NAC implementation slows as networking budgets grow

Network Access Control (NAC) deployments have stalled while many enterprises wait for the technology to mature, despite notable increases in the majority of networking budgets, according to the recent Wave 2 Networking study by TheInfoPro.

Following up on a previous study done in spring 2006, TheInfoPro returned to interview a number of the same enterprises to see whether NAC implementation or policymaking had occurred in the four to five months that had elapsed. According to Bill Trussell, managing director of TheInfoPro''s Networking sector, the spring findings indicated that at least a third of enterprises interviewed had already implemented NAC, with another 42% rating implementation a high priority within the next 12 months.

The follow-up visits revealed, however, that expected implementation had dropped by 19%, with 37% of enterprises actively considering an NAC policy and an equal number believing it unlikely that they would implement within the next year. Those findings are based on 126 hour-long interviews with pre-screened networking professionals from Fortune 1000 and midsized enterprises.

Common responses explaining the decreased interest in NAC indicated that managers found the technology immature -- not meeting expectations, creating unacceptable lengths of wait-time, and causing a loss of productivity. As a result, a number of enterprises indicated that they intend to shelve NAC for another year or two and wait for the technology to mature.

Managers who have already implemented NAC also indicated that lack of product interoperability could be a major deterrent as well, specifically for networks using multiple vendors. The portability of many standard computing devices also raises concerns for network administrators because unprotected devices are finding ways onto previously well-secured networks, through either employee use of work laptops on home networks or remote accessing of an enterprise''s network from foreign computers.

Interest in NAC remains strong, despite the tailing off of actual implementation, Trussell said. Small and midsized businesses to large enterprises all said they plan to keep an eye on the technology designed to address a number of security issues, targeting in particular the introduction of rogue devices to corporate networks.

The results of the Wave 2 Networking study are intended to give network administrators a benchmark perspective, Trussell said, helping place their current NAC policy and other networking issues against those of other enterprises. The study is also designed to share what administrators of NAC-secured networks have learned from the process and better separate hype from reality.

Trussell cautioned potential implementers to individually weigh the benefits and disadvantages of being late to the NAC table versus being an early adopter.