Elizabeth Weise The staid world of VPNs is all shook up
Better, cheaper, easier has come to corporate networks
Since the 1990s, the virtual private network, or VPN, has been the digital equivalent of an envelope, something plain and reliable that protects messages or data from prying eyes.
This workhorse of companies’ digital security arsenal had become so commonplace that the arena was relatively static. So much so that a few years ago researcher Gartner stopped producing its famed “magic quadrant” of best products in the VPN market.
“It was so stable that it was hard to make a bad choice,” said Gartner security analyst Eric Ahlm.
But big changes are underway. With the advent of cloud computing and a mobile workforce that expects — and is expected to — work from anywhere, any time, on any thing, new ways to access VPN-like services are popping up right and left.
“The market’s being disrupted as we speak,” Ahlm said.
At base, a VPN is a secure, encrypted tunnel through the Internet created using software. It lets remote users connect to a private corporate network so they can access applications and services just as securely as workers in the office directly connected to the network. All of which simply means a message goes in one end and travels privately and securely to the other.
At the other end of the security spectrum from the VPN were dedicated connections that businesses use to connect offices to each other, called wide area networks (WANs). Instead of creating a one-time tunnel between a remote user and the office, these built a private highway system between, say, an office in Duluth and one in Boise. They were fast, robust and expensive.
Today companies must manage a constantly evolving topography of devices and remote users. The rise of cheaper, more nimble programs that do a lot of what VPNs and WANs historical- ly did is making them rethink how to connect people with data.
A manager might spend thousands for an expensive private line between branch offices but then go home and use a $50-amonth VPN to log in to work.
Both would do effectively the same thing. With the price differential so great, any manager might find him or herself thinking, “Can’t I get something that’s good enough, and a lot less expensive, for the office?’ ” said Sanjay Uppal, CEO of VeloCloud, a Los Altos, Calif.-based company that is one of many helping upend that binary model.
VeloCloud replaces “a closet full of gear” with software. “What used to be physical is now run on the cloud,” said Uppal.
The company and a host of other start-ups are mixing up the market. Many of the newer options simply require a good Internet connection and a browser. They are “less expensive and easier to use,” said Lee Doyle, a networking analyst who owns Doyle Research in Wellesley, Mass.
Another shift is that more and more apps, as well as systems that manage apps for companies, come with their own built-in VPNs, so an employee working on a smartphone or tablet from the field doesn’t necessarily need a separate, stand-alone VPN at all, said Gartner’s Phil Schacter.
In addition, the most recent enterprise versions of Windows 7 and 8 come with built-in support for a secure tunnel using the Direct Access feature. For companies that enable and support the feature, “there is no need for a third-party VPN client or gateway product,” he said.
Other companies have appeared that do most of the security in the cloud, sometimes with the addition of low-cost routers. These allow corporate users to create their own easy-to-construct networks. Examples include Pertino, CloudGenix, Viptela and Uppal’s VeloCloud.
Experts don’t expect the current complexity of the VPN world to last, though exactly what a new simplicity will look like remains a question. Gartner’s Ahlm believes eventually security will be folded into the offerings of communication service provider companies such as AT&T and Comcast.
But even as connectivity companies position themselves to provide these services from within the customer’s network, other companies are shouldering their way in. They want to provide secure connections “over the top,” layered over the basic online connection provided by the service providers.
The big question, said Peter Christy with San Francisco-based 451 Research Group, is who will get there first. He’s not certain the service providers can learn to be agile enough, quickly enough, to fend off the over-the-top businesses that already are.
“I’m not betting the big SP’s will learn the necessary new tricks.”