Components like the technology Cisco recently acquired with IronPort will provide some of the intelligence to stop messaging and Web based leaks, and Cisco will use intelligence in its routers and switches to control data flows and in the CSA agent to enforce data-level policies on the desktop, Gleichauf said. "CSA is the next area where you're going to see us make go to market announcements that offer real value in the data leak space," he said.
"Cisco's getting out of the desktop plumbing business and focusing on areas on the desktop where they can add value to what they're doing on the network," said Jon Oltsik, an analyst at Enterprise Strategy Group.
But Gleichauf's comment may also be an indication that Cisco trying to change the conversation around its NAC architecture, which has been a tough sell with enterprises largely because of the cost of upgrading Cisco and non-Cisco networking infrastructure in order to take advantage of the access control features.
While the company has found plenty of buyers for its NAC appliance, formerly known as "Clean Access," it has had far few takers for the full fledged NAC solution. In the meantime, the company has found competition from a wide range of niche NAC vendors, security mainstays like Symantec as well as Microsoft, Juniper and the Trusted Computing Group's standards based Trusted Network Connect architecture.
Gleichauf acknowledged that his company hadn't executed well in selling NAC to partners, but said the solution was for Cisco to close the loop even tighter on which firms it will tap to be a part of its solution.
"With NAC we got caught in the vendor program race with TNC and Microsoft, where you want to get as many vendors as possible. But there are only a minority of vendors who are value added. The majority of them are just looking for stickers to put on their booth," he said.
Going forward with its data leakage solution, Cisco will rely on a small number of main vendors that offer it more value with license arrangements, rather than rely on open standards, Gleichauf said.
That vision concerned Steve Hannah of the Trusted Computing Group, which promotes open standards for network access control that allow third party software to speak a common language when making access control decisions.
Releasing the NAC client as an open source application was a fine gesture, but it has little value to the community at large until Cisco agreed to submit its NAC protocols as open standards, he said.
"Ultimately, Cisco retains control, and you end up with Cisco as the center of the universe. So customers are stuck buying Cisco gear and looking for things that plug into Cisco gear, but they don't really have a choice of different vendors," said Hannah, who is a distinguished engineer at Cisco competitor Juniper Networks.
TCG is happy to talk with Cisco about moving NAC protocols to open standards, perhaps blending NAC technologies from Cisco and TCG to give software vendors and enterprises the most choice, he said.
In the end, submitting CTA as an open source application may just be a politically correct way of throwing in the towel on an application that had become irrelevant, said Oltsik.
"It's a feel-good move," Oltsik said, but one without much force as long as the NAC protocols used by CTA remain firmly in Cisco's grasp.