Forrester Research Questions the Future of NAC

A new Forrester Research report issues a gloomy forecast for the future of network access control products, at least in their current state.

In the report "Client Management 2.0," Forrester says things are going so poorly with existing NAC solutions that though 40 percent of companies surveyed have started deploying the security technology, only 4 percent have completed their implementation.

NAC technology promises some compelling features, including the ability to validate the integrity of any incoming device before letting it access the network and to quarantine any device that violate IT security policies. But Forrester contends the effectiveness of NAC is limited by both policy and technical constraints.Most companies still fail to set comprehensive NAC policies that are fully implemented throughout the organization, Forrester says. The report warns that even the best-designed NAC policies are still associated with a convoluted process that requires enforcing those rules across myriad network resources.

Forrester says today's NAC products aren't built to handle emerging threats and aren't closely aligned with IT objectives. The latter makes it difficult for technology managers to argue the business case for NAC.

There is still room for NAC in the enterprise, the analyst firm says, but the proper place for it might be as something Forrester describes as proactive endpoint risk management (PERM), which can better work to execute federated security policies.