The sometimes simple reasons network security experts use to justify which NAC scheme they choose are signs of NAC’s immaturity.

One recent NAC customer - a university - chose a particular NAC appliance over a network-based NAC architecture for one reason: price. Upgrading switches to support NAC would simply cost too much.

Another customer, also a university, chose its NAC vendor because the product required no software be installed on end-users’ machines. With an enormous transient student population that starts fresh each fall, the school wanted to avoid the burden of installing and supporting software on all those machines.

Universities represent a prime NAC market precisely because they have so many transient workers that come and go as part of the user community and who also travel from building to building and campus to campus.

They have a broad exposure to potentially infected machines, and like many small businesses, many universities are strapped for cash so they are forced into inexpensive answers to their problems. Appliances meet the requirements on that score.

These appliances with no client software are limited, though, in what they can do. The thoroughness of their endpoint inspections are less than products that do use client software.

But because the clientless gear meets specific burning needs, they win customers and are useful to them. That doesn’t mean the customers wouldn’t like more from the products, it just means they recognize the gear is worth the price for the functions they perform now. This same rationale applies not just to universities but also to businesses that have targeted needs and limited budgets.

As endpoint-checking gear becomes more ubiquitous through other security or operating system products, these problems will disappear. When NAC grows up a little more, more customers will be able to reap greater benefits from it.

Tim Greene is senior editor at Network World.