|Information Security For The
Internet Reaches Maturity
BY ROBERT BOVA
When Virtual Private Networks (VPNs) arrived on the technology scene
they promised bulletproof security for corporate networks at a fraction of
the leased-line cost. As time passed, the enthusiasm for VPNs waned -- the
encryption technology available didnï¿½t match companiesï¿½ dual
expectations of high-speed performance and maximum-security requirements.
This technology hurdle has now been addressed with sophisticated
developments in high-speed crypto ASIC design and production. VPN
infrastructure manufacturers are now meeting expectations with the highest
level of security (IPSec using 3DES ï¿½ CBC mode) at speeds of 2G bit/sec.
These performance improvements are essential in reflecting the momentum of
VPN adoption. Both service providers and company-managed networks have
focused expectations relative to return on investment, flexibility, and
better-centralized management. By meeting these expectations, VPN product
revenues more than doubled to $706 million in the first half of 2001, up
from $313 million in the first half of 2000, according to Infonetics
VPNs are maturing at a time when secure network accessibility is
becoming increasingly important to companies with multiple branches,
telecommuters, and workers-on-the-go. Companies are also embracing VPNs
for their intrinsic ability to slash operating costs and prevent
unauthorized access to sensitive corporate information. VPNs are so
compelling that over 50 percent of all companies plan on deploying VPNs by
2002, according to analysts.
Since the events of September 11, 2001, companies are revamping IT
budgets and making information security a key objective. A survey taken by
J.P. Morgan Securities shows 64 percent of companies are increasing
security spending in 2002 as a result of the terrorist attacks. Integrated
VPNs are a significant component of the new security strategy for many
companies. For companies with over $500 million in revenue, 64 percent
plan to deploy VPN and SSL solutions in 2002, according to the J.P. Morgan
VPNs: FOR SERVICE PROVIDERS TOO
Enterprises arenï¿½t the only ones embracing VPNs. Telcos and service
providers also gain a competitive advantage by offering VPN capability
bundled with their existing applications and services. For these
providers, VPN solutions are deployed seamlessly to customers at a
fraction of the cost individual companies could implement a comparable VPN.
Reselling VPN services is also a lucrative opportunity for telcos and
service providers. A VPN solution combined with an IPSec client and a
firewall secures access to critical corporate resources and provides solid
protection against unwanted Internet intrusion.
With VoIP revenues not materializing as quickly as some had forecasted,
and the effects of the dotcom crash still being felt, money is tight for
service providers. Projects requiring building costly infrastructure --
infrastructure that doesnï¿½t yield quick returns on investment -- are
being put on the back burner. The good news for service providers is
managed security is a service in high demand. In the past year, the number
of companies offering managed intrusion detection, virtual private
networks and managed firewall services grew 72 percent, according to a
recent report from Giotto Perspectives called Managed Security Services
ï¿½VPN services were first introduced as low-cost alternatives to
private line and fast packet networking but at the time, service providers
found margins lacking,ï¿½ said Dan Taylor, Partner at Giotto Perspectives.
ï¿½Security and VPN technologies have evolved to a point today where
service providers can offer their VPN customers high bandwidth and high
performance. In addition, service providers can now deliver VPN management
capabilities directly to their customers, to create high-value services.ï¿½
This increasing supply is met with mushrooming demand. Almost half of
all small businesses, and a quarter of all large ones, will use a managed
security service by 2003, according to Infonetics Research. Service
providers are positioned well in this lucrative market.
Service providers looking to increase their average revenue per user are
flocking to VPNs as high profit margin addition to their services. On
average, every remote user adds an additional $20 or $30 a month in
revenue for the service provider. By enrolling larger enterprises with
site-to-site VPNs the revenue per user ramps more quickly. Also, by
extending the VPN to the enterprise, service providers can either sell the
equipment needed at the customer premise or increase monthly service
charges to offset the cost of the equipment.
Some of the key capabilities companies should demand of their VPNs are:
Speed is a crucial criterion in choosing a VPN. For large enterprises VPN
solutions exist that run at speeds up to two Gbps and offer from 100 to
over 40,000 VPN tunnels. The critical component of exploiting the speed is
the technologyï¿½s capacity to scale over a line of products. By having
the ASIC engine that can be implemented in every VPN appliance from the
SOHO to the medium-sized business, up to the high-density service provider
or Fortune 500 HQ, the installation strategy can be managed effectively
with no compromise on performance.
Security And Cost Reduction
VPNs are a compelling business solution because they provide the highest
end-to-end security at wire-speed at a sizable cost reduction compared to
a private network. They provide strong security (3DES-CBC mode) for users
and managers of Fortune 500 companies, hosted e-business sites and
applications, branch offices, and mobile or remote workers. A VPN
solution, an IPSec client and a firewall combine to control access to
information, while protecting against Internet intrusion. By implementing
a VPN solution that integrates additional security applications such as
intrusion detection, digital certificate support, DOS, Radius capability,
and client authentication, a powerful communications platform is developed
using the Internet for the transport of company business information.
Vastly Increased Flexibility
VPN infrastructure equipment today should provide a scalable architecture
to evolve with your business. VPN appliances should provide multiple
network interfaces, solid high-availability functionality, a scalable
product line, interoperability with existing infrastructure equipment, and
network management, eliminating the need for additional network devices.
Port configurations include failover provisioning, so that in an event of
port failure, another port will automatically take over, thus keeping your
network operational. Virtual LANs (VLANs) and virtual routers enable
multiple virtual networks to be hosted on one physical infrastructure.
Implementation flexibility should include a management interface that
allows customization of the communication platform as well as rock solid
failover for nearly every hardware and software component, as is warranted
within the network infrastructure.
Ease Of Management
Advanced network management capabilities reduce the need for additional
hardware as well as provide detailed application reporting and incident
recognition alerting. VPNs should feature a total management solution that
provides network professionals with easy, integrated access tools for
global, site, and unit management. A single point of control is required
for monitoring and provisioning the entire network by supporting widely
used enterprise-class management tools.
VPN products have evolved to integrate many capabilities into one
appliance, which is essential for managing mission-critical VPN
applications trusted with the digital assets of an organization. Some of
the functionality available in a single VPN appliance are firewalling,
load balancing, content checking, URL checking, intrusion detection,
denial-of-service detection, anti-virus protection, policy routing, and
management. Centralizing the management of these key networking
capabilities dramatically streamlines network management and frees up
network administrators to concentrate on other projects.
As VPN requirements become more exacting and integral to a companyï¿½s
overall IT success, products exist today that are designed to meet or
exceed these expectations. VPNs are now living up to their highly touted
promises and enterprises, telcos, and service providers are at last poised
to reap the benefits. c
Robert Bova is executive vice president of The Americas and Pacific
Rim at Asita Technologies and can be reached at [email protected].
Asita Technologies, a global provider of fully integrated high-speed VPN
solutions, can be reached on the www.asitatechnologies.com.
To The February 2002 Table Of Contents ]