There have been two acquisitions over the past weeks that involved NAC vendors.
In one case StillSecure bought managed security service provider ProtectPoint and in the other, managed security service provider Trustware bought Mirage Networks. The common thread here is NAC services being deemed a money-making business.
That reflects the difficulty some businesses have mustering the resources to deploy their own NAC gear, even if it is just an appliance designed to corral guests and contractors in a limited-access network segment. In this case the gear wouldn’t even check endpoint configuration status. If endpoint status checks are added to the mix, the complexity of deployment increases and increases again if post-connect behavior checks and alerts are included.
In addition to technical challenges, NAC spans the realms of desktop, security and networking staff, making deployments sometimes difficult to coordinate. Setting up independent management views of NAC - allowing desktop staff to view but not change policies, but allowing security staff to see and change them, for example - can be difficult to coordinate among all the involved parties.
Realistic assessments by network executives find that in some cases it is better to turn NAC over to a service provider. It can be done for predictable fees, without capital investment, no training and still give businesses direct access to change policies as necessary.
The services are growing in popularity according to former Mirage staff. Before it was bought by Trustware, about 30% of Mirage business was managed services, and that number was growing. This follows an overall trend in the popularity of managed security services.
For customers it means that NAC is not unattainable if they lack the resources to deploy the technology in-house.