German

Cloud Swings Pendulum Back to IPsec

by VPNHaus | 12/26/2018 |Cloud, Data Security

A spate of scandals involving large scale data breaches together with increased Internet surveillance by governments has substantially raised business and consumer concerns over online privacy. Correspondingly the market for virtual private networks (VPNs) is very healthy.

For many years, VPN’s two main standards - IPsec (Internet Protocol Security) and SSL (Secure Socket Layer) - have been locked in fierce competition for market dominance. Both have their virtues.

IPSec is great for organizations that value robust encryption above all costs. By contrast, SSL is better suited to mobile data communications where the priority is scale and convenience.

Over the years, technology advances have seen their relative popularity swing first one way then the other. SSL currently prevails in. However, Industrial Internet of Things (IIoT) and cloud computing are exposing SSL to repeated attack. So the pendulum is swinging back in favour of IPsec once more.

Enterprises wanting to maximize their return on investment can choose centrally managed VPN software that supports multiple protocols including SSL and IPsec.

Privacy: A Business Priority

Put simply, a VPN creates an encrypted path over the public Internet between two endpoints. It shields data from public view, ensuring communications remain private.

In the early years of the millennium, technology advances helped the Internet rapidly mature. Before long it was the default platform for business data communications worldwide.  

Ready, affordable Internet access ultimately led to an always on, anytime, anywhere global business culture. Phenomenal growth in mobile device ownership and cloud-based applications followed soon after.

Today, organizations and their employees routinely exchange company information via the Internet. But the very public nature of the Internet makes it far from secure.

Cybercriminals and hackers have proven adept at intercepting sensitive company information to perpetrate theft and fraud. And, on the pretext of fighting terrorism, governments and state-sponsored agencies are stepping up Internet surveillance activities to monitor and log everyone’s online activity.

Faced with such risks, increasing numbers of organizations are turning to products and services capable of keeping transactions private as they pass over the Internet. Top of the list is VPN software which is set to more than treble in size from $17 billion in 2018 to $ 54 billion by 2024.

IPsec

In the early days of remote working, communication between endpoints frequently meant providing a remotely located laptop with secure access to the corporate network.

The remote device first has to have approved client VPN software installed. The favored standard for this is IPsec. The corporate infrastructure recognizes the client as a virtual extension of the network and creates an encrypted tunnel that allows secure two-way data communications.

Moreover, the client software is effectively a dual layer of security. Remote users must not only be running the right VPN but it must also be properly configured – usually by the in-house IT department.  

This set up works fine when your business comprises just a handful of privileged remote workers. However, client-side VPN licenses need to be renewed and the software updated on a regular basis.

As the number of remote workers escalates it can soon become a costly, on-going exercise. And if the remote machines are more or less permanently offsite it quickly turns into a real headache.

SSL

The launch of the first iPad in 2010 ushered in a new era of mobile working. Ownership of tablets and ever more powerful smartphones along with the ready availability of Wi-Fi soon meant that anyone could easily send and share data over the Internet.

Even though IPSec was adapted to better suit Wi-Fi conditions companies tended to opt for SSL which works with most web browsers. As mobile working took off most apps and business environments turned to SSL as a comparatively low-cost way to provide secure data communications access for their Bring Your Own Device (BYOD) workforce.

Yet, SSL is not as secure as IPsec. Using phishing techniques or by exploiting poorly secured Wi-Fi routers hackers can plant malware onto endpoint devices to intercept encrypted communications.

Cloud Pushes Business Back to IPsec

The agility and affordability benefits of public cloud services are encouraging increasing numbers of businesses to re-evaluate their remote security strategies.

High-profile, cloud-related data breaches have made safety conscious organizations aware that SSL is not sufficiently secure when it comes to the cloud. In consequence many are revisiting the more robust IPsec protocol for its ability to provide protection for confidential data communications between cloud systems and the corporate network.

The latest centrally managed VPNs offer the best of both worlds. Multi-protocol support lets organizations manage the privacy of many hundreds of mobile and IIoT connections remotely via the cloud.

From a single administration point the business can easily scale the number of secure remote up or down according to demand. Keeping abreast of ongoing maintenance and updates is also straightforward either for in-house IT support or via the cloud by a managed VPN service provider.

In summary, as long as businesses continue to depend on the public Internet for sensitive data communications they will always need a reliable means of keeping the content safe from malicious outsiders and state sponsored surveillance. 

Over the years, the two most popular VPN standards of IPsec and SSL have been in and out of favor. With the advent of cloud services, IPSec is once again gaining traction due to its reputation for being more robust.

Looking to the future, continued growth in demand for VPN seems assured with cloud services and IIoT protection being the driving forces.

This website uses cookies

We use cookies to personalize content and analyze access to our website. You can find further information in our data protection policy.

OK