Thursday’s TIP

NAC Loses Steam as Enterprises Adjust to New ROI Expectations and BYOE Trend
By James Slaby, Managing Director of Information Security and Networking
TIP Position
Network admission control schemes like Cisco NAC¹ and Microsoft NAP² have fallen in TheInfoPro’s Information Security Technology Heat Index from no. 1 in Q2 ’09 to no.
10 in Q3 ’10. Spending on in-progress NAC implementations continues, but new deployments will likely slow as enterprises reassess the technology’s ROI and ability to
address “Bring Your Own Equipment” (BYOE) assets.

Supporting Findings
NAC has fallen in the Technology Heat Index ranking from 1 (Q2 ’09) to 4 (Q4 ’09)
to 10 (Q3 ’10). Its current strength among technologies seeing increased
spending may be misleading.
• Currently, 36% of large enterprises with NAC in use or in plan expect to
increase spending on the technology in 2011 vs. only 6% expecting declining
spending. However, this may be attributed to the fact that enterprises that
have already committed to NAC are continuing with enterprise-wide rollouts.
(Page 3)
• Only 9% of users citing NAC as in use or in plan are spending more than
$100,000, indicating few large-scale rollouts are planned in the near term.
Meanwhile, the number of users citing NAC as not in plan has grown from 30%
(Q4 ’08) to 51% (Q3 ’10).
• Spending figures may include associated deployment costs beyond NAC
hardware and clients. With the benefit of trials and peer experience, it appears
that enterprises are approaching NAC with higher cost expectations.
• Said one respondent who had just deprioritized NAC deployment from near-
term to not In plan, “We lost our conviction that the risk mitigation that NAC
delivers is worth the investment. Aside from the initial capex, there are many
moving parts to coordinate. Opex looks higher than we initially anticipated,
especially when we have to extend NAC to partners.”
With BYOE strategies accelerating due to the popularity of employee-owned
laptops, smartphones, and tablets -- and many enterprises considering cloud
computing services -- enterprises must reevaluate how NAC plays in an
environment where the focus is more on securing sensitive data and less on
securing devices and the network perimeter.
Recommendations
Enterprises currently evaluating NAC technology should proceed with all
customary caution: get customer references of similar in size and environment to
yours; conduct pilots involving both employees and contractors on a wide variety
of platforms; prepare a rollback strategy in the event that initial deployments
don’t meet cost and performance expectations, particularly around opex.
Enterprises considering NAC should determine how well it will support an
expanded BYOE strategy in which a growing number of employees, contractors,
and guests are allowed to use personal Droid phones, iPads, laptops and similar
non-enterprise-owned assets to connect to the network.
Enterprises should renew their focus on protecting data vs. defending the
network and mitigating threats on endpoints. This approach will become
increasingly important as the BYOE trend becomes more widespread, and as
enterprises relinquish ownership and control of some IT infrastructure elements
in cloud computing scenarios.

1. Network Access (or Admission) Control (NAC) – Software that verifies the identity of a connected device, such as a laptop, and ensures that it meets the minimum policy requirements
before allowing access to enterprise network resources or data.
2. Network Access Protection (NAP) – A Microsoft-specific implementation of network admission and network access control.

Results are based on 155 interviews with information security professionals at large enterprises that were completed in September 2010.

108 West 39th Street, 16th Floor, New York, NY 10018 | P > 212-672-0010 | F > 212-688-6598 | E > info@TheInfoPro.com
 NAC Cools Off
Information Security Technology Heat Index® Change (Top Half)
NAC has fallen in the Heat (Large-enterprise Respondents)
Index ranking from 1 (Q2 (Gauges the Immediacy of User Needs and Planned Spending for Each Technology)
’09) to 4 (Q4 ’09) to 10 (Q1 Q3 '10
Q2 '09 Q4 '09 Q3 '10
’10). Its current strength Heat Technology
Rank Rank Rank
among technologies seeing Score
increased spending is 100 Security Information Event Management (SIEM) 5 9 1
misleading. 100 Event Log Management System 3 1 1
99 Data Loss Prevention Solutions 4 3 3
81 Network Intrusion Prevention (NIPS) 7 12 4
76 Web Content Filtering 9 7 5
74 Network Intrusion Detection (NIDS) 21 12 6
73 VPNs – Based on SSL 15 2 7
73 Secure File Transfer 12 6 7
72 Data Encryption 13 14 9
69 Network Access Control (NAC) 1 4 10
66 Identity Management – User Provisioning 6 19 11
65 Identity Management – User Self-service 10 19 12
63 Vulnerability/Risk Management 25 23 13
61 Network Firewalls 18 8 14
60 Two-factor (Strong) Authentication 26 5 15
60 Secure Email Messaging 8 11 15
58 Network Anti-virus and/or Anti-spam N/A N/A 17
54 Identity Management – Federated 35 17 18
53 Key Management 33 30 19

The TIP Technology Heat Index® is based on the immediacy of users’ needs and their plans for each
technology, weighted by their security spending. The result is an effective measure of user demand for a
technology or – from a vendor’s perspective – the relative size of the market opportunity.
The scores are normalized, so the top is 100 and the bottom is zero. These are not percentages. They show
relative demand. A “!” vendor has at least twice the number of responses as the closest competitor.

(10/7/10): Large-enterprise Sample. Q2 '09, n=163; Q4 '09, n=188; Q3 '10, n=155.

QuickTIP – January 13, 2011 | 2
 Those That Already Have NAC Plan to Increase Spending

• Currently, 36% of large Network Access Control (NAC) (Large-enterprise Respondents)

enterprises with NAC in Vendor Landscape 2010 Spending Levels:
use or in plan expect to (Users With the Technology in Use or in Consideration)
increase spending on the Cisco
technology in 2011 vs. > $10M 4%
Microsoft
only 6% expecting $5M-$10M
declining spending. This Juniper Ntwks $1M-$4.99M
may be attributed to the
$500K-$999K 4%
fact that enterprises that Symantec
have already committed $100K-$499K 31%

to NAC have continued ForeScout

< $100K 50%
with enterprise-wide McAfee No Spending 12%
rollouts.
• Only 9% of large Sophos
enterprises are spending
over $100,000 in 2010. Odyssey Sftw

• Spending figures may Impulse Point 2011 vs. 2010 Spending Change:
include associated (Users With the Technology in Use or in Consideration)
deployment costs beyond Imperva
NAC hardware and
Bradford 6% 59% 36%
clients. With the benefit
of trials and peer Infoblox
experience, it appears Less About the Same More

that enterprises are Aruba Ntwks

approaching NAC with
higher cost expectations. 0% 5% 10% 15% 20% 25% 30% 35%

In Use Now In Pilot/Evaluation

In Near-term Plan (Through End Q4 '10) In Long-term Plan (Q1 '11 to Q3 '11)

(9/20/10): Large-enterprise Sample. Left Charts n=152. Upper Right Chart: n=26. Lower Right Chart: n=53.
QuickTIP – January 13, 2011 | 3
 NAC Drops From Plans

NAC has dropped from IT

professionals’ plans.
Network Access Control (NAC) Time Series – (Large-enterprise Respondents)
• Fifty-one percent (51%) of
large enterprises have no plans
for NAC, up from 30% in Q4 100%
’08.
• While the percentage of those
using NAC has dropped
slightly, the more significant Not in Plan
change over time is that fewer
80%
companies are piloting or In Use Now
planning to use NAC in the
future.
60%
51%

38%
40%
30% 30%

32% 31%
20% 25%
18%

0%
Q4 '08 Q2 '09 Q4 '09 Q3 '10

QuickTIP – January 13, 2011 | 4

REPORT NAME | SECTOR WAVE #

This presentation contains confidential information which is the property of TheInfoPro

and is given to the recipient pursuant to a confidential relationship between the
recipient and TheInfoPro, Inc. Such information shall not be copied, disclosed to others,
or used for any purpose other than that for which is given,
without the written permission of TheInfoPro, Inc.
TheInfoPro™ and logo are trademarks and property of TheInfoPro, Inc.
© 2010 TheInfoPro, Inc. All Rights Reserved.
108 W. 39th Street, 16th Floor, New York, NY 10018
P > 212.672.0010 F > 212.688.6598 E > Info@theinfopro.com
www.theinfopro.com