Plugging Into the VPN Money Machine

Posted: 10/1998

Plugging Into the VPN Money Machine
User Survey Reveals Needs and Preferences

By Jeff Wilson

What did we do before all of our employees were attached to data networks, no matter
where they were? Good question. To be honest, I don’t exactly remember what we did, but I
know what we didn’t do. We didn’t spend any money on networks and we didn’t spend any time
managing networks. Longing for those days again, corporate financial folks, network
equipment companies and network service providers all had a get-together and decided to
reincarnate the virtual private network (VPN).

A VPN is a secure private data network that uses the Internet or any other public
Internet protocol (IP) network for transport. A VPN can connect telecommuters, mobile
workers, remote offices and branch offices to each other and to a headquarter’s site. It
also can be used to connect customers, suppliers and businesses. A VPN uses Layer-2 or
Layer-3 tunneling technologies, as well as a host of other security measures (encryption,
authentication, compression, digital certificates, etc.) to achieve both security and

The proposed economics of the VPN bring us closer to the days when we had much smaller
bills for line charges. Instead of paying for leased line, frame relay or asynchronous
transfer mode (ATM) wide area networks (WANs) plus a toll-free number for access remotely,
you simply pay for local IP connections (Internet or otherwise). The tradeoff for lower
costs, however, is management headaches.

icon.gif (618 bytes)
Image: Worldwide VPN Market

This is where service providers come in. There are many opportunities for IP service
providers of all types–Internet service providers (ISPs), interexchange carriers (IXCs),
incumbent local exchange carriers (ILECs), competitive LECs (CLECs), cable companies,
etc.–to make money from VPN services. To do so, however, they need answers to four key
questions: Who are the customers? What types of services do they want? What type of IP
service provider will a customer choose and why? What is the real revenue opportunity for

Who Are the Customers for VPNs?

Believe it or not, companies of all sizes and from many different industries are
looking at VPNs as a viable solution. A study by San Jose, Calif.-based Infonetics
Research Inc., "User Plans for VPN Products and Services 1998," concluded that
needs differ by size.

For instance, many small organizations (those with less than 100 employees) with little
or no networking experience are looking at VPNs as an easy way to build their first remote
access and site-to-site networks. The organization can subscribe to a service from a
service provider, let them handle the network management headaches and the user support,
and come out of it with an incredibly cost-effective network.

Similarly, many medium-sized organizations (100 to 1,000 employees) still remember the
days when they were small companies. They are not yet comfortable with their monthly WAN
and long distance or international dial-up charges, and they are growing rapidly–often
without the information technology (IT) staff to keep up with growth. For these firms,
both cost-savings and management outsourcing options with VPNs are very attractive.

Large organizations (more than 1,000 employees) were the original target for VPNs and
represent about half of the companies looking to implement VPNs. They are feeling pain
from all sides. WAN costs are outrageous; employees are demanding remote access
capabilities in ever-increasing numbers; international toll charges are killing them; and,
worst of all, some of the largest of these organizations have built large enough IP
networks that they could start a second business as an ISP.

What Type of Solutions Do Customers Want?

According to our study, no one type of VPN service appeals to all possible customers.
Some companies are looking for help with design, installation and testing for VPNs. Others
wish to outsource their help desk for remote access VPN users. If their customers require
it, service providers also should offer quality of service (QoS) or service-level
guarantees. Generally, however, service providers should offer the following day-to-day
equipment and service management:

  • The unmanaged customer premise equipment (CPE) solution is simple to offer by reselling
    some type of VPN CPE (firewall, router or multiservice VPN device) bundled with an
    Internet connection. It appeals to organizations of all sizes, as long as they have the
    following in common: They already have an established IT department, they have the need to
    control administration of security on their VPNs, and they are not yet ready to dive
    headlong into the outsourcing world.
  • The managed CPE solution is identical to the unmanaged, except the service provider can
    gain some additional revenue by providing day-to-day management services for CPE. This
    solution may include user support as well. This type of solution appeals to organizations
    that are looking for a little help in the management department, but are still unwilling
    to outsource the whole service.
  • The full VPN service is the big moneymaker for service providers. Using his/her existing
    CPE, a customer connects to the service provider as usual, and all of the work of the VPN
    happens inside the service provider’s network. The service provider has full control of
    day-to-day operations for the VPN; although some offer the end users administration
    capabilities, which allow them to easily add and remove users or sites. This solution
    appeals to the outsourcing-minded organization. The decision to implement usually is
    coming from the top, such as from the chief financial officer (CFO).

What Type of Service Provider Will Companies Choose for VPNs?

Almost 50 percent of the study respondents said they would use an ISP over other VPN
providers, giving ISPs a nod for their data (IP) experience. IXCs came in second at 30
percent; large organizations with national or international needs likely will turn to IXCs
first because of their broad geographic coverage. The rest of the respondents chose
regional Bell operating companies (RBOCs) or CLECs, or had not yet made the decision.

How Do Companies Choose Their Service Providers?

Companies are looking for several very specific things from service providers when it
comes to VPNs. Sixty-four percent of our respondents said it is important to them that
their VPN service provider has a strong reputation for security. VPNs are essentially a
security solution, and network managers are universally uneasy about putting corporate
data on public networks. Fifty-nine percent said it is important that the service provider
have nationwide reach. Companies of all sizes do not wish to change service providers as
their VPNs grow.

Service providers must consider end-user compatibility issues when developing their VPN
services. Seventy-seven percent of the companies interviewed said it is critical that the
new VPN solution be compatible with their existing CPE.

Service-level guarantees are important to organizations looking to migrate to VPNs, as
many plan to run mission-critical applications over their VPNs. The question then is: What
types of service level guarantees do customers want? The honest, but not very insightful,
answer is that the type of guarantee an organization requires depends heavily on the types
of traffic its VPN carries. Current buyer thinking is that customers want guarantees for
network availability, throughput and hosted-server uptime.

So, What Is the Real Opportunity?

At the end of the day, the real question is: How much money can service providers make?
We forecast that in 2001, organizations will spend $8.9 billion dollars on VPN services.
There is ample opportunity in the VPN market in the coming years, and most IP service
providers will be putting together their service offerings and proclaiming them to the
eager masses. Time will tell who the winners and losers are, but this market is likely to
be won by the providers who make the experience painless for their customers from start to

Jeff Wilson is director of access programs for Infonetics Research Inc., San Jose,
Calif. He can be reached via e-mail at

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 67906