That's the message from a Forrester report on the subject. Titled 'Network Access Control Predictions: 2011 And Beyond', the study says that, despite this low percentile, a good third of companies are still interested in the technology's adoption.
Forrester analyst Usman Sindhu, the lead author of the report, says that many organisations are struggling to develop a compelling business case for NAC technology.
Against this backdrop, Sindhu makes a number of predictions for 2011 and NAC technology.
The first is that NAC technology that is integrated into broader security offerings will flourish. During the past 12 months, he says, many security vendors have integrated NAC functionality into their security offerings.
This trend, he says in his report, is here to stay and will push other players to abandon the standalone NAC approach. In turn, NAC offerings will have more breadth and integration into the overall infrastructure.
The second prediction is that network access control will start to shift to the layered access control model. As organisations' security needs move far beyond just securing, the report says that at the network edge, access control will encompass not only the network but also applications and mobile devices.
The third prediction is that hybrid deployment modes will continue to be popular. Security organisations, says Sindhu, don't have a clear preference for hardware-based versus software-based NAC deployments.
As a result of this, Forrester says it is finding that it is a combination of deployments that are moving things forward.
The fourth and final prediction from the Forrester analyst is that compliance-driven features will dominate in the NAC marketplace in the year ahead.
"Corporate and regulatory compliance are two of the leading drivers of NAC technology adoption. This trend will continue as companies expand technology footprints to employee-owned devices such as the iPhone, iPad, and Android devices", says the report.
In the light of this, the report advises companies to define their user access scenarios.
“As a security professional, you will be asked to control access through mobile devices. But slowly, corporate will want features that control applications (Facebook, Twitter, LinkedIn, IMs) running on these devices”, says the report.
“Your NAC strategy should [therefore] focus on controlling users’ access as they connect through mobile devices like iPhone, iPad, and Android devices”, the report adds.