Despite slower than expected adoption, network access control (NAC) technologies have matured enough to be ready for more wide scale deployments, according to a new report issued by Cambridge, Mass.-based Forrester Research Inc.
The dust is finally settling, according to Forrester. Cisco, Symantec, Sophos and Novell all made acquisitions of smaller vendors. Smaller vendors also showed signs of struggling with sluggish sales. Vernier Networks changed its name and approach as Autonomic Networks. Lockdown Networks shuttered its website and ceased operations in March prompting some experts to ask whether Lockdown customers would be left in the lurch.
Forrester recommends that companies should budget for a complex, hybrid deployment that addresses the growing use of mobile devices, supports access to a wider range of users, including customers, suppliers, and partners, and provides effective controls for regulations. The report, "Overcoming the Common Pitfalls of NAC," lays out ways companies can successfully plan for an implementation without running into the high costs, policy management issues and lack of ROI, associated with early deployments.
Whiteley said companies beginning a pilot would need a mixture of hardware and software to control guest and employee access. Software-based NAC solutions ultimately won't be fully integrated until 2009. And NAC appliances are only suitable to solve guest-user access, Whiteley said. Companies wanting to control employee access would likely exceed the appliance's traffic throughput, he said.
Changes to NAC technologies in the market have added to the complexities and confusion of early adopters, Whiteley said. Despite sluggish growth, NAC is being successfully adopted. A recent Forrester survey found that 37% of respondents had already adopted NAC and an additional 18% said they plan to do so in the coming year.
Other surveys support Forrester's findings. Information Security magazine's Priorities 2008 survey, published January, showed that 31% of the respondents have already deployed NAC, 16% will deploy this year and another 34% will evaluate NAC technologies.
Whiteley said larger companies with more than 20,000 employees have been the early adopters and are now deploying NAC technologies more widely throughout the organization.
"These larger organizations feel the full brunt of multiple user constituencies, especially contractors and outsourcers, requiring access to the corporate network, and strict compliance requirements that demand greater visibility, reporting, and segmentation," Whiteley said in the report.
To get started, IT pros should develop a business case based on securing both guest and employee access, Whiteley said. He warns that companies need to steer clear of some common mistakes associated with NAC deployments that often result in failures.
Forrester said companies should:
Sometimes companies miscalculate the current state of their systems. Outdated hardware could cause a NAC deployment to fail, according to Whiteley. Companies also often fail to choose NAC technologies that integrate easily with an identity and access management tool, making employee access control an issue.
Too many enforcement options and NAC technologies that fail to dynamically create a list of remediation options for specific end user problems could also mangle a NAC deployment and result in increased help desk calls.