State of the SSL VPN Market
February 28, 2007
These materials can be reproduced only with Gartner's official approval.
Such approvals may be requested via e-mail — firstname.lastname@example.org.
Finding the “P” in VPN
Frame Relay X.25
Exclusive Internet Encrypted
SSL VPN Market Definition & Benefits
Encrypted access to applications and/or networks
Encryption stays on continuously and supports high
Client software is optional, enrollment is fast
Security and NAC can be performed ad hoc and on
Menu-driven proxy is included in all products
Access can be filtered by rules and roles
Instabilities of other VPNs are resolved
Market trends – reasons for purchase (not
VPN Investment Importance in VPN inquiries
SSL Disaster/Biz Continuity Access HIGH
SSL/Portal Contractor Access Low-Medium, increasing
SSL Alternative VPN Medium
SSL Complete IPSec replacement Low-Medium
SSL Site to Site Niche specialization
IPSec Long Term Remote Access Low-Medium
IPSec Site to Site Medium
Specialized Mobile VPNs Niche specialization
Barriers to Implementations
Potential data SSL encourages more
Leakage users than ever before
to demand access
Authentication Users continue to resist
Challenges proof of identity tools
End Point Security Java/ActiveX portability
Complications problems slow use of
Cost The price per session is
higher than IPSec
How Should SSL VPNs Be Implemented?
External resource Alternate FTP/Telnet
mandate for access VPN
AES Shell Critical WAN
Frequent or Occasional commands optimization
continuous or frequent
AES IPsec SSL SSH Proprietary
remote remote remote remote mobile
access access access access
Online and Always Vendor lock-in
offline online Disaster considered OK
Workstyle systems vertical apps
Decision Criteria for Selecting Vendors
Existing contracts with vendor (leverage)?
Prior experience with vendor?
Can or will the VPN be outsourced?
Integration with your other systems?
Case study references?
User enrollment process?
On demand security plan?
Administration life cycle?
Emergency and backup access?
Performance and compatibility test plan?
Magic Quadrant for SSL VPN
As of November 2007
What You Need to Know
One type of VPN may not fit all needs.
If your legacy VPN is not broken, don’t break it. But don’t
force it into wireless/mobile settings where it is not the best
Don’t provide more VPN access than the user requires.
Advantages of SSL portability, client stability, resource
access control and administration control can outweigh
simple comparisons of IPSec costs per port.
Specialized mobile applications may require specialized
mobile VPNs – at least for the next investment cycle.