Questions about the staying power of VPNs (virtual private networks) have circulated since the technology's inception.
Bill Jensen, a product marketing manager for Check Point Software Technologies Ltd ., recalled the time nearly a decade ago when financial and automotive customers described VPNs as a temporary measure. Their thinking was that VPNs would become unnecessary amid cheap WAN lines and landlines.
"Since basically [from] the time VPNs have appeared, people have been saying, 'Do we really need them?'" Jensen observed.
The answer, apparently, is yes.
The original VPN technology, IPsec , has acquired a large installed base over the years. TheInfoPro Inc. reported that 81 percent of the organizations it surveyed have LAN-to-LAN VPN technology in use, according to Bill Trussell, managing director of networking research at the market-research firm. IPsec is the main method for this type of connectivity, in which a branch office LAN may be linked to a headquarters network, for example.
SSL (Secure Sockets Layer) VPNs , a five-year old technology, may lack IPsec's market penetration, but it is seeing rapid growth. TheInfoPro ranked SSL VPNs, which are used predominately for remote access, as the second-ranked technology on its Heat Index. Only 10 GbE (Gigabit Ethernet) core switching ranked higher.
The Heat Index aims to provide a glimpse into future spending in a given area. TheInfoPro tracks about 40 networking technologies and the investment plans of midsize and Fortune 1000 organizations.
Six months ago, TheInfoPro pegged SSL usage at around 57 percent of surveyed organizations. That compares with a 44-percent implementation rate two years ago. Preliminary results of the company's most recent survey suggest that the technology-in-use number for SSL VPN may rise to 59 percent, with 22 percent of the respondents planning to adopt the technology.
"We've seen a lot of interest … and quite a growth curve, which seems to be continuing," Trussell said.
"There is definitely increased use and implementation of VPN all over," said Sumit Pal, executive vice president of WithumSmith+Brown Global Assurance, a security and compliance consulting firm.
"It has been resilient," Jensen said of VPN.
He attributed the technology's continuing uptake to manageability improvements.
"An IPsec VPN can be very simply configured" said Jensen, whose company offers VPN solutions as part of its product lineup. "You say which points you want in your IPsec VPN, and dynamic routing takes care of all the rest."
That feature is common to any Check Point Software Tecchnologies VPN-1 gateway, Jensen said.
"It can be done on any platform using our SecurePlatform OS or on the Nokia," he noted.
Jensen said that one of the early problems of VPNs, in general, was that a site would be configured one way and other sites would not inherit the configuration automatically. But increased manageability at the interface level makes for consistent sets of attributes at all of the different gateways, he explained. That's true of both IPsec and SSL VPNs, Jensen added.
In addition, Jensen said that VPN products have become simpler and much more secure.
Check Point Software Tecchnologies' VPN-1 gateways and Connectra SSL VPN, for example, integrate with the company's Integrity-endpoint-enforcement feature. The technology checks for malware and makes sure that anti-virus software and other security measures are present on the endpoints that attempt to access the network.
Tim Simmons, director of product marketing for Citrix Systems Inc.'s Access Gateway, said that the SSL VPN product scans the configuration of devices coming in from the outside and passes that health information down to the application-delivery infrastructure. Citrix Systems' approach controls both access and actions, such as whether a user will be able to print to a local printer from a given application, Simmons said.
The use of two-factor authentication also contributes to VPN security, Pal noted. Users typically access the VPN with a username and a password , but the potential for password theft becomes a source of exposure. But larger enterprises increasingly use a device, such as RSA Security Inc.'s SecureID, that randomly generates a second password, Pal noted.
Pal said that two-factor authentication applies to both IPsec and SSL VPNs.
"However, it is not recommended to use PPTP [Point-to-Point Tunneling Protocol] or IPsec 56-bit for VPN connections because they have been proven to be less secure than other technologies," Pal said.
Pal recommended using 128-bit IPsec (Triple DES) or 256-bit AES encryption, if possible.
IT must ensure new applications are rolled out quickly, reliably, and without risk, while at the same time guaranteeing performance and availability. Read this VirtualWisdom white paper to find out how to achieve application-aligned infrastructure performance, and more. more
In an era of new technologies and cloud-based application delivery models, your business success depends on your ability to ensure optimal application performance and quality user experiences at all times. This complimentary white paper from AppNeta will enlighten you to the new frontiers in end user experience management and much more. more
Consider HP as your Microsoft Lync Solutions provider! more
Increasingly, the success of business is being tied to the network. The transformation of the network and IT can help organizations deliver and support highly available applications and services while reacting more quickly to changes in the business environment. In this complimentary white paper from IDC, learn how HP can help its customers and partners improve the overall application experience. more
This buyer's guide presents an overview of leading products on the market today and aims to improve research for companies needing to purchase or upgrade their equipment. more