The extranet emerges . . . right on cue

IT executives also should also take a long look at some of the IP VPN services that are emerging, as I discussed in my last column. Many include extranet capabilities already, or can be customized to provide secure third-party access. The upshot? Like a certain bellybutton-baring diva, extranets are, “Stronger than yesterday – now it’s nothing but my way.”

I’ve written a lot about the emergence of extranets and extranet service providers, starting back when “extranet” was the buzzword du jour and Britney Spears was the latest cultural sensation. Now that extranets seem to carry the same cultural cachet as “Baby One More Time,” it might be a good idea to take another look at how they are evolving.

Some background: In 1999, I made a handful of predictions about the evolution of WAN services, including frame relay, ATM and IP services. Here’s the short version: Frame and ATM would hold steady through about 2002-2003, at which point IP services would begin to emerge as the dominant next-generation enterprise network. The predominant driver for IP services? Extranets.

I even had a slide that conveyed these trends graphically, with a horizontal timeline showing frame relay and ATM deployments diminishing over time while IP services deployments grew dramatically. The intersection of the curves occurred around May 2003, marking an industry inflection point labeled “Extranets happen here.”

Was I right? Preliminary signs say yes. Companies are deploying IP VPNs in record numbers – virtually every organization I’ve spoken with has deployed, or is considering, an IP VPN. A big driver is the ability to gain effective access to external sites and organizations. As an IT executive at a large information-services firm told me recently, “More than 50% of the traffic on our WAN is external. So why have a WAN at all?”

Moreover, “resource externalization” is huge and getting bigger. In a recent Nemertes security survey, every company we spoke with reported that it made at least one type of resource (files, data, applications) available to outsiders. “You have to assume there’s no such thing as an internal application anymore,” one IT executive says.

So what are the effects for IT executives? For starters, companies need to considerably enhance their security models. The first step in securing most organizations is hardening the perimeter: securely locking down the firewalls, VPNs and intrusion detection/prevention systems to ensure that bad guys stay off the network.

However, if the goal is to open up the organization and its associated resources to third parties, the notion of perimeter hardening begins to lose its potency. What’s needed instead is a more sophisticated security architecture that provides graduated access to resources permissions that are based on a user’s identity. Many organizations are beginning to put into place a three-tiered security model that addresses such issues.

IT executives also should also take a long look at some of the IP VPN services that are emerging, as I discussed in my last column. Many include extranet capabilities already, or can be customized to provide secure third-party access. The upshot? Like a certain bellybutton-baring diva, extranets are, “Stronger than yesterday – now it’s nothing but my way.”