MSSP Survey Part 3:
Most mobile workers now use some type of Virtual Private Network (VPN) to reach their corporate network; Infonetics projects that penetration will reach 74 percent this year. Despite a soft economy, the VPN appliance market is going strong; In-Stat/MDR expects revenue to top $4 billion by 2007.
Nonetheless, after nearly a decade in the field, secure VPN services continue to evolve. Headaches with IPSec VPN client software installation and configuration have prompted growth in "clientless" SSL VPNs for anytime/anywhere remote access. IPsec still dominates secure site-to-site VPNs, but now shares the field with MPLS for high-performance connectivity with manageable quality of service (QoS).
In this year's MSSP survey, we find that managed site-to-site (S2S) and remote access (RA) VPN services mirror these general VPN market trends:
* Most participants still offer one or more IPsec VPN services, but the percentage offering SSL VPN services has more than doubled since our 2003 survey. Several participants offer both IPsec and MPLS site-to-site VPN services that can be deployed alone or in conjunction with other VPN and managed security services.
* As in 2003, we see modest improvement in encryption strength, as Advanced Encryption Standard (AES) support grows and the aging Data Encryption Standard (DES) dwindles.
* Better yet, our 2004 survey shows a marked increase in support for stronger authentication options like digital certificates, RSA SecurID tokens, and other two-factor methods.
These trends merely scratch the surface of managed VPN features and service characteristics. To better appreciate the breadth of available VPN services, network topologies, security options, administrative procedures, and bundled or add-on options, read on...
Why Outsource VPN Services?
MSSPs deliver Managed VPN services by taking on responsibility for VPN gateway installation, configuration, and (typically) 24x7x365 monitoring from a Security Operations Center (SOC). Many managed VPN offerings can still be purchased as firewall add-ons, but most the providers in our survey also offer standalone VPN-centric services, often based on MPLS-capable routers or SSL/IPsec VPN concentrators.
Depending upon the service, managed VPN hardware can be purchased up-front, rented from the provider, or (most often) bundled into the offering. Managed VPNs thus tend to reduce capital equipment investment and speed deployment vs. in-house VPNs.
Customers can also cut ongoing IT costs by offloading many routine VPN administration tasks to their provider, while retaining ownership of security, performance, and authorization policies. That is, customers still decide who should be permitted access VPN resources, from where, using which crypto methods, over which class(es) of service. Providers work with customers to identify these business needs and then implement a VPN to support them.
http://www.isp-planet.com/technology/2005/mssp3.html