Who cares about NAC standards?

While I've got NAC on the brain, let me go after the standards discussion a bit. There was quite a bit of consternation regarding Cisco pulling out of the TCG a while back. Well actually pulling Meetinghouse out of the TCG after they were assimilated. In this post from a while back, Alan Shimel wonders how hard could it be to provide interoperability (here)? He's right, it wouldn't be hard. But it's still not going to happen.

Why? They are forgetting the first rule of market domination. The gorilla doesn't need or want standards. If anything, having a standard is a bad thing for a company trying to maintain 80% market share. Standards provide interoperability, which gives users choice. What vendor wants users to have choice? The only choice a gorilla wants the user to make is whether to finance a multi-million dollar purchase or buy it outright. Certainly not about whether to use competing products.

So what does the gorilla do? They change the discussion. They say they're working with the IETF - the only "real" standards body. That means they'll get a standard in 5 years when the market has matured and the gorilla has 80% market share. Perfect. That's not good enough for those folks wanting "interoperability." Fine, so they cut a deal with another gorilla to provide a visage of interoperability knowing full well the other gorilla won't have a product for 12-18 months, so they've got zero risk there. Of course I'm talking about the Cisco and Microsoft NAC/NAP announcement (here and here).

But if you are a customer, do you care? I think not. Everybody cries about vendor lock-in, but I think this is a red herring pro-offered by vendors who are outside looking in. Actually, large enterprises are sensitive to lock-in. They end up locked-in anyway, but they don't like it. So these folks would like standards. Enough to buy another product? Probably not. But that's maybe the largest couple thousand customers out there anyway. Fact is, large enterprise will be laggards in deploying NAC, there is too much upgrading and political maneuvering required

What about everyone else? The unFORTUNEate five MILLION? They don't care. All they want to do is solve the problem. Protect the critical resources and make sure folks on the network should be there. They already have a lot of Cisco gear. So if Cisco says they solve the problem, these customers are likely to believe it. It doesn't matter whether it's bullshit or not. The customer wants to believe, so they will.

Alan closes his post with the insightful statement that we'll see a standard when the market demands one. That is absolutely true. But I'm with the Cisco rep he talked to. It'll be a cold day in hell when customers care enough to force Cisco's hand on this one.