Forrester is out with another NAC report, this one urging customers not to lock in on a single architecture because they are likely to want a hybrid over time.

The report – “NAC Remains A 2008 Blockbuster – But Wait Until You See The 2009 Coming Attractions” – restates Forrester's earlier suggestion that customers look at their current need for NAC and buy products that meet those needs.

The most common scenario is somehow identifying guest users and restricting their access. NAC appliances are a good fit for many businesses in this situation.

Later, other needs may arise that NAC can also deal with, but would deal with it best with a software product. So that same business that bought an appliance to control guest access might use NAC based on endpoint software to show that managed corporate devices were tested and found in compliance with security policies.

The initial reaction to this scenario might be that now the business is stuck with two NAC products, two management platforms and perhaps redundant NAC elements.

This type of situation is not uncommon, Forrester says, with 57% of businesses in its study of NAC users having deployed such hybrid solutions.

Standards are needed to help streamline such hybrid deployments. The Trusted Computing Group has already written a set and it is working its way through the IETF. Forrester says these standards will be key to expanding the role of NAC beyond admission testing, enforcement and remediation to include application-level controls, asset profiling and other functions outside the initial realm of NAC.

To learn more about the report click here.

Tim Greene is senior editor at Network World.