2. Data Access Control: Encryption and endpoint control features are critical. Although there's no concise definition of data access control, I'll essentially define it as the authorization and protection of data when it's being shared with multiple parties. Several technologies will make up this tier, driven by organizations wanting to classify, extract, encrypt, discover and control who accesses the data. It will be necessary to create a policy to enforce rights management at different points in the network.
3. Network Access Control: Fabric access control will define the network tier. B2B interactions rely on tools such as intrusion detection systems, intrusion prevention systems and security information management to mitigate diverse threats. So the fabric access control will enable use of enforcement mechanism at different parts of the network and secure a B2B environment from multiple interfaces.
4. Physical Access Control: Identity-based control will become the new frontier. Customers are increasingly demanding that physical control systems like badges and IP--based cameras become fully integrated with their corporate network and IT security controls. For instance, some organizations will not allow employees who don't badge in at the premises entry point to connect to the corporate network. There is also traction with other physical devices, such as global positioning system (GPS), radio frequency identification (RFID), sensors, and smart cards to provide location--based services that will link the user's identity to the physical systems.
There is no easy solution to B2B security -- it will require multiple technologies at each tier of access control to develop a comprehensive architecture. Your organization would need to define common set of technologies like NAC, antimalware, IPS, DLP, and IAM, can help you implement controls for multiple entry points. And integrate them using APIs like TNC IF--MAP, Open Virtual Format (OVF) and SAML at the physical, network, data, and application tiers.
Usman Sindhu is an analyst at Forrester Research. He serves security and risk professionals focusing on challenges and solutions around network access control (NAC).