Comment
Article
IT Analysis – Remote access — made easy
Working from nine to five in an office is no
longer the way that many people make a living.
The use of advanced technology is now a way of
life and affords us many more options.
Employees work remotely more often than they
used to—from home, on business trips, or whilst
servicing facilities or customers in the field—and
now expect to be able to access the corporate
network via mobile devices. In a bid to improve
productivity and achieve cost savings,
organisations are also increasingly opening up
their networks to business partners, suppliers
and, in some cases, to customers. As well as
this, very little business is conducted today from
just one single isolated geographic location.
The need to provide remote access to centralised
information technology resources can create
headaches for those in charge—especially since
much of this traffic can be reliant on insecure
communications channels, and the internet in
particular. In today's highly regulated world,
organisations are under considerable pressure to
prove that no one has tampered with their
computer networks, or the data that they carry.
This means that remote access is now a fact of
life, but is not always easy to administer or
manage. When organisations first started
providing remote access to their employees with
internet access in the mid-1990s, the most
common form of connection was via a dial-up
service, with access control mainly addressed by
a user name and password combination. For
some organisations, it made sense to develop
proprietary solutions using leased lines to
connect different office locations, but this is an
expensive proposition.
Today, virtual private network (VPN)
technologies have emerged as the solution of
choice for achieving remote access needs. And
among these, two flavours of VPNs have
emerged as the favoured technologies—secure
socket layer (SSL) and internet protocol security
(IPSec) VPNs. SSL VPNs require just a browser
on the client to be set up remotely and are
© 2008 Quocirca Ltd http://www.quocirca.com
By Fran Howarth, Principal Analyst, Quocirca Ltd
therefore suitable for connecting large numbers
of remote users for casual or ad hoc access.
However, they are generally only useful for
accessing web-enabled applications, unless
specific application programming interfaces (API)
have been written for enterprise applications
such as customer relationship management
systems. This means that they are not a full
remote access solution in most cases.
IPSec VPNs, on the other hand, can be used to
access any applications running on a network
and can provide the user with the same
experience as if they were physically located in
the office. But IPSec VPNs have traditionally had
large management and administrative overheads
associated with them as they relied on the
manual installation of software agents on each
device needing access, which is costly in terms
of the resources and time required to set them
up and keep them running. Although the most
commonly used type of VPN, especially for
branch-to-branch communications, it was
difficult to make such deployments scale to more
than about 100 users.
To address these problems, IPSec VPN vendors
have added many new features to their products,
resulting in the development of a new generation
of IPSec VPNs that streamline many of the
management headaches associated with
deployments in large complex environments.
Among the features that make them easier to
manage are the provision of centralised
management capabilities that provide one single
point of administration for setting up, managing
and maintaining deployments. This allows
organisations to manage large, complex
deployments with just a handful of
administrative resources, saving greatly on
associated costs.
Not only is the new generation of IPSec VPNs
easier and more cost effective to manage than
earlier versions of the technology, but there are
also a number of other added features that will
make them attractive for a wide range of
organisations in terms of the ability to improve
+44 118 948 3360
 Comment
Article
their security procedures associated with remote highly secure remote access in a wide range of
access and to help them achieve regulatory scenarios at a much lower overall cost in terms
compliance objectives such as data protection. of administration, management and maintenance
Among security features that are now available than first-generation products. The headaches
in newer technologies are the inclusion of associated with managing large-scale IPSec VPN
personal firewalls for each device under deployments are now a thing of the past.
management, which not only handle the security
settings, but make sure that users are prevented
from tampering with security controls that have
been set. They also enable checks to be made on
the security levels applied to each endpoint
under management and can enforce that the
correct security tools are deployed on each
machine, according to set policies. Use of a
centralised RADIUS (remote access dial-up
service) server that ties remote access
authentication to backend databases such as
LDAP and that logs all access attempts for
reporting purposes helps greatly in ensuring that
users can access only those applications to which
they have been assigned rights.

But security is only as good as its weakest link,

so an IPSec VPN deployment needs to provide
coverage for all systems and devices used by
organisations today, including databases,
enterprise directories and devices that allow
mobile networking—as well as extending
coverage to new forms of technology as they
emerge. For example, since operating systems
are used for accessing the applications that users
need, the ideal IPSec VPN will provide broad
support for such systems, including Linux and
Microsoft Vista, both 32 and 64-bit versions, as
well as for operating systems used by mobile
devices, such as Symbian and Windows Mobile.

One further piece of the puzzle is that, in order

to ensure that corporate data is protected and
that all actions can be tied to individual
perpetrators, full logging and reporting
capabilities are required for use in security
audits. With next-generation IPSec VPNs, all
events are automatically logged and the reports
are communicated to the central administration
point for use by management.

With these new capabilities, IPSec VPNs have

finally come of age. Until recently, VPN solutions
on the market were unwieldy and difficult to
manage in the case of IPSec, or provided only
limited levels of access in the case of SSL. Now,
this new generation of IPSec VPNs can provide

© 2008 Quocirca Ltd http://www.quocirca.com +44 118 948 3360

 Comment
Article

About Quocirca
Quocirca is a primary research and analysis company specialising in the business impact of information technology
and communications (ITC). With world-wide, native language reach, Quocirca provides in-depth insights into the
views of buyers and influencers in large, mid-sized and small organisations. Its analyst team is made up of real-
world practitioners with first hand experience of ITC delivery who continuously research and track the industry
and its real usage in the markets.

Through researching perceptions, Quocirca uncovers the real hurdles to technology adoption – the personal and
political aspects of an organisation’s environment and the pressures of the need for demonstrable business value in
any implementation. This capability to uncover and report back on the end-user perceptions in the market enables
Quocirca to advise on the realities of technology adoption, not the promises.

Quocirca research is always pragmatic, business orientated and conducted in the context of the bigger picture. ITC
has the ability to transform businesses and the processes that drive them, but often fails to do so. Quocirca’s
mission is to help organisations improve their success rate in process enablement through better levels of
understanding and the adoption of the correct technologies at the correct time.

Quocirca has a pro-active primary research programme, regularly surveying users, purchasers and resellers of ITC
products and services on emerging, evolving and maturing technologies. Over time, Quocirca has built a picture of
long term investment trends, providing invaluable information for the whole of the ITC community.

Quocirca works with global and local providers of ITC products and services to help them deliver on the promise
that ITC holds for business. Quocirca’s clients include Oracle, Microsoft, IBM, Dell, T-Mobile, Vodafone, EMC,
Symantec and Cisco, along with other large and medium sized vendors, service providers and more specialist
firms.

Details of Quocirca’s work and the services it offers can be found at

http://www.quocirca.com

© 2008 Quocirca Ltd http://www.quocirca.com +44 118 948 3360