Starting May 2, 2024, find new blogs on HPE Community. Questions? Contact us

Go to new blog site

HPE Aruba Networking Blogs

Network access control: Keeping you cool in hot times

By Bryan Lechner, Director of Policy, HPE Aruba Networking

The world is getting hotter every year. I personally know people sweating all day long in the US, Southern Europe, and Northern Asia. The air conditioning is consistently failing to cool them down. And let’s agree to the fact that no one wants to work in hot weather; even if we do, we are not 100% efficient. That may be the reason why office spaces are centrally air-conditioned, to maintain the optimum working temperature for employees, and to provide prescribed conditions for servers.

But what does any of this have to do with Network Access Control (NAC)?

Good that you asked. I have an interesting story for you.

The rise of IoT devices and their impact on network security

A couple of years back, I had 98 devices connected to my house network, and that’s just for two of us. (Well, this included a few VM servers, but we still can’t deny the fact that we were outnumbered by IoT devices.) When it hit me, I started cutting down the IoT devices, but I still had 35 devices on my house network: 2 laptops, 2 mobile phones, 2 tablets, watch, tv, refrigerator, voice assistant, thermostat, camera, etc. My HPE Aruba Networking office had even more IoT devices running on the network: printer, TV, meeting room scheduling pad, security cameras, thermostat, etc.

My point is IoT is flooding our networks, both personal and corporate, and we are heavily dependent on these IoT devices to function as usual. Statista claims that there will be 29 billion IoT devices in 2030. The human population would still be 8.5 billion by then (according to the United Nations); that takes the Human: IoT ratio to 1:3.5

Now that we have established that our lives function better because of these IoT, let me share another anecdote. This one is related to an HVAC system. A quick search on Wikipedia yields the definition: “Heating, ventilation, and air conditioning (HVAC) is the use of various technologies to control the temperature, humidity, and purity of the air in an enclosed space.” These are the ventilator tubes running across the facility to keep the facility cool. HVAC is one of the most critical systems on the network because it constantly works to keep you cool when it’s 38C (100F) outside.

Last year, for two of my clients, the HVAC system stopped working out of nowhere. One of the clients was in the middle of summer in the US Southwest, and the other was in December in a Northern State (so they froze rather than boiled). Upon further troubleshooting, the clients found that a random device had hit the network controller, and the HVAC system didn’t know how to work with it, so it started disconnecting from the network until it was power cycled, or the network connection was reset physically. Although the IoT thermostats installed throughout the building were alerting HVAC to turn the AC fan up, the innocent HVAC couldn’t. Soon it was 38C outside and 31C inside (for my first client). The servers were getting closer to thermal shutdowns, and the employees were getting irate, all because a random connection reached part of the network that it shouldn’t have, resulting in a 15-year-old controller on the HVAC shutdown.

The takeaway from this story is, in a next gen world of IoT, you still need a decade-old technology to secure IoT devices in your network: Network Access Control (NAC).

Securing IoT devices with Network Access Control (NAC)

By now you would have imagined that a NAC could have stopped the East-West spread of any malicious activity, resulting in proper functioning of HVAC. A recent report that we did with Ponemon Institute indicated that there has been a significant increase in use of NAC by enterprises for securing IoT devices.

The findings in the report echo my point: enterprises are moving to ZTNA to support hybrid workforce and provide a ‘café-like’ experience where employees can work from anywhere in the office facility or home and be assured that they’ll get the similar digital and security experience. However, the café usually deploys a lot of extra security, they separate all their point-of-sale systems from the rest of the network to maintain PCI-DSS compliance, they have a separate network for cameras and other IoTs to reduce security breach. It’s only the guest users that are treated equally. Similarly, a corporate network separates employees from contractors, the printer and camera from HR database, and all this is done using a NAC! You would not want to send 4K video data on cloud for security check before projecting it on TV in the conference room—you would either cast directly or use HDMI cable to avoid latency and bandwidth issues.

NAC and other security solutions like ZTNA are not mutually exclusive. In fact, both work together, along with other security solutions, to provide secure and seamless access for end users. NAC helps the security team to segment traffic and deploy Zero Trust at the network level, and ZTNA helps the security team to provide secure access to applications remotely, deploying Zero Trust at the application level.

NAC can also help security teams restrict the spread of infected files East-West or laterally and can help you secure IoT and BYOD devices.

That being said, in today’s world you’ll still need a NAC and even simple ACLs for specific use cases that can help you protect from boiling in this hot time. (You know what I mean!)

Learn how our Network Access Control solution can help you secure your IoT devices.