VPNs: Network Data Deadbolts

Technological advances have prompted changes to corporate communication needs. Employees working in hotel rooms, field offices or even abroad often require access to network and system resources. Also, admission to company networks is no longer limited to individuals on your payroll. Increasingly, suppliers, contractors and customers require real-time access to information.

Since anyone with an Internet connection can potentially gain such privileges, companies often rely on virtual private networks (VPNs) to secure their connections. Recently, the composition of those connections has been changing -- and quite dramatically -- so enterprises have more choices for safeguarding their remote links.

VPNs work at the network layer and address the challenge of how to use the Internet -- where one never knows who is on the other end of a connection -- to transport sensitive traffic. Typically, these products feature a combination of tunneling (a process where information is encapsulated, basically broken up into different parts for safe transport) and encryption (the scrambling of data so outsiders cannot make sense of it).

IPsec -- the First Popular VPN

As the Internet has evolved, various types of VPN solutions have emerged, with the first popular option being IPsec. "IPsec was designed to meet the requirements for fixed, site-to-site network connectivity," noted John Girard, vice president at Gartner (NYSE: IT).

Basically, this technique was used to replace the expensive leased lines that many companies relied on to connect their branch offices with cheaper -- and often higher bandwidth -- broadband links. IPsec operates at the network layer, so it quite flexible: Basically, a company can use it for any application. Because this option has been available longer than any other, it runs on a large number of different devices, and its features have become quite familiar to end users and network technicians.

While flexible, IPsec does have its disadvantages. "IPsec does not fit well with companies that have large numbers of mobile workers," Pete Lindstrom, senior analyst at market research firm Burton Group, told TechNewsWorld. Because software has to be installed on all client systems, users sometime cannot function when they travel. In some cases, computers in coffee shops or networks in hotel rooms will not let them load the VPN software. In addition, IPsec VPNs often chew up a lot of management (deploying, updating, configuring) resources.

As users became more mobile, another option -- Secure Sockets Layer (SSL) -- emerged. These VPNs, which typically run on laptop computers, operate at the application level rather than the network layer. Instead of relying upon special software usually running on company issued computers, SSL VPNs use SSL/HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) to secure the network transport.

Since this feature is built into all standard Web browsers, users can work with different computers to access company resources. Also, SSL VPNs are application and user aware, so an administrator can grant system privileges at a granular level. An employee will have a completely different set of access privileges when working from a home office than a contractor would have when accessing information from a public kiosk while traveling on the road.

High Cost = SSL

This option does have one significant downside. "SSL VPNs cost 10 times as much as IPsec solutions," Girard told TechNewsWorld. Yet even with the high price tag, SSL VPN gateways sales have rising recently. In fact, Infonetics expects worldwide manufacturer revenue for these devices to more than double from 2006 and 2010.

Recently, new types of VPNs have been emerging. "One area gaining attention recently is mobile VPNs," noted Girard. In some cases, IPsec and SSL do not work well with mobile devices, such as cell phones and PDAs. Consequently, vendors such as NetMotion have designed mobile VPNs that try to address issues found on wireless networks, such as coverage gaps, roaming and performance problems.

If one steps outside the VPN niche, other macro network and security trends are impacting this market segment. In fact, the term "VPN" has become harder to define, something especially true with IPsec VPNs. "Network equipment vendors have begun integrating their IPsec security products into their routers and switches as plug-in modules," Lindstrom told TechNewsWorld. This change is designed to reduce companies' costs, eases their security deployment, and decreases their maintenance tasks.

In addition, companies are trying to consolidate security functions. With security functions becoming more complicated, enterprises find themselves with a handful of different products. Rather than work with products individually, users want to bundle them all into a single system.

Tying Up All the Security Functions

As a result, vendors have begun delivering unified threat management systems, integrated security suites that include firewall, VPN, spam filtering, virus detection and spyware monitoring functions have emerged.

These products promise to ease the installation and maintenance tasks associated with individual security tools and ideally reduce the amount of time that IT departments spend working with them. Vendors with such products include Fortinet, SonicWall and Crossbeam, as well as network equipment makers Cisco (Nasdaq: CSCO), Juniper and 3Com (Nasdaq: COMS).

VPNs continue to be key components in enterprises' strategy to secure network connections for an ever increasing band of nomads who need to access corporate data. As the market enters its next stage, the key issue is no longer which is the best type of VPN but rather how will VPN features be packaged in the future.