A lot of NAC users buy the technology for one reason, be it checking the security posture of student laptops at universities or identifying guest users of business networks and keeping them away from corporate resources. Then when they try to expand their uses of NAC to other areas, they find the gear they bought initially might not be appropriate (Compare NAC products).

For instance, a company using a NAC appliance only for guest access might later want to use NAC to make sure all corporate desktops have the company’s standard software image. That leap in the numbers of devices being checked by NAC could overwhelm the initial appliance and require so many more as to be unaffordable or unmanageable.

In this case, expanding NAC may require buying a separate NAC solution to augment the first, when a little foresight might have dictated buying a different NAC product initially that would scale for later uses.

That is the approach recommended by Forrester Analyst Rob Whiteley based on his dealings with his firm’s corporate clients.

He urges that they look at NAC and all its possibilities and figure out which features of NAC meet their network needs. Based on that, they should write out the full set of policies NAC would be asked to enforce, not just those needed for the most pressing need.

The way he puts it: “Do the scenario planning. Figure out the two, three, four, five scenarios that require access control, not just the first one, and have them dictate the policy. Once you have policy in place have that dictate the technology. “

That way the initial NAC purchase decision can be made with the knowledge that it can be smoothly and economically extended to meet later needs.

Tim Greene is senior editor at Network World.