Is The End of IPsec Afoot?

by Sean Michael Kerner

Gartner says SSL-VPNs will dominate remote access by 2008.

Within the next two years, IPsec will no longer be the dominant remote access technology.

According to research firm Gartner, SSL VPNs will be the primary remote access method by 2008 for greater than 90 percent of casual employee access, more than three-fourths of contractors and more than two-thirds of business telecommuting employees.

SSL VPNs offer the promise of easier access since all they typically involve from the end-user standpoint is a Web browser to access a corporate network.

SSL(define) is broadly used as the security method of choice for online banking and other security-sensitive Internet applications.

In contrast, IPsec (define) is seen as being more complex and resource-intensive, as it typically requires the end user to install a client to access a corporate network.

The Gartner report sites a number of other advantages to SSL VPNs, including the fact that a unique IP address is not necessarily required to authenticate, and sessions may "roam" across IP addresses.

According to the report, Cisco is a leader in IPSec and a visionary in SSL VPN. And Juniper and Aventail are the only two firms in Gartner's leader category for SSL VPN.

Both Juniper and Cisco recently launched new SSL VPN platforms for service providers.

Aventail said both legacy IPsec users and new remote-access users are moving to the new technology.

Lewis Carpenter, Aventail COO, explained that the primary barrier to SSL VPN adoption is if a user already has a legacy implementation that's good enough and that they can live with. Carpenter argues, however, that most find that SSL VPN reduces help desk costs and provides better granular access control among other benefits.

One issue that has come up in the past is the price differential between IPsec- and SSL VPN-based solutions.

An October study conducted by SSL VPN vendor SonicWall reported that 80 percent of respondents thought that current SSL VPN solutions were too expensive.

Nearly 50 percent of respondents did, however, indicate that they believed SSL VPN to be a desirable option to have.

"The price of an SSL VPN solution if you just compared it independent of function to an IP-SEC solution is still higher," Carpenter admitted.

"But when you look at the costs of implementation and support, in most cases our customer say they have achieved significant cost savings because of getting better access, better control and reducing help desk costs."

Not everyone agrees entirely with Gartner's findings, including Cisco systems.

"Cisco believes that both SSL VPNs and IPSec-VPNs remain viable for VPN access, and the choice remains highly dependent on specific customer requirements," Tom Russell, senior director of product marketing in the Cisco Security Technology Group, told internetnews.com.

"However Cisco does agree with a general trend towards SSL VPNs for their ease-of-deployment features."

Aventail's Carpenter said that he does think that IPsec is a great technology for connecting networks.

"So in a site-to-site-type implementation, I think it fits fine," Carpenter said. "Where it really will continue to diminish, lose presence and eventually disappear is in the whole area of remote access and mobility."

But Cisco doesn't expect IPsec to disappear anytime soon.

"While SSL VPNs are a viable replacement for IPSec VPNs under appropriate conditions, Cisco believes IPSec VPNs will remain a very important remote-access VPN technology for the foreseeable future," Russell said.

Article courtesy of internetnews.com

This article was originally published on Friday Jan 13th 2006