time for enterprises to turn their attention away from managing what devices can access a network. If hackers want to get inside networks, they will bypass traditional NAC with a well-placed phishing email.
To effectively defend against data breaches and practice breach containment, organizations must secure applications through cryptographic isolation and limit employee access to only the applications they specifically need to do their jobs. This realignment of access controls around users and applications is the future of NAC, and IT security as whole for that matter.
Accepting the future of IT security
With Certes Networks CryptoFlow solutions, enterprises grant users access to cryptographically protected apps using business-centric policies – they leverage the combined power of crypto-segmentation and role-based access control. This focus on breach containment over prevention ensures that securing the most sensitive assets is easy, even when hackers find their way into corporate IT environments.
Yesterday's NAC solutions fail to provide this more holistic and modern cybersecurity model. In that regard, CryptoFlow offerings are much more than next-generation NAC tools. These cutting-edge solutions put the security focus where it matters: on the apps and people who access them.
For more information of NAC, crypto-segmentation, role-based access control and Certes Networks CryptoFlow solutions, download our latest white paper, "Goodbye NAC, Hello Crypto-Segmentation."