Trust Is Key to Wireless VPNs
Enterprise users deploying wireless VPNs are favoring proprietary solutions managed by the corporate IT department because they find it difficult to hand over the control of a secure data system to an external service provider, according to a new report on the wireless VPN market.
However, there will be a growing opportunity for carriers and specialist wireless service providers to win business as corporates gain experience and can quantify the benefits of such services, according to Gabriel Brown, author of the latest Wireless Oracle report, Wireless VPNs: Security and Convenience for Enterprise Data, which is available now.
Demand for VPN access to corporate data by mobile workers is set to grow quickly in the coming year. Infonetics Research Inc. estimates that although only 30 percent of mobile workers were using VPNs in 2001, 71 percent will be using them by the end of 2003. In addition, writes Brown, wireless options are creeping increasingly into the corporate consciousness: "From now onwards any IT department that purchases a remote access or VPN solution should consider mobility support as a matter of course."
But like enterprise wireless data in general, wireless VPNs won’t become a hot growth sector overnight. In the near term it is likely that most wireless VPNs will be custom implementations with a very clear route to ROI. The longer-term prospects are more positive, and there will eventually be a solid market for generic “out of the box” VPNs as well as high-end bespoke projects.
Meanwhile, being able to "kick the box" is still a favored option among corporates. "Enterprises generally do not trust mobile operators to handle sensitive corporate data. A VPN is a high-end application and, at the moment, most enterprises still want to do it themselves or have their IT partner do it for them," says Brown.
Currently, venture-funded firms such as NetMotion Wireless Inc., Columbitech and Ecutel Inc., which offer customer premises-based VPN solutions, have the edge on carrier-managed VPN services and on VPN gateway vendors. Their most important advantages are the ability to enable seamless roaming independent of the underlying access network -- whether a wide-area wireless network or WLAN -- and the ability to support application persistence.
Ultimately, however, carriers could win an increasing amount of business as companies gain experience with self-managed solutions and recognize the potential that large service providers can offer. "This option is most likely to experience customer traction once most organizations already use a wireless VPN of one sort or another," concludes Brown.
There is much to be done before mobile operators have the armory to challenge their smaller, more specialist rivals. End-to-end IP network infrastructures need to be deployed, and the carriers must develop targeted marketing that promotes the benefits of VPN access to individual companies.
In the meantime, carriers should consider adding value to their enterprise data services by working with application and platform vendors to enable line-of-business database applications that can be customized to meet the specific needs of the customer. The effect is to extend the carrier's wireless data portfolio beyond the widely available mobile office products. Such services would be attractive to firms with highly mobile employees that access, for instance, CRM or other database applications predominantly via wide-area wireless networks and do not need to send and receive large volumes of data. Typically, these services involve a tie-up between the carrier and the application vendor, and they often require some kind of specialized client to deal with black spot coverage and caching.
Some carriers are already making headway with basic VPN mobility products and are setting themselves up as channels for enterprise solutions.
Such an opportunity has been grasped by the business solutions subsidiary of Norway's Telenor ASA (Nasdaq: TELN), which today announced a contract to provide BP Norway with a WLAN solution that includes VPN capabilities (see CMG Reports First Half). This will provide Internet and intranet access to BP's employees and the legion of consultants with which the oil company works. "We have previously had considerable costs associated with providing our consultants with access to the necessary BP data systems. We are now solving this in a simple and cost-effective manner through wireless access," says BP Norway's data manager Tor Minsaas. Using a VPN client, consultants can wirelessly connect to BP's LAN using their own computers, "allowing us to cut our running expenses associated with the management of the system."
In the wide-area segment of the market Sprint PCS (NYSE: PCS) (see table below) has one of the better-developed offers, and its investment in wireless hotspot provider Boingo Wireless Inc. shows its long-term commitment to the concept of VPN roaming between wireless WANs and WLANs. Orange UK (see table) has a similar kind of service that uses a software platform from Pervasic Ltd. to align heavyweight line-of-business applications with the capabilities of wireless networks and the needs of the end users.
Table 1: Enhanced Wireless Data Services: Sprint PCS and Orange UK
|Carrier||Name of Service||Functions|
|Sprint PCS||Wireless Web||Web-based access to email, directories and CRM applications via partnerships with Peoplesoft, Siebel Systems, Salesforce.com and others.|
|Business Connection Service||Wireless access to Microsoft Exchange and Lotus Dominos servers. Uses WTLS and SSL-application-level encryption.|
|Network-initiated VPN (NIVPN)||Works with regular mobile phones or with devices equipped with wireless modems. A client-free solution that sets up IPSec tunnels between the Sprint network and the corporate LAN.|
|VPN Service||Custom configuration, available on demand.|
|Orange UK||Wirefree Server||Grants access to Microsoft Exchange and can alert users of new messages or appointments by SMS.|
|GPRS Business LAN||Client-free solution that links the GSM/GPRS network to the corporate LAN via a leased line.|
|Sales Accelerator/ Service Accelerator||Extension of the Business LAN service that uses a software platform from Pervasic to integrate with industry standard ODBC compliant line-of-business database applications. The software platform uses a thin client to minimize risk from device loss or theft. However, the client also performs some caching if connection is dropped temporarily. Uses SSL encryption and, if required, IPSec.|
During the coming 24 months many other carriers will develop this kind of solution, since it is relatively painless to implement and sufficient for enterprises to experience productivity gains. These services, however, are not what Unstrung would regard as true wireless VPNs, as they do not offer seamless and persistent roaming among access networks.
— Ray Le Maistre, European Editor, Unstrung
The full report, "Wireless VPNs: Security and Convenience for Enterprise Data," costs $400. An annual subscription to the Wireless Oracle is ordinarily $1,250, but is currently available at the special introductory price of $899. For more information, including subscription information and research examples, go to Wireless Oracle.
Editor's Note: Light Reading is not affiliated with Oracle Corporation.