SSL set to handle bulk of remote access connectivity?

One reader who runs IT for a Fortune 500 company says that he is going to trim back his remote-access IPSec VPN by about 80% and replace it with a Secure Sockets Layer remote access setup.

Why? Because SSL is much easier to implement and manage says the IT chief, whose name is withheld here because he was talking without the approval of his corporate PR people.

The 80% is just the initial group. Eventually, he says he hopes to replace his entire remote-access IPSec VPN with SSL, now that many vendors’ SSL gear can provide network layer access, not just application layer access, to corporate networks.

The initial 80% will use an SSL vendor-supplied integrity-checking mechanism that makes sure the remote computer has a personal firewall and anti-virus software running. This is part of a corporate security policy, which states that any remote machine must be protected from attack or be denied access.

The remaining 20% will transition to SSL when the vendor can support a third-party’s software that does a similar check, but can actually determine whether specific patches, files, registry values and operating system configurations exist before allowing access. This fits with the corporation’s toughest requirements.

Interestingly, he considers the SSL remote access, if it is used at the application layer, more secure than IPSec. His reasoning is that there is no actual connection to the corporate network because the SSL device proxies between the remote computer and the corporate resources. He says this may help prevent the spread of viruses into his network.

If he represents a trend, IPSec may become relegated to connecting corporate sites with other corporate sites, leaving SSL to handle the bulk of remote access connectivity.