Stasiukonis was telling me about a recent penetration test his company went on. I didn't ask who and he didn't volunteer the company name. As part of the penetration test, Steve actually got an employee ID issued to him and then he got contractor ID's for his crew. He entered a secure data center and learned the network architecture from the IT staff, including their future plans. He listened in on meetings, videotaped presentations, and wandered undetected into the CEO's office.
The crumbling of this company's physical access controls began with getting a badge. Stasiukonis wasn't properly vetted before getting a badge. Once he had a badge, making him an authorized employee, the internal controls failed to keep him and his team from information and places they probably shouldn't have been in the first place. This story is very much analogous to the limitations of current NAC technologies, namely, once you have access to the network, there isn't enough access control to restrict what a malicious user can do.
I don't think Stasiukonis tried to get authorized network access -- he didn't need it -- but if he tried, there is no reason to think he would have failed. NAC, whether you are looking at network admission control, which is primarily focused on admitting hosts to the network, or network access control, which focuses on admitting hosts to the network and then regulating the services a host can access once connected, simply fails if your company improperly vets access requests.
A number of vendors, like Bradford Networks, Cisco, and Great Bay Software, are developing or selling guest sponsorship products that allow an employee to sponsor guest network access, similar to how employees can get a temporary guest pass to enter a building. From a business process point of view, that sounds like a great idea. Let the central IT department define the policies that employees can sponsor, grant sponsorship privileges to employees, and you can off-load the management burden from IT to someone else. But given the overwhelming evidence demonstrating how easy sweet-talking a building badge from an unsuspecting employee is, getting network access won't be that much more difficult.