Hybrid deployments of NAC seem to be the order of the day for businesses that have more than one use for the technology.

Research for a recent story about software-based NAC that enforces policies at the endpoints indicates that businesses often buy NAC for one reason and later want it for another. The challenge they sometimes face is that the second need cannot be met by the solution the original purchase filled.

So a company that wants to ensure that it’s managed machines are compliant with patches and updates and security software may adopt a software-based NAC product. If the company already has a security software suite on all its client machines, that is an incremental purchase and eases management burdens by using the same platform as the suite.

But later the company may recognize that its stable of consultants is increasing and wants to mitigate the risk of consultant laptops infecting the corporate network. Since the business doesn’t control the laptops, it can’t install the security suite or the NAC client on them.

In this case, the best option may be adding a NAC appliance to the mix. These can perform limited testing and block or restrict access to contractor and guest machines according to policies.

As NAC matures, vendors will likely better integrate their gear so it is more likely that centralized NAC policies can be applied to all devices through all NAC platforms - at least that would be an attractive goal.

Regardless, vendors aided by standards are moving in that direction, and some vendors that offer multiple flavors of NAC are moving to integrate their own products more comprehensively.

Tim Greene is senior editor at Network World.