Microsoft's new plan to launch a network security product could help enterprises by spurring more market competition, but experts say Microsoft risks doing more harm than good if its strategy develops into yet another proprietary approach to network security.
Microsoft's planned Network Access Protection (NAP) technology, announced yesterday, checks the health of devices logging onto the network, and will be part of the Windows Server 2003 R2 release scheduled for 2005.
With NAP, network administrators will be able to set policies that define the basic requirements that must be met before a user can access the network. If that user does not have up-to-date antivirus or firewall software, for example, then the user can be quarantined or restricted automatically.
"Our customers wanted to have the ability to inspect clients for policy before they come back on the network," said Steve Anderson, Microsoft's director of marketing for Window's Server division.
Along with the strategic announcement, Microsoft said it is partnering with many of the major second-tier networking vendors on NAP, including Juniper Networks Inc., Extreme Networks Inc. and Enterasys.
For Juniper, working with Microsoft provided an obvious benefit.
"We are now interoperable with the company that owns the desktop and the back-end infrastructure, and we can provide a safe end-to-end connection from the client to the network to the server," said Rod Mercheson, senior director of product management for the security product group at Juniper.
However, one conspicuous name missing from Microsoft's partner list is that of market leader Cisco.
"This is a direct challenge to what Cisco is doing" with its NAC strategy, said Dave Passmore, research director at Burton Group, a Midvale, Utah-based research firm.
Nonetheless, Passmore said, when it comes to network security, Cisco holds a huge advantage over Microsoft and the software giant's cadre of vendors, thanks to its vast installed base. Cisco currently claims as much as 80% of the installed based of enterprise networking gear, depending on the market. Passmore said Microsoft, in essence, is validating Cisco's approach by following in its footsteps with a similar strategy.
But when it comes to interoperability, the two vendors have yet to see eye to eye. Cisco's NAC technology is specific to its own networking gear and is not meant to operate on third-party products. Microsoft's NAP will work with all of its partners' gear, but not with Cisco's. However, Microsoft is optimistic that the two dominant vendors can find common ground.
"We are in deep discussions with Cisco," said Anderson. "We are just not in a place where we could announce [a partnership] with them today," he said.
Representatives for Cisco did not return calls requesting comment.
So, without a common framework to unite the two vendors' approaches, enterprises are left to choose between a pair of proprietary approaches.
Byrnes recommended that businesses not make any strategic investments in either approach, but use one technology or the other to get them through for the time being.
In the meantime, they should be applying pressure to both companies.
"Businesses should be virtually forcing Cisco and Microsoft to cooperate," Byrnes said.
Standards for secure network access are likely to develop in the next two to three years, Byrnes said. In the meantime, he said businesses should base their decision about which technology to use based on how compatible Cisco's and Microsoft's offerings are with the rest of their infrastructure.