NAC fulfills compliance and security needs

Financial sector IT concerns
Customers want simple, fast access to their financial information and the ability to easily conduct transactions. The needs of the customer are offset though by increasingly sophisticated attacks, as well as government and industry regulations that demand tighter security. Network and security administrators in the finance sector have a delicate balance to strike.

Remote workers, branch offices, and a distributed user base combined with a proliferation in the variety of devices capable of accessing the network make the task of protecting data more difficult. Adding to that complexity, the trend of industry consolidation requires that diverse, heterogonous networks be merged securely as well.

Protecting the network with NAC
Financial institutions have a number of regulatory requirements and industry mandates to comply with. Many of them govern how companies in the financial sector must protect their networks and their data.

Some regulations, such as the Sarbanes-Oxley Act, do not specifically address network security controls; however, it does require that financial information is protected by ensuring that there are policies and controls in place to ensure its integrity. Most companies rely heavily on their network and computer resources to generate, transmit, and store such data which brings the realm of network security into play in or

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Architecture Insider Winning the war: Personal information protection Why financials must implement Web application security best practices Identity management for financial firms in turbulent times Identity management for financial firms in turbulent times How to use data loss prevention tools to stop data exfiltration Security questions to ask SaaS vendors when outsourcing services Book chapter: Remote deposit capture risks How to communicate the value of security controls for online transactions How to perform a network device audit Emerging themes in identity access management ID management and access control for financial services Identity management for financial firms in turbulent times Financial services compliance best practices Red Flags Rule compliance Why financials should pay attention to NERC CIP The truth about vendor management Using virtualization for compliance efforts FFIEC releases risk management guidance for remote deposit capture Using an information security council Information security governance using a risk-based approach How I learned to stop worrying and love my compliance department Integrating ethics from top to bottom Partner data privacy: Issuing stricter guidelines

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary corporate governance  (SearchFinancialSecurity.com) subpoena  (SearchFinancialSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

der to achieve compliance.

The NAC acts as the gatekeeper to the network, validating identity, verifying compliance with internal security policies, ensuring that the endpoint device has the prerequisite level of patching and the appropriate antimalware and firewall systems before it will allow the device to connect with the network.

Depending on the product used, and how it is implemented, NAC can enable policy management, authentication, access control, security remediation, as well as providing a compliance and audit trail. Not only can NAC deliver these aspects of network security and regulatory compliance, but it can automate them as well, freeing network personnel for tasks that require cognitive intervention.

Network access control functions
A comprehensive NAC solution that manages both pre- and post-access concerns and addresses security policies, endpoint compliance, and identity authentication and verification can be an effective tool for protecting network resources and sensitive data while also achieving compliance. Below is a description of network security controls and the functions of NAC that address them.

A NAC is not a silver bullet though. There are potential downsides that must be considered as well. NAC is subject to false positives, possibly blocking access to devices that are secure and comply with internal policies. It may also be subject to false negatives, allowing access to compromised or infected systems. One other concern, and perhaps the biggest for companies that place their trust in NAC, is if the NAC itself is compromised by an attacker. Organizations looking at NAC to protect their environment need to be aware of these potential issues and keep them in mind as they explore the available options.

About the author:
Tony Bradley is a CISSP, and a Microsoft MVP. He is a Director with Evangelyze, a Microsoft Gold Certified and Voice Premier Partner focused on unified communications technologies. Tony is also a respected expert and author in the field of information security whose work is translated and read around the world. He contributes regularly to a variety of Web and print publications, and has written or co-written eight books. In addition, Tony is the face of the About.com site for Internet / Network Security, where he writes articles and tips on information security and has almost 40,000 subscribers to his weekly newsletter. Mr. Bradley has consulted with Fortune 500 companies regarding information security architecture, policies and procedures, and his knowledge and skills have helped organizations protect their information and their communications.