NAC gets the NACK
Apologies for the TCP humor.
An interesting article at Network World points to an analyst report from TheInfoPro about NAC. The report, due out next month, shows that “of 126 network professionals, 37% say it is very likely or extremely likely they will decide to develop or implement a NAC policy initiative in the next 12 months, down 17% from earlier this year.” Reasons cited include a lack of standards, high cost, and the lack of a universal endpoint agent.
I always had a sense that NAC–as narrowly defined under the endpoint health banner–might find the “trough of disillusionment” (as Gartner describes it) earlier than expected. With so much hype, so little standards, and so many vendors piling on with solutions it seems almost inevitable. Much of my talks with customers, at conferences, and in posts on this blog have encouraged caution in approaching this problem space so quickly–and so narrowly focused on endpoint health.
Making user identity decisions at the time of network access is a much more proven technology since it has been used to augment the security of dial-up, VPN, and wireless networks at scale. Adding wired access to the authentication solution makes it possible to make access decisions for all forms of network access in a consistent way. Sure wired 802.1X is encountering its own growing pains, but vendors have responded by enabling simpler alternate mechanisms–such as web authentication–to bootstrap wired deployments until 802.1X is truly plug-and-play. It will be interesting to see how this plays out over time.
Technorati Tags: NAC