Why Is NAC So Complicated?

I remember meeting Praveen Jain, Founder and CEO of WiteSand for the first time. We were introduced by a mutual friend who is an incredible entrepreneur in his own right and also a venture investor. I was running the NorCal Enterprise Sales Team at Juniper Networks and Praveen was coming off his time as a founder of Pensando. Praveen and I bonded immediately over a myriad of topics.  

• If networks are truly North/South now due to cloud adoption, then why aren’t we just treating the campus as an Internet hotspot?   
• If customer campuses are inherently composed of multiple vendors, why isn’t there a consolidated platform to orchestrate it all?
• If we can automate the Data Center, then why can’t we turn the Enterprise network into “code” through automation as well?
• If networking equipment is still working, why can’t customers leverage the cloud for analytics against their existing infrastructure? Why are they forced to forklift?
• If the industry is pushing everything to the cloud, why are the major network access control (NAC) vendors still selling appliances?
• If the industry is pushing for more simplicity, why are NAC solutions so complicated?

As we started to talk deeper about NAC, we mutually agreed that the solutions in the market today are bulky, cumbersome, complicated to operate and, frankly, really old.  As customers are trying to SaaS’ify everything they can, the legacy NAC solutions in the industry today all suffer from these shortcomings:

• Require the installation of on-prem boxes at various locations
• Complicated workflows to deploy and maintain, often requiring a consulting practice
• Inability to control all aspects of segmentation

NAC authenticates users and devices and eventually directs the network switches to enforce the policies. An independent NAC tool may duplicate the work of discovering, maintaining inventory, attracting network flows, and SNMP scanning, while still being limited in what it can enforce in switches. With legacy systems, implementing NAC requires extensive pre-configuration of switches, as well.

NAC should be Intent-Driven

If you think about it, by leveraging an intent-based NAC you don’t need to control all of the various knobs that you’re used to. Rather, with intent you can more easily – and automatically! – segment and isolate users. After all, there really is no need for one laptop to talk to another on the campus network. 

Over the last year as we have been evangelizing our solution and working with various incredible companies through POC trials and development, one key feature was always commented on: The WiteSand Cloud NAC. You’ve heard the expression, “You had me at hello”?   Well, in our early demos and customer meetings we heard, ”You had me at Cloud NAC.” 

Why is that? Why were customers so excited and interested in our Cloud NAC?

NAC should be delivered from the Cloud

It’s critical from an operational side for customers to leverage cloud. This is especially evident when you see the adoption of tools like Office 365 or Google Workspace. If customers are outsourcing critical business functions to the cloud – email, calendaring, file sharing, web conferencing, chat, calling, and more – then one of the last holdouts is NAC. 

Recently, I was talking to one of our esteemed customers and as they moved to production they immediately validated this workflow and its simplicity. No more network downtime due to upgrades; fingerprints can be updated automatically, globally! This customer also pointed out that the agility of a microservices architecture that is API-based means no more waiting for a legacy provider (built on monolithic code) to promise a new critical feature in a future release. Instead, they can get those features in near-time with this type of approach.

It’s all about simplicity. It’s all about collaboration.

We invite you to see a demo of our Cloud NAC. Contact us to set one up today.