The market for enterpriseNAC systems
right now is a classic portrait of a market in its infancy. A
handful of mostly large vendors, notablyCisco
Systems, Symantec and Vernier Networks, dominate
the landscape at present, with a slew of smaller players scrambling
to get into the team picture and attract the attention of potential
customers.
But, despite the marketing hype from the vendors and the
generally accepted
potential utility of the technology itself, enterprise buyers
seem to be taking a
wait-and-see approach to large company-wide NAC deployments.
More common are smaller, department-level deployments or
installations at branch offices, which enable administrators to
evaluate the system and its scalability before rolling it out to
the entire organisation.
This state of affairs is likely to change in the next two or
three years, however, as Cisco completes the pieces of its NAC
offering and enterprises begin deployments of Windows Vista and
Longhorn Server, both of which contain pieces of the company's NAP
(Network Access Protection) system. Organisations that either have
a significant investment in Cisco gear or plan to roll out Vista
and Longhorn in the near future likely are waiting for those
offerings to be complete instead of going with one of the niche
vendors, analysts and customers say.
"There's still a big question on the network side as to how
detailed people will get on driving access across the network,"
said Pete Lindstrom, a senior analyst at Midvale, Utah-based Burton
Group.
Still, the NAC market is no small affair, even at this early
stage of its development. Analyst firm Internet Research Group
predicts the NAC market will top $300 million in 2007 and should
break the $1 billion barrier by 2010. Not all of that is going to
go to Cisco and Microsoft. In fact, some large organisations
already gone ahead with NAC deployments, rather than wait.
"We looked at the Cisco stuff, McAfee, Check Point and even ISS,
but none of them was mature enough for what we wanted to do," said
Sammy Spurlock, manager of security and disaster recovery at
Standard Register, a large document services company based in
Dayton, Ohio, that has deployed Symantec's Sygate Enterprise
Protection. "I needed something that would help us comply with our
audits, specifically around remote access. I use the agent to pull
together all of the threads for our compliance efforts. I wasn't
focused completely on access control, so this worked perfectly for
us."
Another factor that is limiting the rate of enterprise
deployments right now is the fact that many of the more advanced
systems require the use of 802.1x, an authentication protocol that
is not supported widely yet.
In the end, however, the larger vendors are likely to retain the
lion's share of the market, as they almost always do.
"I expect some form of
NAC to be integrated into the infrastructure
in the next three to five years," Lindstrom said. "With the big
boys like Cisco and Microsoft you really have to buy into their
model directly. There will be room for the smaller players, but
in big deployments the big vendors will have to win out, almost
by default."