Companies slow to adopt NAC technology

Forrester predictions for 2011

Companies are showing little interest in expanding their interest in network access control even though many are interested in such technology.

According to a new report from Forrester, only 10 per cent of organisations plan to implement the technology in the coming year. The research company said that security professionals were struggling to deliver business cases to justify the use of the technology

Those companies that are going down the NAC path are overwhelmingly opting for client-side technology. According to Forrester 27 per cent of respondents report adoption of a client-side NAC technology. Report author, Usman Sindhu, claimed there were several reasons for this. "Client-side NAC technology is software-based, so IT and security professionals can more easily integrate and manageit," he wrote, adding that during the past 18 months, many security vendors have bundled NAC technology into their client security suite products, thus accelerating its adoption. We're seeing vendors like McAfee and Symantec using NAC as a feature in a suite or a bundled client security offering,"

Conversely, server-side NAC is less popular, only 17 per cent of the respondents in the Forrester survey are interested in going down this route. These products include NAC technology integrated into routing and switching infrastructure or operating as separate NAC appliances. Security professionals struggle to make a business case for these devices because of the capital cost involved.

Sindhu makes four predictions for 2011. Firstly greater interest in NAC integrated into broader security offerings will flourish. He said that this had gone beyond security vendors themselves." For instance, Cisco and Juniper are keen on making NAC one feature in the infrastructure security stack. This trend is here to stay and will push other players to abandon the standalone NAC approach"

The second of Sindhu's predictions is that network access control will shift to the layered access control model. "Access control will encompass not only the network but also applications and mobile devices. The term "NAC" will not go away, but it will refer to network, application, and device access control. NAC solution vendors will work with partners to provide a layered access control where the focus is the user, not the device."

Sindhu's third prediction is that hybrid deployment modes will continue to be popular. "Security organisations don't have a clear preference for hardware-based versus software-based NAC deployments," he wrote, preferring to use a combination of deployments. He said that this trend would continue into 2011.

Finally, Sindhu said that in 2011, compliance-driven features will dominate the market. He said that companies would expand their compliance needs by taking on board employee-owned devices such as smartphones and tablets.

Join the CSO newsletter!

Error: Please check your email address.

Tags mcafeesymantecNetworkingsecurity

More about CiscoetworkJuniperJuniperMcAfee AustraliaSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maxwell Cooter

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts