12/17/2007 -- It's been an unusually quiet period for Cisco Systems Inc., with hardly a hiccup, news-wise, over the last fortnight and more.

Cisco's fallow news cycle came to an end last week, when it announced Trusted Security (TrustSec), a new security architecture that integrates identity and role-based security measures and which supports scaled implementation across enterprise networks. The idea, Cisco officials said, is that enterprise-wide TrustSec implementations can help address the growing compliance requirements of an increasingly global -- and mobile -- workforce.

Industry experts buy it -- to a degree. "[TrustSec] would allow Cisco to create identity-based, fine-grained access control policies that would be enforced through [its] switching infrastructure," said Andrew Braunberg, a research director with consultancy Current Analysis.

On the other hand, Braunberg pointed out, TrustSec is still very much vaporware. Cisco doesn't plan to release it for at least another year, although it claims to have been working on TrustSec for more than four years.

All the same, Braunberg predicted, TrustSec will almost certainly transform the size and scope of Cisco's security business, particularly its highly successful NAC push. "TrustSec...would create a complete access control and audit capability that would complement Cisco's Self-Defending Network threat management products," he said. "More importantly, TrustSec would subsume Cisco Network Admission Control by treating host posture checks as just one of several attributes influencing access control decisions."

But doesn't Cisco already have a boatload of security architectures, including both NAC and its Self-Defending Network vision? Yes. But Braunberg, for his part, doesn't see any necessary contradiction between what Cisco is doing with TrustSec and the strategy it's already outlined with NAC or Self-Defending Networks.

"TrustSec would be a nice complement to the threat management orientation of Self-Defending Network. Another major security initiative at Cisco is the Network Admission Control framework," he said. "Under the TrustSec architecture, NAC would provide just one of several important data inputs for determining access control policies to network resources."

What does TrustSec bring to the table? For one thing, Braunberg noted, it would tag all network traffic with user attributes (including corporate role, physical location and device health); facilitate the creation and management of centralized authorization and access control policies; and build policy enforcement directly into switch, router and wireless network controllers.

"The architecture would also support strong point-to-point encryption to ensure data integrity and confidentiality," he said. "The ability to control and audit who has access to what network resources is a fundamental component of most corporate compliance strategies. Businesses are increasingly demanding network access to a broad set of end users that often need access from outside the traditional network perimeter. A shift from a network topology-aware infrastructure to one that is user attribute-aware will greatly simplify the administrative and management overhead required to meet these business needs." --Stephen Swoyer