VPN costs savings

Stephen Hope shope at ENERGIS-EIS.CO.UK
Fri Jan 26 09:58:15 EST 2001


Just one point:

VPNs usually use security, but security is not a fundamental requirement.

In several situations, i have seen VPN tunnels use to separate traffic where
encryption was not needed.

e.g - to tunnel an Internet connection across an internal LAN to a DMZ. The
VPN is just there to maintain separation between 2 types of traffic.

Also, a lot of "outsourcing" style remote access networks do not run over
the Internet, but over a private IP system. In these situations, L2TP is
often used to separate different customer RAS networks, but the carrier
doesnt have to use encryption - the underlying structure is private.

This makes life much simpler for the carrier - debugging, monitoring are
easier as some of the most parts of the VPN protocol suite are part of
encryption. We recently were using a Sniffer to look at a latency problem
with a satellite bounce data stream - the data was encrypted, so all we saw
was the VPN tunnel between 2 gateways - all the higher level stuff such as
protocols, IP end points, set of conversations in active use was completely
obscured.

Loosing the encryption gets rid of a lot of the legal aspects of running
this kind of network between countries.

Finally encryption uses more resources - protocol processing, traffic
overhead, MTU, latency and connection setup all get worse, and you cant
compress the packets...

Of course, the customers may choose to encrypt their traffic as well, if
they want that extra security. Then you have encrypted tunnels over a VPN
tunnel over an IP network.

Stephen

Stephen Hope C. Eng, Network Consultant, shope at energis-eis.co.uk,
Energis Integration Services Ltd, WWW: http://www.energis-eis.co.uk
Carrington Business Park, Carrington, Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4194 Mob: +44 (0)7767 256 180 Fax: +44 (0)161 776
4189


-----Original Message-----
From: Chris Carlson [mailto:carlsonmail at YAHOO.COM]
Sent: 24 January 2001 20:21
To: VPN at SECURITYFOCUS.COM
Subject: Re: VPN costs savings


Ah, I love a discussion!

While I agree with Sandy that security is one driver
for VPNs, I think she's incorrect in her weighting
factors.  I think that cost savings is THE single
largest driver by far.

Sure, some companies use VPNs to better secure their
connections, but you can do that with hardware
encryptors on Frame or ATM WAN links.  Why go with a
possibly less reliable ISP-based VPN just to get more
security?

I've been doing security consulting for years and now
am in Product Management at a start-up "next-gen"
carrier, and we've never had a problem selling VPNs.
The cost savings alone make VPNs sell themselves.

I view security as an enabler, as a means to an end,
not the end.  Because VPNs are secure ENOUGH (if
implemented properly and appropriate for your
acceptable level of risk), they enable low cost WAN
and remote access connectivity.  Up to 50% savings in
certain WAN scenarios and up to 90% savings in certain
remote access scenarios.  One past client of mine is
saving $4,000,000 a year with their remote access VPN!

So, yes.  Everyone loves VPNs.  Providers love them
because they sell more circuits.  Vendors love them
because they sell more VPN boxes and software.  IT
Managers love them because they reduce WAN and remote
access costs.  Every dollar saved on
telecommunications costs goes right down to the bottom
line as profit!

The BUSINESS CASE depends on cost savings, not
security.

I've seen companies that are paranoid about VPN
security: 1,024 bit algorithms, smart cards,
biometrics, firewalls, air-gaps, etc. and when I ask
them how they secure their UNENCRYPTED Frame Relay WAN
that ANYONE working for that provider can easily
sniff, their jaw drops wide open.  Doh!

It's up to the Security or IT department to use enough
security that meets the company's business demands:
protect sensitive data up to the acceptable level of
risk, enable lower cost telecommunications to save on
costs, and (possible) enable E-commerce to drive
revenue, all without expending undue extra costs.

*whew*  Big ole rant from Chris!  :)

Chris
--

--- Sandy Harris <sandy at STORM.CA> wrote:
> There can be large cost savings, especially where a
> VPN running over the
> Internet replaces an expensive leased line solution.
> However, I think that's
> the wrong question.
>
> The business case for VPNs depends mainly on
> security, not cost savings, and
> the value of security depends on the value of your
> data.
>

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices.
http://auctions.yahoo.com/

VPN is sponsored by SecurityFocus.COM

-----------------------------------------------------------------------------------------------------------

This email is confidential and intended solely for the use of the individual to
whom it is addressed. Any views or opinions presented are solely those of the
author and do not necessarily represent those of Energis Integration Services.
If you are not the intended recipient, be advised that you have received this
email in error and that any use, dissemination, forwarding, printing, or copying
of this email is strictly prohibited.

We have an anti-virus system installed on all our PC's and therefore any files
leaving us via e-mail will have been checked for known viruses.
Energis Integration Services accepts no responsibility once an e-mail
and any attachments leave us.

If you have received this email in error please notify Energis Integration Services Communications
IT department on +44 (0) 1494 476222..
-----------------------------------------------------------------------------------------------------------

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list