Most organizations know an extra measure of access management is needed for IT staff who run their networks. The problem is one of the best solutions for achieving that—Terminal Access Controller Access Control Server (TACACS+)—can be both complicated and costly to implement. That’s why a company called Portnox announced Wednesday a cloud-native TACACS+ solution that it claims is easy to set up and use, as well as priced within the reach of mid-market companies.
“TACACS+ is a standard protocol. It’s been out for a long time, but no one has a cloud-based solution,” Portnox CEO Denny LeCompte tells CSO. “Many IT departments that would find TACACS+ really valuable don’t use it because it’s too much trouble. That’s why we built a cloud-based version.”
The cloud-based offering allows even organizations with small IT teams of two or three people to benefit from TACACS+ without having to spend $50,000 to $100,000 on a full-blown network access control (NAC) product that includes the technology, LeCompte says.
TACACS+ service offerings
The Portnox software-as-a-service TACACS+ solution provides network device authentication, authorization and accounting services, including:
- User authentication for network devices via Open LDAP and integrations with Azure Active Directory, Google Workspace, Microsoft Active Directory and Okta
- Policy enforcement for network device access and configuration changes to privilege levels, allowed services, auto-commands, custom attributes, and more
- Automated audit trails for user activity and attributes across network devices such as user identities, start and stop times, executed commands, and packet transfers
The audit feature can be especially valuable to larger IT teams. “Imagine you have five engineers. Someone makes a change. They mess up and suddenly a whole bunch of connectivity on the network is lost,” LeCompte says. “How do you figure out what happened? Without an TACACS+ solution, you’re going to have to retrace your steps manually. With TACACS+, you can go through logs and know who made the last change and what changes they made.”
Without TACACS+, LeCompte continues, administrators typically issue blanket credentials to users and trust them to report any changes they make to the network. “It’s terrifying in a way,” he says. “Probably nothing will go wrong, but even the best IT people make mistakes. You put in one wrong parameter and you can take down a whole bunch of your network.”
Security issues associated with staff turnover can also be addressed with TACACS+. “We tie our product to Active Directory,” LeCompte explains. “So, when an IT staffer leaves and their AD account is turned off, they no longer have access because all their access was through our TACACS+ service.”
To promote the adoption of TACACS+, Portnox is offering a free tier of service that supports one administrator and up to 100 network devices, such as wireless access points and wired switches.