Early users

Some early users, such as Great Canadian Casinos, have bought into a single vendor's scheme. The Richmond, British Columbia, company chose Nortel with its Secure Network Access Switch, says Gary Ward, IT director for Great Canadian.

The company wanted to lock down access in public spaces, such as lobbies and conference rooms, where guests might log on, Ward says. The Nortel gear scans the devices trying to log on and enforces access policy via Nortel switches in the network. The endpoint check calls for the device to boot up its browser, which is a drawback, Ward says, but Nortel says it is working on a browserless version.

Important to Ward is that the Nortel architecture support other vendors' enforcement points, not just certain Nortel switches. Because Great Canadian is growing through acquisition, it is likely to buy a business entity whose network is built with another vendor's switches, Ward says, explaining that he would not want that diversity to stall universal NAC deployment. In its favor, Nortel has interoperability with other vendors' gear in compliance with TCG specifications, the company says.

Getting to NAC's bottom line

The bottom line on NAC is that while it may be a young and not yet fully defined technology, it can deliver value in the right circumstances. The key is to apply NAC only to address specific needs, says Rob Whiteley, an analyst with Forrester Research.

Look at NAC with an eye to how it is evolving, Whiteley says, so future security and network acquisitions fit into the still-developing, broader NAC architectures. "You want to make sure you don't deploy islands of security," he says.