Columnist Salvatore Salamone, CIO Republic’s VPN expert, starts off the new year by answering a few questions about the VPN space and market trends that are likely on members’ minds. Next month, he’ll return to answer specific inquiries, so we invite members to send in questions.

The market outlook
Q: Has VPN usage slowed or stagnated?

Salamone: The simple answer is no. In 2002, spending on VPN products and services grew at a time when most IT spending was either being cut or funded at the same levels. The consultancy Infonetics Research Inc., which tracks the VPN and other networking markets, reported that third-quarter worldwide revenues for VPN and firewall hardware and software products grew 4 percent to $668 million.

This is significant growth, especially considering the economy and the fact that companies typically rein in spending in the third quarter. And Infonetics expects the market will continue to grow. The research firm predicts revenues will increase by 30 percent to $874 million by this year’s third quarter.

VPNs advancing into new areas
Q: Where are VPNs being used?

Salamone: Part of the growth identified by Infonetics is from the normal application of VPN technology as an alternative to traditional wide-area connectivity. Many companies continue to migrate their remote users to VPNs from direct dial access, which typically uses a long-distance phone number or an 800 service. And in many companies, remote offices that could not cost-effectively be connected using traditional wide-area networking services such as Frame Relay, ISDN, or dedicated T1 lines are now being connected to corporate networks using VPN technology.

However, 2002 also saw the emergence of several new areas in which VPNs were helping to provide secure connectivity.

One major push last year was in what has been called SSL-based VPNs. Such VPNs gained support because they are simpler to deploy when compared to IPSec VPNs. Rather than using special VPN client software, SSL-based VPNs use the encryption technology that is built into regular Web browsers.

A second area that got some attention in 2002 was the use of VPNs to secure Web services applications. While the Web services market is still in the early stages, many companies looking to deploy Web services applications are concerned about security. VPNs seem to offer the right mix of encryption and authentication features to meet the security needs of many Web services implementations.

Other niche VPN markets also emerged in 2002. Infonetics Research found that part of the growth in third-quarter 2002 spending on VPNs and firewalls was due to healthcare organizations using VPNs to meet federal requirements for the confidentiality of patient records. Specifically, Infonetics found that many healthcare organizations were using the encryption, authentication, and access control features of a VPN to meet Health Insurance Portability and Accountability Act (HIPAA) compliance requirements.

What’s coming up?
Q: Technically, what’s ahead for VPNs in 2003?

Salamone: There are a couple of technical issues that this column will follow in 2003.

First, there is the growing use of VPNs with Web services. As noted above, the Web services market is just emerging, and security is an issue for many companies deploying such applications.

A second area we’ll track is the adoption of the various flavors of VPNs. As noted, use of SSL-based VPNs started to explode in 2002. We’ll continue to cover this development, but we’ll also look at what’s happening with multiprotocol label switching or MPLS-based VPNs.

Additionally, we’ll look at developments in the common IPSec VPN field. One area where we should see some development work in 2003 is in interoperability. In 2002, work was underway to help simplify the way VPN encryption keys were managed. The Internet Engineering Task Force had worked on specifications called the Internet Key Exchange (IKE) for several years, and many equipment vendors already support this protocol. But in 2002, work began on an easier-to-use (but limited in function) key exchange protocol called Just Fast Keying.

In 2003, we’ll keep you up to date on the developments in this field.