Wed, January 15, 2003 — CIO — It’s not an unusual situation. A doctor on vacation with her family suddenly remembers that she needs to review some test results for a patient. Often, this would mean finding someone at the hospital who could send a fax to a hotel office center?hardly a secure environment. If the doctor had her laptop along for the trip, maybe she could fire up her VPN client and connect to the home office for the info. But what if the laptop stayed home this time? If the doctor was affiliated with the Catholic Health System (CHS) of Buffalo, N.Y., it would not be a problem. She could simply access the records from any computer with a Web browser.

For a previous remote-access project, CHS doctors had to either be at the hospital to retrieve results or they could gain access from their home, laptop or office through a virtual private network. But in order to use the VPN, they needed to download VPN client software, an often cumbersome and time-consuming process. Now CHS is in the midst of rolling out a new application that takes advantage of "instant virtual network" from Mountain View, Calif.-based Neoteris, which provides access to targeted medical records for clinicians via Web browsers using SSL technology.

"There is still a place for the classic VPN when you need full connectivity," says Doug Torre, director of networking and technical services for CHS. "But when you need to provide access to the nontechnical people, SSL VPNs are the way to go."

Neoteris, which sells an SSL VPN appliance, is one of a growing number of vendors offering alternatives to traditional VPNs. So far, however, the vast majority of companies that need to provide remote access for employees or site-to-site connectivity are using VPNs based on the IPsec standard. With IPsec products IT departments usually need to download VPN client software on each laptop or home computer where a user might want to access a company network. But companies are increasingly experimenting with new VPN flavors, including SSL, or clientless, VPNs, as well as Internet gateway appliances, especially for employee remote access. Some are going even further afield by using remote control services such as GoToMyPC, from Santa Barbara, Calif.-based Expertcity.

In the past, companies created private networks by leasing hardwired?and often extremely expensive?connections between sites. An Internet-based VPN, by contrast, takes advantage of the public Internet to securely transmit data between corporate sites, thereby cutting costs. During the past five years, companies have adopted VPNs to provide remote access for mobile workers, connect telecommuters, replace the standard WAN between fixed offices and connect business partners. A VPN works by using the shared public infrastructure while maintaining privacy through "tunneling" protocols that encrypt data at the sending end and decrypt it at the receiving end.