Main NAC use: Guest enforcer

* 80% of NAC is deployed to keep guests and contractors under control

NAC is used mainly to keep guests and contractors under control when they connect to corporate networks, according to a new Gartner study.

That’s been pretty much known for awhile, but Gartner says that an overwhelming 80% of NAC is deployed just for this purpose.

Lagging well behind is deploying NAC for the purpose of testing endpoints for compliance with policies then assigning access rights based on the results. That use – what NAC was originally intended for – is the reason behind just 15% of deployments, Gartner says.

The main reason for this disparity is that most businesses have partners or guests to whom they want to grant limited access. But not so many feel threatened by machines that might not meet configuration policies. Blocking such machines might be a form of risk mitigation, but the downside of blocking access is greater than the security benefits.

There are two other and much rarer use cases. One is tying user ID and IP address together to supply identity-aware access control. The other is monitoring network activity to identify malicious behavior and isolate machines generating it.

Gartner’s advice is that regardless of what the primary motivation is for initially purchasing NAC, be aware of the other uses. Over time, businesses will want to expand into those other uses, and it pays to have a tentative plan to do so at the outset.

Some customers already report that they have different NAC gear from different vendors to meet different use cases. With better planning up front, the transition to more uses can be smoother, less expensive and avoid the need to make subsequent purchases from multiple vendors.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)