VPNs' Future: Less Reliant on Users, More Transparent, And SmarterVirtual private networking is poised to become more automated and intelligent, especially as endpoints associated with cloud services and the IoT need protection.
Market consolidation, transparent operation, greater intelligence: If this were Jeopardy, here's where you'd say, "What's the future of the VPN market look like?" Then you'd be on to Technology Forecasts for $500.
What isn't in question is that virtual private networking technology will remain critical to protecting users, organizations, and their data. What is changing, according to industry experts, is the degree of automation and intelligence in VPN technology, not to mention the degree to which VPN functionality resides less in the hands of users (consistently cited as secure networking's weakest link) and more on the back end of the network. But continued growth of cloud services and the Internet of Things (Iot) means secure connectivity will still be needed.
Indeed, VPN revenue is poised for tremendous growth, according to Global Market Insights, which forecasts it to exceed $54 billion by 2024, up from $17 billion in 2018.
But how VPN technology gets deployed will change. Whereas VPNs used to rely on remote users remembering to turn on their VPN client software (or off), VPN authorization and access functions are getting subsumed into the network itself and are transparent to users. However, that's still several quarters down the time line.
In the meantime, consolidation has been reshaping the VPN market in the past year, according to Chase Cunningham, an analyst with Forrester. "The broader topic is the death of the VPN," he says, adding that $250 million worth of acquisitions in the past 12 months are intended to get rid of VPN technology as a discrete market.
"Security people are good with security technology ... the general population is not," Cunningham says. "Exploitation occurs on the user side of the equation with bad passwords, logins, etc."
In tandem, a market shift is underway that seeks to make security "impossible to gripe about or cause problems," he adds, which translates to circumventing the end user. Traditional VPNs will be replaced by a software-defined perimeter and virtualization to make user connections secure – and automatic, Cunningham says. While IPsec tunneling technology that underpins most VPNs won't go away completely, he also predicts some hybrid of tunneling, encryption, and software-defined networking (SDNs) will emerge.
Martin Musto, senior consultant at Optiv, agrees that the VPN market is poised for greater automation and transparency. But he also draws a distinction between site-to-site VPNs and client-to-site VPNs. And it's the latter that needs to change
"IPsec is a complicated protocol to set up, and a tenuous one. And there are a lot of moving pieces in setting up a site-to-site VPN," he says. Client-based VPNs are simpler but more porous. "The billion-dollar winner is the company that figures out how to make this automated, transparent, and [can] manage the endpoint remotely," Musto says. "They have to make it as low touch as possible for the user."
One emerging alternative to conventional VPN connectivity is a cloud-based VPN. Service behemoths like Facebook, Google, McAfee, and Symantec are starting to offer different kinds of proprietary VPNs that promise all the security and less complexity.
In parallel, the explosion of cloud services, in general, along with big growth in IoT endpoints means many new devices requiring VPN connectivity, Musto explains. The security risk of those devices is not well understood at this point, but what is clear is that if a cloud or IoT device gets compromised, then the attacker has the same access as the device or end user does.
The real push in the future is to closely tie the VPN with the user's activity. Musto anticipates smarter applications that are VPN-aware. "Right now, if you're on an enterprise network and an app is talking to another company, there's no way to know if that app is talking to a client on a VPN," he explains. "The app itself doesn't tell you — only the VPN app can tell you."
These pieces of technology are critical to the functioning of the enterprise. Without a secure transport layer, the enterprise fails. And without security for remote workers, it also fails because suddenly their data is available to anyone who can be on the same wire on with them.
"There's still a need for network-level cryptography that will always be there for the enterprise," Musto adds.
(Image: Adobe Stock)
Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, ... View Full Bio