SSL VPNs: full access with maximum security

Muthu Kumar M, managing director, Aventail India, on a technology that takes the danger out of telecommuting

THE concept of work no longer means a set number of hours sitting at a desk in an office. While going to an office is still part of work, employees are now working in new ways and from many different locations—as a tele-worker, while travelling, from trade shows or conferences, or from other remote locations. This trend is also increasing pressure on companies to provide more flexibility and remote access to their employees.

All types of workers, from mobile executives to physicians to truck drivers, are benefiting from the ability to access and transmit business-critical data—literally from the palms of their hands. However, these productivity benefits aren’t without risks, and there are a number of challenges concerning security. Dangers emanate from accessibility to a network, from those with a non-technical background, those that access the network from home, from hackers with malicious intent, viruses that spread unintentionally or otherwise, and because technology itself is not always impenetrable.

Many companies are turning to a relatively young technology, Secure Sockets Layer Virtual Private Networks (SSL VPNs), to provide a full range of remote access while ensuring maximum security.

VPNs have been widely deployed by enterprises as a cost-effective and secure means to connect remote users with internal corporate resources. SSL VPN solutions are used for remote and mobile access in a world where IT may not control the network, user or desktop. In fact, SSL has become the de facto protocol for securing Web transactions and messages over the Internet, and is included in all standard browsers along with most Web server products.

No matter what the app

Unlike traditional IPSec VPNs, SSL is a higher-layer, application-independent security protocol. Since it is already included in the browser, no additional client software is required, giving users the benefit of ‘anywhere access’ to Web, client/server and file sharing resources from an Internet café, airport kiosk, wireless device, or PC on someone else’s corporate network. SSL VPNs provide clientless access by using Java, with or without terminal services, to access a full range of enterprise applications.

Today’s increasingly sophisticated and mobile workforce is demanding remote access from multiple fixed and wireless devices, and they want that access to perform as if they were on their local corporate network. Extending corporate IT systems to cellular phones, PDAs, and laptops creates a new delivery channel, broadening accessibility to applications, services and information for employees, partners and customers. The increasing popularity of PDAs and other mobile devices is being fuelled by their ease-of-use, desktop syncing capabilities and the shift from simply providing on-the-go access, personal schedules, phone numbers, and action lists to becoming highly valuable business tools. Unlike traditional VPNs, SSL VPN solutions can manage all of these use cases, and handle them securely.

The need for secure remote access solutions is expected to rise at a rapid rate, since remote accessibility helps improve productivity, optimise use of employee time, and raise employee satisfaction by enabling them to work from home. Teleworking not only resolves the hassles of commuting, it also saves time and reduces overhead expenses.

Cheaper gear drives remote access

The falling costs of connectivity and equipment are also spurring alternative work environments. A recent study by The Yankee Group found that the cost of desktop computers has fallen from $2,000 three years ago to less than $500 now, and that the cost of laptop computers has fallen even more dramatically. Another study on occupational health discovered that teleworkers often enjoy higher job satisfaction than their peers who work onsite at corporate offices.

This greater job satisfaction translates into less stress and better work/life balance, apart from other advantages such as less time spent stuck in traffic. One study has calculated that, on the average, workers spend 30 days every year commuting and socialising in the workplace. To the advantage of everyone involved, this time can clearly be spent being more productive.

Enterprise apps everywhere

Until now, options for giving the mobile workforce secure, easy-to-manage access to client/server applications such as Microsoft Outlook required trade-offs. The Exchange server could be placed at the edge of the network in the demilitarised zone (DMZ), but most companies consider this an unacceptable security risk. Or you could put Outlook Web Access in the DMZ, but this forces users to access through a Web interface designed for larger devices. SSL VPNs offer a stronger alternative. Users have full client/server application access by securely extending POP3 or IMAP over the Internet.

With SSL VPN technology, salespeople can download corporate customer relationship management data from the field. Manufacturing plant managers can track inventory and place orders before supplies reach critically low levels. Doctors can transmit authorisation for a prescription from the bedside of a patient. Shop-floor managers at manufacturing firms can place on-the-spot orders.

SSL VPN’s clientless remote access capabilities are proving to be an impressive solution for network remote access needs. Recent Frost & Sullivan research reveals that the market is ramping up quickly, with significant growth rates expected over the next two years. The key considerations when evaluating SSL VPN products as a remote access solution are encryption, access control management, authentication, identity management, inter-operability, application support, scalability/extensibility, endpoint security and total cost of ownership.

In today’s growing SSL VPN market, it’s easy to become overwhelmed by the wide range of solutions available. So when selecting one, evaluate both its business benefits and technology benefits.

The author may be contacted at mkumar@aventail.com