NAC: What went wrong?

After five years, still no easy way for IT managers to achieve network access control

1 2 Page 2
Page 2 of 2

But even if the software is virtually free, deploying NAC is expensive. It takes time, and time is money. You may have to buy more switches or upgrade switches. You certainly have to understand how your network operates very well, and you've got to be prepared to change many of your internal processes for moves, adds, and changes.

What can vendors do?

NAC has certainly not lived up to expectations, but NAC isn't dead either. Frost and Sullivan predicted that NAC vendors will sell 7,500 appliances and rake in at least $250 million, with a nice, steady growth rate of about 25% every year. Vendors aren't seeing the revenue or growth that was predicted. But what can vendors do to accelerate NAC deployments in the enterprise? We have three suggestions:

1. To address the political issues, vendors could design products that naturally break apart into three components: network, desktop and security. If the NAC product lets each team deploy their part of the NAC puzzle in the way that fits best into their network, then the likelihood of success is much greater.

2. When it comes to ROI, some enterprises have seen cost savings with NAC, irrespective of the potential for lowering risk of data loss or intrusion. That's the direction NAC vendors have to go: figuring out how their products can bring value even in the absence of security benefits. We saw this in our testing with some outstanding dashboards and visibility tools. This needs to be a benefit of any NAC deployment to push NAC into the mainstream.

3. The complexity of NAC is the most difficult barrier to overcome. Vendors have pushed features and complexity into their products as they've learned from customer after customer what works and what is needed to make things work. They aren't likely to throw it all out and start over from scratch.

However, if venture capitalists continue to provide funding for start-ups, new products can come out of the woods with a clean architecture based on the lessons learned from everyone else in the industry. If not, NAC just might continue to languish as a great idea that never really takes off.

Snyder is a senior partner at Opus One in Tucson, Ariz. He can be reached at

Snyder is also a member of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it takes to become a member, go to

Copyright © 2010 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
The 10 most powerful companies in enterprise networking 2022