Like a train gathering speed as it heads downhill, NAC projects are gaining momentum, particularly at larger companies. Forty-five percent of those responding to our second annual Network Computing NAC Survey are already rolling out network access control technology, while 41 percent plan to deploy NAC, most within 12 months. Only 14 percent said they have no plans for NAC, compared with 46 percent last year. But the most interesting finding is that the 45 percent who've taken the leap have learned that some common fears are unfounded--most said NAC is easier to deploy, is less disruptive and requires fewer changes to network configurations, and has less of an impact on productivity than was expected.
That's the good news; it's always easy to see positives once the deployment is finished. But as always with emerging technologies, there are bumps in the road, and--surprise!--interoperability is one of the biggest.
Currently, more than 30 vendors are pushing products that help IT staff enforce security policies by preventing noncompliant machines from connecting to the network. Trouble is, they're all using different, usually proprietary, mechanisms to determine a PC's state and act on that information.
Then there's the cost factor. Enhanced security comes at a high price: IT groups that have deployed NAC said its average cost is 12 percent of the entire enterprise IT budget; that's about one-third more than the mean estimate from those who have not started to roll out the technology. Still, most find it money well-spent.