LAS VEGAS — By a number of different accounts, the SSL-VPN marketplace is a
hot one.
Earlier this year Gartner Group forecast that 90 percent of casual employee access will be done via
SSL-VPN by 2008.
Here’s why I think that is the case: in general the number of Pretty soon we’re going to reach the critical mass where Use lightweight VPN to access important stuff; protect your network. Keep it reliable and fast but don’t make it super adaptive. Use more public infrastructure. There is a huge benefit from a Q: What is the biggest challenge that you face as the CEO of Aventail?
SSL-VPNs are seen as being easier to manage and utilize than an
IPsec
point of view SSL-VPN typically only involves using a Web browser instead of
a client-based approach.
The market for SSL-VPN is hardly new. Aventail claims credit for helping to
create the market with its first SSL-VPN solution in 1997.
At the Interop show this week here, internetnews.com sat down with
Evan Kaplan, president, CEO and co-founder of Aventail, to discuss his company, the market its in and the challenges
of competitive networking security technologies.
Q: You’ve been in the SSL-VPN market since 1997, in that time what do you think has been the most “surprising” changed in the SSL-VPN business/marketplace?
There are two things that are incredibly surprising. The first is how long
it took for people to realize that SSL-VPN was the right approach to the
problem and IP-SEC was not.
We started the company in 1996 thinking this was going to be obvious to
people. But it wasn’t until late 2002, 2003 when people started to say that
this is where it is all going.
We lived in the wilderness for seven years while others figured it out. It was
surprising that we were in the wilderness for so long and then we were
amazed when it did finally flip so quickly.
Q: Are there still barriers to adoption of SSL-VPN technologies?
Is price the biggest one?
No price is not a barrier. The stuff that people installed in 1996/1997 isn’t
great, but it works. Broadband penetration is really now hitting critical
mass and that to me is the thing that pulls it forward. The thing that keeps
it back is that there is stuff out there that kinda works. If it’s not broke
don’t fix it.
Having said that, we grew our business by over 50 percent last year. The
market grew by at least 40 percent.
Q: Has SSL-VPN reached the tipping point yet?
I think we’re right there. The
trends that make SSL-VPN is clearly broadband, different remote access
contexts.
The second thing is the real adoption of devices. We’re seeing enterprise
now pushing mobile devices and accepting what remote access can provide to
them.
The other thing that’s big for SSL is VoIP. People are doing more and more
Wi-Fi-based VoIP.
As these things reach critical mass, that’s when our stuff starts to be
Strategic — more obvious and useful.
Q: Do you see NAC (Network Admission Control) and the need for NAC as helping to drive and grow your business? Or are the two technologies really mutually exclusive?
First of all, we have been doing NAC since 2002 and not just us but at least
one of our competitors, as well. That means access point and endpoint control. NAC is not a new concept. We feel that we pioneered that relative to the
access points. No other access technology did that before we did it and then
Juniper quickly followed.
NAC the way it’s framed up today only solves about one-eighth of the
problem. If you’ve got to pick a problem to solve, NAC is not that important of
a problem.
applications that use the application data center. It is shifting
from being internalized and used by local users to be externalized and used
by remote workers.
the majority of people using that data-center infrastructure will be on the
outside and not the inside.
Our theory about the way that NAC is constructed is that it is solving a
problem that is getting smaller and smaller and it’s a problem that is
already reasonably solved today.
When people get 802.11x on their LAN, okay it’s not perfect but it works.
All the hubbub that I see about NAC is that it just solves the guest
problem. I hire a consultant or have some people in the conference
room and they plug into my wireless LAN or plug into an Ethernet socket.
Frankly, it’s a nice problem but it’s a niche problem.
The way it’s being painted by some, particularly Cisco is that it’s a core
problem and it’s in their best interest to paint it that way. They are
trying to build more and more intelligence into the network infrastructure,
make it self adapt and self defend.
What we say is from an Internet perspective. Don’t think of it that way.
Model your enterprise communication model closer to the way the Internet
works, closer to the way a large e-commerce concern runs. Which is treat
everybody as external.
cost perspective and there is a huge benefit, as most of your users are going
to be on the public infrastructure. So why am I spending billions and
billions to make myself have a self-defending network when most of my
traffic is the public network and that’s where most of my constraints are and
that’s where the primary security model is?
The only thing the network should do is be better performing than a public network, and it should be more
reliable. I don’t fundamentally believe it’s more secure,
no matter how much I spend.
We’ve done this with our own network. We say that you can’t get to anything
that’s in the corporate data center without going through the SSL-VPN.
Always assume that the underlying network is insecure because you lose
nothing by assuming that and you gain a bunch of things.
I’ve got very able competitors, which I think makes the market very
interesting and attractive. I think the primary challenge is the one of
getting enough distribution for our product.
We’re not Cisco. We don’t have a monopoly and all our deals are competitive.
