NAC adoption slowed by human learning curve

Clarifying issues surrounding this emerging security architecture

Perhaps the human learning curve is slowing down adoption of NAC, according to a college IT engineer.

The college uses NAC to check whether student-owned computers meet configuration standards at the beginning of the school year. It only does the check once, hoping that after that critical patches and antivirus updates (Compare antivirus products) will be installed in a timely manner. It’s not the tightest enforcement, but it’s better than what they had before - nothing.

The first year it used NAC, so many student machines were out of compliance and so many students couldn’t follow the directions to bring them into compliance that the help desk was swamped for a week.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Perhaps the human learning curve is slowing down adoption of NAC, according to a college IT engineer.

The college uses NAC to check whether student-owned computers meet configuration standards at the beginning of the school year. It only does the check once, hoping that after that critical patches and antivirus updates (Compare antivirus products) will be installed in a timely manner. It’s not the tightest enforcement, but it’s better than what they had before - nothing.

The first year it used NAC, so many student machines were out of compliance and so many students couldn’t follow the directions to bring them into compliance that the help desk was swamped for a week.

Actually that’s a classic mistake in implementing NAC. Turn it on in monitoring mode first to see how many computers are out of compliance and then work to bring as many as possible into compliance before turning NAC on in enforcement mode. Otherwise untold numbers of users will be locked out.

In this case it turned into an inconvenience for the student body, but that kind of disruption among the workforce in a business could have devastating financial impact. It might also get someone fired.

The second year the school used NAC about three quarters of the students were returning, so they knew the drill about getting the machines into compliance. A much higher percentage of sophomores, juniors and seniors managed to follow the directions for remediating their software.

As the school and the student body become more comfortable with NAC and its requirements, the IT staff is considering checking out each endpoint not only at the beginning of the school year, but after each significant school break, when laptops are more prone to picking up viruses.

Getting students to comply with NAC requirements is a bit like herding cats, so getting to where the school wants to be in using the technology is becoming a years-long process. That’s unacceptable in a business setting, but it is instructive. In any NAC deployment plan for user education and a grace period for bringing machines into compliance. (Compare NAC products)

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.