7.9. User-bility

Don't forget about the users.

The users in the NAC solution process are vital. They can make or break any NAC solution deployment. Ensure a smooth transition and ensure users will use and embrace any NAC solution deployment by initially deploying the NAC solution in audit mode. In this way, users can experience the NAC solution, how it works, and the messages that it provides — all without worrying about policy enforcement, or not being able to access their network or network resources.

Audit mode deployment — at least for a period of time at the start of the NAC solution deployment — can ensure the success of the NAC deployment after you turn on policy enforcement.

You can also establish training classes for users. Although a suitable NAC solution doesn't modify or change a user's procedure for accessing the network, you can make the users comfortable with the NAC solution by providing them with training about what occurs in a NAC deployment, the policies that they and their devices now have to follow to achieve network access, and what can happen if they or their devices aren't in compliance with organizational access and security policies.

Train users about situations such as quarantine or remediation. Be sure to explain to users that remediation can be manual or automatic — and which process will bring their device into NAC compliance, as well as why.

Users may have questions or concerns about accessing the network for the first time after you deploy a NAC solution. Work with the various NAC deployment teams and the helpdesk to provide as much electronic (or hardcopy — but try to be green!) information about how the NAC solution works and why your organization needs it, so that users can feel like they're part of the process.

7.9.1. Remote users

If your organization has remote users and/or telecommuters, try to work with them before you implement and deploy the NAC solution — even if you deploy it only in audit mode.

The remote users might be concerned by the different screens — depending on the NAC solution — that they see, the way or number of times that they may have to authenticate, and so on. Be sensitive to their needs because, unlike local users, they may access the network and its new protector, NAC, at times when the core team isn't available to answer questions, or walk or talk them through issues or concerns.

You should include remote employees and telecommuters as testers of the NAC solution, either in audit or full enforcement mode. Including remote users and/or telecommuters in the NAC evaluation and testing process can help both the NAC deployment teams — by ensuring that remote employees and users can access the network, with their compliance ensured via NAC, without issue — and the remote users.

7.9.2. Contractors

If your organization employs a number of contractors, or other guest-like users, notify these users of the impending NAC solution deployment. Even better, have several of these users test the NAC deployment, like the remote users. By employing contractors or other guest users as NAC solution testers, the organization can ensure that users vital to the ongoing success of the company — such as contractors, partners, and other outside users who require some level of network access to get their work done for the organization — can access the network after you deploy NAC, and can feel comfortable with the NAC solution.