The three-year-old California company owns three planes that shuttle passengers from Santa Barbara to vacation destinations such as Las Vegas. It recently decided to deploy VPN technology to enable remote network access to sensitive company information.
"We had a lot of difficulties trying different solutions to give the pilots access," said Brenda Terry, IT manager at Santa Barbara Charter. "It was an administrative nightmare. I was getting calls at all times of the day and night."
After testing traditional Internet Protocol Security (IPsec) against newer Secure Sockets Layer (SSL)-based VPNs, Santa Barbara Charter decided to go with the latter. Terry cited greater flexibility, easier management, and most importantly, better security as reasons for the SSL choice.
Companies of all sizes are increasingly opting for SSL VPNs. According to San Antonio-based research firm Frost & Sullivan, the SSL VPN market will grow at a rate of 49% through 2010.
SSL VPNs are becoming popular because they leverage browsers on nearly every desktop and handheld, and allow access from more locations than IPsec.
Simply put, analysts said SSL VPNs are better suited to the needs of today's growing and increasingly mobile remote workforce.
The IPsec VPN gateway and firewall market took in more than $2 billion in 2003, according to Frost & Sullivan. In 2003, the newer SSL VPN market totaled $89.7 million. But analysts expect those numbers to change over the next five years as more companies begin using SSL VPN for remote access.
"The bottom line is that for remote access you can use either," said Mark Bouchard, a senior analyst with Stamford, Conn.-based Meta Group Inc. "But we believe that rapidly people will embrace SSL VPN."
IPsec is a framework set of protocols that enable security at the network or packet processing layer of network communication. This means that to gain access to networks via IPsec, mobile users must deploy client software on a specific computer, and can only use that computer to access the network from remote locales. It also means that travelers who lose their laptops are out of luck, Bouchard explained.
Alternatively, SSL VPNs can be used from any device at any time.
"For remote access, SSL VPN is very attractive because the user only needs a browser. They don't need a pre-deployed piece of client software to get access," Bouchard said. "It gives users the flexibility to connect from kiosks, laptops, anyplace."
Also, many hotels and even some residential Internet service providers block IPsec traffic because it gives complete and unadulterated access to a network and is often seen as a security liability to be avoided.
"In many cases SSL VPN can make just an application connection, so that is viewed as improved security," Bouchard said.
Choosing a VPN vendor
After much time testing out both IPsec and SSL, Santa Barbara Charter decided to go with F5 Networks' new FirePass 600 system, which is designed for small and midsized businesses (SMBs).
"We tried IPsec for a while and it worked maybe 60% of the time," Terry said. "Then we started doing some research and found out about SSL VPN."
Terry said her company chose FirePass 600 because it was easy to deploy and had solid security features, including user device authentication and data encryption. Users can also remove confidential information on the client device at the end of a session. She also said there weren't many SSL VPNs available for SMBs.
For larger companies, there is no shortage of SSL and IPsec VPN vendors to choose from. The market leaders in the IPsec area are Cisco Systems Inc., Nortel Networks Ltd., Check Point Software Technologies Ltd. and Juniper Networks Inc. Those vendors also offer SSL systems, and other vendors -- Whale Communications Ltd., Aventail Corp. and F5 -- are leading the way for SSL VPN deployments, Bouchard said.
Before choosing between IPsec and SSL, Terry said the chartered flight company mapped out its infrastructure and examined how its employees were dispersed.
"[If you cannot predict] where your users are going to be and which Internet connection they'll use," Terry said, "then SSL VPN is definitely the way to go."