VPNs: To Outsource or Not?

It has been a while since the notion of building virtual private networks (VPNs) first sprouted in the market as the ideal solution to transmitting critical data securely over the Internet. However, the dispute over whether companies should outsource their VPN operations or not, still remains unresolved.

As businesses expand beyond local borders along with the increase of business travel, connectivity and access to the company intranet will become crucial and remote users will become more common, said Shrikant Shenwai, assistant vice president, multimedia, StarHub Pte. Ltd.

"VPNs offer an inexpensive solution compared to the traditional leased line," Shenwai said. However, it may not always be possible for companies such as small and medium-sized enterprises (SMEs), to adopt the use of VPN applications on their own due to limited technological knowledge and financial constraints, he noted.

In such cases, operators will be able to help businesses manage their VPN wide-area network communications, offering incremental bandwidth along with value added services, Shenwai said.

"For example, in cases where the VPN solution is 100 percent outsourced, service providers will be able to design, develop, integrate, and manage this solution for the organization," he said. "Service operators will also be able to design the required VPN setup (intranet/extranet), provide equipment installation and service as well as help desk support to these companies."

Companies looking to outsource their VPN solutions can usually expect significant economies of scale from a service provider, he added.

But with so many VPN offerings coming out in the market, there is no real need to pursue third-party vendors to provide such solutions, where these products are affordable and easy to manage, said Ronald Lee, director of sales, eSoft Asia-Pacific.

Organizations then also have control of what they transmit over the Internet, Lee said, adding that if possible, businesses should not outsource their VPN operations.

VPN services from ASPs or ISPs are charged according to bandwidth usage and that can be costly, he said. "If you purchase the products, you control the bandwidth," he said. "So why pay such high costs when you can buy these products and use them readily."

"And if you look at the evolution of Linux, people now can develop VPN solutions over free Linux kernel, although whether that company can actually bring it to a brand recognition is a different matter altogether," Lee said.

Vendors are also coming up with more affordable methods of implementing a VPN.

U.S.-based OpenReach.com offers software, available for download from its Web site, which can transform spare PCs into VPN appliances, and install them on the LAN at each proposed node of the company's VPN.

However, while modifying spare PCs to work as VPN devices is an effective cost-saving measure, it is not the best option because businesses also need to consider other issues such as performance and security.

Companies in Singapore are IT-savvy and would understand the differences between using a PC as a VPN device as opposed to using a dedicated VPN Gateway, the advantages and benefits of which far outweighs the cost of using the former, said Patrick Li, regional marketing manager, communications product group, Intel Technology Asia.

"There's always a fear because you're talking about security," Lee said. "If you have information to protect, then you wouldn't want to buy off-the-shelf equipment, or change your PC into a VPN appliance."

"If your information is not really vital such as employees' medical leave, then by all means, this would be a good solution for the company. But for companies serious about protecting their networks, it's doubtful they would (turn their PCs into VPN appliances)."

Depending on their in-house resources such as skills and funding, larger companies often opt to build their own VPNs, according to Kevin Dillon, Asia-Pacific regional marketing director, Shasta IP Services business unit, Nortel Networks.

"That said, there is a growing vision in even these organizations towards outsourcing to providers of managed services to minimize exposure to technology risk, reduce dependency on a scarce skill base, and to reduce capital and operation expenditures," Dillon noted.

Smaller companies also tend to look to outsource as many information system functions as they possibly can because they typically face skills and financial constraints, he said.

According to IDC, 73 percent of worldwide Fortune 1000 companies are moving away from private networks and 51 percent of companies have or plan to outsource VPNs. Almost all ISPs (Internet service providers) globally have a VPN service in place.

With third-party vendors prepped to play a key role in the VPN market, companies can look towards service level agreements (SLAs) to help ease concerns of high dependency on the service providers, and diminished network control.

But while SLAs are considered an important element in the outsourcing of VPN services, there are various aspects of the agreement that need to resolved between service operators and companies to clearly map out areas of responsibilities, said Shenwai.

"There are several factors that must be clarified to ensure that SLAs between companies and third parties represent the interests and needs of both parties," he said, noting that these issues include the design, development, implementation, and maintenance of software, equipment, and network, service delivery, and quality of service guarantees.

Also, SLAs are not necessary a two-party affair since the service provider may only be providing one portion of the solution such as the equipment and bandwidth, but another party provides the software required to deploy the VPN network, he said.

Join the newsletter!

Error: Please check your email address.

More about eSoftGatewayIDC AustraliaIntelNetwork CommunicationsNortel NetworksOpenReachStarHub

Show Comments