Report Card: Incite #2 - Get the NAC!

Submitted by Mike Rothman on Tue, 2006-12-26 15:45.
::

Continuing in our Report Card series. Here is my assessment of Incite #2 on Network Access Control, or more commonly known as NAC.

Incite #2 - Get the NAC!

The increasing number of ingress points into corporate networks (mobile, contractors, VPN) forces users to migrate to a virtual network infrastructure with a secure net and an unsecured net. Network Admission Control (NAC) architectures gain traction in 2006 to facilitate this architectural construct, but do require homogeneity of equipment pushing the pendulum away from best of breed providers.


Grade: B

Original Days of Incite post: here
Incite Redux post: here

This Incite was right on from the standpoint of the business drivers for Network Access Control (NAC). But a strange thing happened on the way to this NAC-centricity and massive market growth. The term NAC came to mean anything and everything. So what you have now is a market showing good growth, but not exponential growth - constrained more by confusion than by anything else.

What does that mean? It means the leading independent NAC vendors are growing their businesses nicely. Growth rates are probably 75% year over year, maybe 100%. But not at 200-300% as you would expect in a market hitting the masses. You see a lot of recent surveys talking about confusion, and confusion is bad for business.

Actually confusion is good for the research business, but not for the product business.

Confusion happens because every vendor is trying to mold the NAC term to describe with they do and how they do it. Then you have a number of center of gravity vendors (like Cisco and Microsoft and those that are not Cisco and Microsoft aligning in the TCG) that are pushing interoperability. It's not clear why anyone gives a rat's ass about interoperability and that confuses matters even more. Then you have the vaporware issue. Given that Microsoft’s offerings are not going to be real until 2008 (when Longhorn ships and Vista is more pervasive), no wonder customers feel no urgency to get these projects going. Cisco's story is still far ahead of its delivery as well.

But all is not sour in the world of NAC. I don’t want to steal my own thunder and talk about what 2007 has in store for us, but NAC (and secure switches) will continue to play an important part of building out the next iteration of the campus network. This will include host integrity checking, access control within the internal network, and worm mitigation.

So I’m grading myself pretty hard in saying this is a “B.” But the reality is that NAC has stalled a bit and needs a new catalyst to drive it to the masses. Though the need for the technology remains as strong as ever.