Easy-to-use SSL gaining on IPsec VPNs

Secure Sockets Layer (SSL) is beginning to rival the IPsec VPN as a method of providing secure remote network access. Analysts and an admin say SSL is easier to use and manage. Others, however, say the technology isn't as secure and won't fully displace IPsec VPNs.

Companies have long struggled to provide their employees with secure remote access to their networks. Most recently,

Internet Protocol security virtual private networks (IPsec VPNs) have been most popular, but now a new technology is gaining a lot of support.

Last month, the Stamford, Conn.-based research firm Gartner Inc. came out with a research note on Secure Sockets Layer (SSL) remote access for enterprises. At the same time, In-Stat/MDR included SSL in its network security report. After a slow first year, SSL is starting to gain acceptance as a remote access technology for enterprises.

Using SSL, employees can access the network from any device that supports a Web browser. There is no client for admins to manage, because the client is Internet Explorer. Users simply sign on, get authenticated and access Web-based applications and files.

"For short duration connections, this is a very simple, great way to enable more people to get work done while reducing the burden on the company," said John Girard, research director of Gartner's security group.

It is an approach that is likely to catch on. While in 2002, SSL generated $21 million in revenue, Jaclynn Bumback, an analyst with the Scottsdale, Ariz.-based research firm In-Stat/MDR, projects that SSL revenue will rise to $1.3 billion by 2007.

Part of the growing popularity of the approach is that it gives employees remote access without the added expense of deploying and managing a VPN, Bumback said. In a recent survey, In-Stat/MDR found that, on average, companies give 25% of employees remote access to information.

However, she said that most companies wanted to extend that access to larger groups of employees because companies see productivity gains when workers can access corporate information from home.

The ease of access to the network is one of the features that drew the Buffalo, N.Y.-based Catholic Heath System, a regional group of health care facilities, to SSL. Remote access, especially for physicians, is a necessity, said Doug Torre, director of networking and technical services for the health care system.

Using VPNs as the primary remote access technology was a challenge, Torre said. Since physicians are always on the move, they often use home computers and computers in private practices to access hospital networks. Managing VPNs across all of these unrelated systems was nearly impossible, Torre said.

"IPsec VPNs are a nightmare. Literally, they are that thing that wakes you up in the middle of the night screaming," Torre said.

With SSL, a physician can have Web-based access from any device that supports a browser, whether it's a PC, a Mac or a PDA, and it doesn't matter whose computer it is.

Security, Torre said, has not been a problem with SSL. The encryption level is high, and the users are authenticated.

But SSL is not likely to be a replacement for IPsec VPNs, said Gartner's Girard. There will always be some people in the company that need the highest possible level of encryption and access, and those that need to be connected all day long from company computers. SSL is better suited to those that only need to quickly check e-mail or update files on the road.

SSL is certainly going to be part of the authentication mix going forward, Bumback said. Right now, smaller companies rule the market, but the big players are starting to move in. Check Point Software Technologies Ltd. and Nortel Networks Ltd. have SSL products in the works. While these products lack much of the functionality that smaller players like Neoteris Inc. and Aventail Corp. provide, they show an understanding of the importance of this new approach to remote access, Bumback said.

FOR MORE INFORMATION:

Browse our Topics on VPNs

Pose your questions to VPN expert Ted Studwell

Dig deeper on IP Networking

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close