RealTime IT News

Evan Kaplan, President, CEO, Aventail

Evan Kaplan LAS VEGAS -- By a number of different accounts, the SSL-VPN marketplace is a hot one.

Earlier this year Gartner Group forecast that 90 percent of casual employee access will be done via SSL-VPN by 2008.

SSL-VPNs are seen as being easier to manage and utilize than an IPsec -based remote access solution, since from an end user point of view SSL-VPN typically only involves using a Web browser instead of a client-based approach.

The market for SSL-VPN is hardly new. Aventail claims credit for helping to create the market with its first SSL-VPN solution in 1997.

At the Interop show this week here, internetnews.com sat down with Evan Kaplan, president, CEO and co-founder of Aventail, to discuss his company, the market its in and the challenges of competitive networking security technologies.

Q: You've been in the SSL-VPN market since 1997, in that time what do you think has been the most "surprising" changed in the SSL-VPN business/marketplace?

There are two things that are incredibly surprising. The first is how long it took for people to realize that SSL-VPN was the right approach to the problem and IP-SEC was not.

We started the company in 1996 thinking this was going to be obvious to people. But it wasn't until late 2002, 2003 when people started to say that this is where it is all going.

We lived in the wilderness for seven years while others figured it out. It was surprising that we were in the wilderness for so long and then we were amazed when it did finally flip so quickly.

Q: Are there still barriers to adoption of SSL-VPN technologies? Is price the biggest one?

No price is not a barrier. The stuff that people installed in 1996/1997 isn't great, but it works. Broadband penetration is really now hitting critical mass and that to me is the thing that pulls it forward. The thing that keeps it back is that there is stuff out there that kinda works. If it's not broke don't fix it.

Having said that, we grew our business by over 50 percent last year. The market grew by at least 40 percent.

Q: Has SSL-VPN reached the tipping point yet?

I think we're right there. The trends that make SSL-VPN is clearly broadband, different remote access contexts.

The second thing is the real adoption of devices. We're seeing enterprise now pushing mobile devices and accepting what remote access can provide to them.

The other thing that's big for SSL is VoIP. People are doing more and more Wi-Fi-based VoIP.

As these things reach critical mass, that's when our stuff starts to be Strategic -- more obvious and useful.

Q: Do you see NAC (Network Admission Control) and the need for NAC as helping to drive and grow your business? Or are the two technologies really mutually exclusive?

First of all, we have been doing NAC since 2002 and not just us but at least one of our competitors, as well. That means access point and endpoint control. NAC is not a new concept. We feel that we pioneered that relative to the access points. No other access technology did that before we did it and then Juniper quickly followed.

NAC the way it's framed up today only solves about one-eighth of the problem. If you've got to pick a problem to solve, NAC is not that important of a problem.

Here's why I think that is the case: in general the number of applications that use the application data center. It is shifting from being internalized and used by local users to be externalized and used by remote workers.

Pretty soon we're going to reach the critical mass where the majority of people using that data-center infrastructure will be on the outside and not the inside.

Our theory about the way that NAC is constructed is that it is solving a problem that is getting smaller and smaller and it's a problem that is already reasonably solved today.

When people get 802.11x on their LAN, okay it's not perfect but it works.

All the hubbub that I see about NAC is that it just solves the guest problem. I hire a consultant or have some people in the conference room and they plug into my wireless LAN or plug into an Ethernet socket. Frankly, it's a nice problem but it's a niche problem.

The way it's being painted by some, particularly Cisco is that it's a core problem and it's in their best interest to paint it that way. They are trying to build more and more intelligence into the network infrastructure, make it self adapt and self defend.

What we say is from an Internet perspective. Don't think of it that way. Model your enterprise communication model closer to the way the Internet works, closer to the way a large e-commerce concern runs. Which is treat everybody as external.

Use lightweight VPN to access important stuff; protect your network. Keep it reliable and fast but don't make it super adaptive. Use more public infrastructure.

There is a huge benefit from a cost perspective and there is a huge benefit, as most of your users are going to be on the public infrastructure. So why am I spending billions and billions to make myself have a self-defending network when most of my traffic is the public network and that's where most of my constraints are and that's where the primary security model is?

The only thing the network should do is be better performing than a public network, and it should be more reliable. I don't fundamentally believe it's more secure, no matter how much I spend.

We've done this with our own network. We say that you can't get to anything that's in the corporate data center without going through the SSL-VPN.

Always assume that the underlying network is insecure because you lose nothing by assuming that and you gain a bunch of things.

Q: What is the biggest challenge that you face as the CEO of Aventail?

I've got very able competitors, which I think makes the market very interesting and attractive. I think the primary challenge is the one of getting enough distribution for our product.

We're not Cisco. We don't have a monopoly and all our deals are competitive.