Field workers benefit from SSL VPNs
Technology set for exponential growth, say experts
Providing secure remote access to field workers is an eternal problem faced by network and IT managers.
Virtual private networks (VPN) are the obvious answer but IPSec, the technology they were originally based on, requires client software at the remote site and laptops or PCs must be set up specifically for the job.
Larry Quinlan, CIO at Deloitte Consulting believes he has overcome the problem by using SSL VPN technology.
He operates a global network of consultants and because SSL VPNs require no client software, his consultants can simply plug their laptops into a client's network and traverse the firewall as HTTP traffic.
"We looked at it a little differently," said Quinlan. "For us it was a strategic necessity, where for others it may simply be seen as a better way of doing things."
Neil Hare-Brown, director at security consultants QCC, said that in essence SSL VPNs are a good thing, but are not without their own set of issues.
"You still need a digital certificate, a server side certificate and a digital ID at the client," he said. "Aventail [which provides the technology to Deloitte] is saying its fine to use the pre-installed certificates that are already in your browser to form the SSL channel.
"This is fine, except there is no access control on those certificates. Once they are in the browser, anyone can sit down at a PC and get in."
Quinlan conceded the point: "It's something we have to address. The management and configuration of certificates has to be handled appropriately."
Aventail offers its SSL VPN service as a managed service, which Quinlan said was one of its main attractions. "Upgrades are taken care of and that is an enormous help. We can pretty much forget about it," he said.
Infonetics Research claims the technology will be one of the fastest growing technology areas, with annual revenues for SSL-based VPN gateways growing to $871m by 2005. "IPSec clients can be a pain to manage, and they provide more access than a lot of users need, since many only access a couple of basic applications," said Jeff Wilson, executive director at Infonetics.
"SSL also makes good sense in the extranet environment, as it gets around the uncomfortable problem of installing software on computers that don't belong to you."
Mark Bradshaw, VP Emea at Aventail, also believes that SSL can provide much needed security for emerging web services. "It's nicely positioned to deal with the security for .Net," he said. "XML sits on top of HTTP which itself is directly above SSL."