Kindervag judged that the standalone NAC market is in the “survival stage.” Only 10% of security decision makers plan to implement the technology in the next 12 months, according to Forrester data.
The NAC market includes products that provide the ability to authenticate devices as they enter the network, monitor those devices, and remediate devices that are not in compliance with security requirements.
The Forrester analyst provides two main reasons why he believes the market for standalone NAC products will disappear. First, NAC products are complex to deploy, scale, and manage. Second, they are not able to stop a malicious insider who wants to commit a security breach. “At the end of the day, NAC protects you from honest people who are out of compliance.”
Instead, Kindervag expects vendors to embed NAC functionality into security software suites or infrastructure security stacks. Mobility is pushing the security focus away from the network perimeter and toward the mobile devices themselves.
“As mobility deperimeterizes the network and compliance mandates and data theft issues drive enterprises toward data-centric security models, NAC functionality must enforce data access at a more granular level throughout the extended network”, the analyst wrote.
Scott Gordon, vice president of worldwide marketing at ForeScout – which was named one of the top NAC vendors by Kindervag –shares a different opinion than the analyst's prediction about the future of the standalone NAC market.
The presumption that organizations can refresh their entire infrastructure in order to get some degree of NAC that might be embedded either in the system or in the network is questionable in the five-year timeframe, Gordon told Infosecurity.
At the same time, the market is progressing and ForeScout has evolved its product to automate endpoint compliance, mobile security, and management and enforcement of policies for non-managed personal and guest devices, Gordon said.
To assume that every device is manageable and that policies can be uniformly administered by one network infrastructure or endpoint security vendor is not realistic, Gordon said. Given how market requirements are expanding, he questioned the near-term demise prediction. “So I don’t think we are in agreement with such a black and white conclusion”, he added.
Gordon said his company, which is a standalone NAC player, is growing strong, reporting a 44% year-over-year bookings growth for 2010.
Other analysts contradict Kindervag’s prediction.
Infonetics Research, for example, predicts that the NAC market will reach 84% growth by 2014. Large-scale threats, compliance mandates, and the consumerization of IT are fueling demand for NAC products, said Infonetics analyst Jeff Wilson.
The year “2010 was a solid rebound year for NAC enforcement appliances. The market saw double-digit annual growth, and by 2013, we expect revenue to surpass the market’s peak in 2008”, Wilson said.
Neil MacDonald of Gartner shares a similar view of the NAC market. “I’ve seen a shift in focus in each of these technologies from ’blocking’ to ’monitoring’ to provide visibility and intelligence as to what is actually taking place on our IT infrastructure”, MacDonald said.
In a March NAC competitive landscape report by Gartner, the research firm estimated that the NAC adoption rate in the broader market is approximately 30%. Gartner expects this segment (standalone NAC) to record a 30% compound annual growth rate from 2009 through 2014 – higher growth than that of network infrastructure and endpoint NAC vendors.