• United States



by Jim Slaby

Resist the Lure of Commodity Internet VPN Gateways

May 07, 20022 mins
CSO and CISOData and Information Security

Recent press coverage of some interesting trends in the Internet virtual private network (VPN) equipment market based on research from market data compiler Infonetics Research has suggested that commodity VPN vendors will gain market share at the expense of established enterprise-class vendors.

Infonetics projects the worldwide VPN equipment market will hit nearly $3 billion in 2002. Further, says Infonetics, commodity VPN equipment makers like D-Link and Linksys will offer integrated firewall/VPN gateways capable of filling a T-1 line for less than $200. So far, so good: this is consonant with assertions that Giga has been making for some time. But the inference has been drawn that big vendors like Nortel, Check Point, Cisco and Nokia will lose enterprise business to consumer-oriented, low-cost players like D-Link and Linksys. This assertion is less than credible, for two reasons:

  1. Commodity VPN vendors don’t offer high-end gateways, which means that a large enterprise would need to use an enterprise-class vendor for its large offices. And despite mature standards and the presence of organizations like TruSecure to certify vendor compliance to VPN standards like IPsec, multi-vendor VPN interoperability is still a mirage. Putting a Cisco gateway at headquarters and Linksys routers at remote offices, for example, is a prescription for trouble.
  2. Commodity VPN vendors don’t offer enterprise-class management tools. One of Giga’s most important VPN vendor selection criteria is the quality of the tools with which central-site IT staff can install, monitor, troubleshoot and push security policy to remote gateways. The tools offered by low-end VPN vendors are incompatible with those of their enterprise-class counterparts, making integrated monitoring and reporting in a multi-vendor VPN impossible. Further, low-end VPN management systems offer comparatively limited functionality and ease-of-use tools, like the ability to create gateway configuration templates to minimize that bane of VPN setup operations, data entry errors.

In short, we caution enterprises not to be swayed by trade press stories, dubious analysis or low prices. Enterprise VPNs need enterprise-class gateway devices and network management. Most leading VPN vendors now offer small-office gateways in the $500 to $1,000 range, and Giga believes pressure from newer entrants like WatchGuard and SonicWall will bring prices down further. A price delta of a few hundred dollars per gateway can easily be recouped by the reduction in IT support costs afforded by out-of-the-box interoperability and proper enterprise-class management tools.

© 2002 Giga Information Group, Inc.