Financial institutions and NAC
As one that had worked for and consulted to a few large financial institutions I was surprised to learn that many people do not know what are the challenges that NAC solutions face at financial institutions.
Financial institutions are notoriously known for the strict roles they impose over changes to their infrastructure (external and internal). Usually, when a change is needed, a series of signatures are required to authorize the change, which could only be performed in a designated window of time (usually once a week on Sunday). If the change cannot be performed, or caused another problem, a role-back is performed, and the change is pushed back to the next week (if at all).
During some periods of time in the year a change freeze is in effect. No changes to the infrastructure are allowed. This is usually done between November – January, which represents the high season for shopping, etc.
So what are the barriers for NAC vendors? Just think about NAC solutions that use the Quarantine VLAN method to isolate devices, dynamically assigning VLAN IDs to switch ports, etc. As one can understand, a definitely no-no in a controlled environment.
Actually, any read-write access, which is required to the infrastructure switches would not be allowed.
Another interesting affect is the use of software-based agents, where most of the financial institutions would not be that happy to install (along a long list of other client-based software that they may already have on the desktop).