A recently published survey by Infonetics Research estimates that the VPN (Virtual Private Network) market in 1997 was worth $205 million. It predicts the market will reach $2.3 billion in 1999, surpass $11.2 billion in 2001, and stand at $32 billion in 2003. It is important to note that these figures do not include only sales of solution providers, but of the various service providers as well.
Israeli companies have a major share in this rapidly developing and promising market. According to the survey, the world’s three leading companies in providing hardware VPN solutions are: Check Point (together with Nokia) and Radguard, of Israel, and VPNet of the US. In February 1999, Radguard held the largest share of the market (25%), but the survey anticipates fluctuations between the three companies. The communications companies understand the potential of the VPN market as well, and 3Com, Cisco and others have already come out with solutions.
VPN systems enable organizations to resemble a private network based on Internet infrastructure and the organization’s internal network, and provide secure and compartmentalized links between employees, customers, suppliers, business partners and the organization itself. The systems, in fact, provide comprehensive security, enabling organizations to create secure private networks without limits of geography or infrastructure, and at relatively low cost. It is therefore quite clear why demand for them is growing.
What is less clear is the late timing. After all, Internet-based businesses have been in existence for a while, and companies with many branches, suppliers and partners around the world are not a new phenomenon, nor are employees who link up to the parent company via laptops anything recent. Nevertheless, VPNs are only just beginning to penetrate the market.
Companies won’t be able to define policy
"In ninety percent of cases, when you ask a network manager what the first means of protection in linking up to the network are, he will say Firewall, not VPN," says Check Point vice president for marketing and sales Limor Bakal, "That is how we were raised too. We produced the first VPN product three years ago, and no-one used it."
Bakal says the mistake stems from companies’ lack of understanding of the Internet’s uses. "The huge market started to emerge only six months ago, mainly due to the development process companies undergo," she explains. "At first they hooked up to the Internet, and only later did they want to do other things on the ‘Net. The companies did not exploit the Internet’s capabilities.."
According to Bakal, companies are now making more effective use of the Internet. "First the companies wanted to link up to the world," she explains, "and they did not think of doing business by e-commerce, or talking with partners. How many companies do business by e-commerce or e-business today? The number is still very small. Extranet is a new idea too." Bakal says that the moment the Internet ceased to be merely a search tool for information and became a genuine work tool, companies saw how it led to increased profitability. The more Internet use developed, the more security requirements grew. Bakal claims that not only large organizations purchase VPNs. "We see many small companies able to do business worldwide, thanks to the Internet."
Another reason for the delay in the penetration of comprehensive security systems was the lack of standardization. The need to combine various security systems, and the need to interface the security systems with the other network management systems and various applications the organization uses, caused companies such as Check Point a big headache. Encryption standards for securing information have now been formed, and it is easier for organizations to build a VPN based on a number of products capable of talking to one another. The VPN solutions, incidentally, all settled for the IPsec standard.
However, understanding the Internet’s advantages and forming standards was not enough. The organizations still did not understand that, first and foremost, they must formulate an overall security policy. The network managers had to forget everything they had learned about localized security and start thinking in broader, general terms. "Check Point’s products never protected one point of the network. Even when we were selling only the Firewalls, it was always a matter of overall security policy."
According to Bakal, the correct approach is to look at the organization’s future requirements. "Large companies cannot change their network configurations every other day," she says. She also says that even if an organization currently only requires some access control, it is likely that it will utilize the Internet for additional purposes in the future, such as serving as a cheap infrastructure for voice transmission or an alternative to the expensive leasing of LAN lines.
Altogether, Check Point regards as important the network managers’ ability to get an overall view, control of the policy and monitoring of network movements from one point. The company understands that the VPN is only one of a package of network management tools, and that it is important that control of network management and security be done from one point. To this end, the company will launch a product shortly that will enable overall control of all network management and security tools.
Transparent solution needed
Check Point finds that sales of these systems are growing at a much faster pace than sales of Firewalls. If, in the past, the company sold one VPN for every four Firewall products, today it sells one for every two Firewall products. Nevertheless, the systems do not provide overall security for the entire organization. "VPNs have not yet reached the work station," says Bakal, "they usually reach the individual employee working from a distance, or via his laptop. Most companies have not yet utilized security within the organization."
One of the major problems in providing overall security to the work station level, is the need to avoid harming ongoing work. "The moment you bring security to the individual user level, a transparent solution is important," says Bakal, "Security must be done in such a way that he can work normally. If he moves from place to place, you need to know, but not harm his access rights." Many network managers currently pass the burden onto the user by requiring him to use his password many times a day.
"Our products include hardware encryption parts and parts accessed using a password," says Radguard communications marketing manager Avi Rumbaum, "We regard VPNs with encryption as big news. Our customer is an employee who travels around with his laptop and hooks up to the company’s Intranet via the Internet. The software secures this contact. The information transmitted between the employee and the company is encrypted."
An information system needs to be built that is capable of global reach, and at the same time, partially provide privacy for employees, be partially public for anyone linking up to the Internet, and yet again contain half public and half private features for suppliers and bodies connected to the organization, Rubaum explained.
Published by Israel's Business Arena July 14, 1999