What is NAC?
Historically, Network Access Control (NAC) enforced network access policies based on device health and compliance. This often involved 802.1X authentication, RADIUS servers, and posture checks to ensure devices met security requirements before granting access to the network. Classic NAC solutions aimed to prevent non-compliant devices from introducing threats into the corporate LAN. The rise of cloud services and a shift towards Zero Trust principles have driven a significant evolution in network access management.
NAC in Australian tenants today
AU mid-market organisations often find themselves in a hybrid environment, blending on-prem infrastructure with cloud services. Traditional NAC solutions like Cisco ISE and Aruba ClearPass remain relevant for securing on-prem networks. However, many are adopting identity-led approaches, such as Microsoft Entra Global Secure Access, particularly in new deployments. This aligns with the broader move towards Zero Trust and complements strategies to meet OAIC Privacy Act 2024 obligations regarding data security and access controls. Consideration should be given to how NAC solutions integrate with APRA CPS 234’s requirements for ICT risk management.