Enterprises are moving away from traditional client-side IP virtual private networks (VPNs) based on IPsec or L2TP solutions to providing more ubiquitous connectivity using SSL. The reason, according to Yankee Group analysts, is that as companies adjust to supporting remote access applications, SSL enables users to establish connections to corporate resources using any browser.
But while SSL can support authentication procedures to determine the end user's identity, analysts say there is a downside: enterprises cannot ascertain whether the remote device itself is secured.
Analysts also report that product performance and security features rank ahead of both operating expenses and purchase price as the leading criteria for enterprises that are switching security vendors. When examining the TCO of perimeter gateway solutions, the most important factor is the solution's impact on the corporate security profile to preempt the staggering costs of recovering from an attack.
The Yankee Group finds that Juniper/NetScreen is on target for customer need and vendor capability. Cisco and Symantec are also on target for meeting customer expectations and delivering according to plan. But analysts say Check Point has missed the target altogether, with a substandard SSL VPN product and a strategy that does not address customer business requirements.
"To provide secure connectivity, organizations must evaluate and design one security solution that includes everything from remote employees to corporate applications," says Eric Ogren, a senior analyst at Yankee Group.