A lot has changed since I left college and entered the workforce. My first "real" job began July 5, 1983 at the company formerly known as Northern Telecom. My first desk telephone was an analog 2500 set. I did most of my work on a green CRT (Cathode Ray Tube) screen logged into a PDP-11 via a 9600 baud modem. There were no cell phones, e-readers, Google, or Microsoft Word. Heck, in 1983 there was barely a Microsoft.
I don't want to sound too much like an old geezer reminiscing on a park bench, but I can't help but marvel at how different things are today. However, as much as the technology has changed, so has the way I do my job.
My job used to be a place I went to. If my car broke down, I didn't work. If the roads were too icy to drive on, I didn't work. If I had to stay home waiting for a repair person, I didn't work. I suppose I could have sat down with a pad of paper and wrote PLM code (my first professional programming language) by hand, but that wasn't very practical.
These days, work is something I do and not a place I go. I work at home. I work from airports and hotel rooms. I've worked at my kid's baseball games and swim meets. Today I am working from the cabin in Detroit Lakes, Minnesota.
Remember when we used to take sick days? Now, I just prop myself up in bed and call it my office. No matter where I am, I have immediate access to email, instant messages, video, and enterprise telephony. The presence jellybean on my Microsoft Skype for Business client might tell you that I am available, but it doesn't let on that I am working in a coffee shop in downtown Minneapolis.
Of course, the only thing constant about change is change itself. It's true that I have moved from being an office worker to an everywhere worker, but even aspects of that are quite different from what they were just a short time ago.
The biggest change for me has to do with three words: Virtual Private Network. A Virtual Private Network (VPN) is technology that creates a tunnel between a remote device and a corporate network. When I start the VPN on my PC, it's as if I am sitting in the office connected to the Ethernet jack underneath my desk. I see no difference in the way my applications run.
I clearly remember the days when I would go home, start my PC, fire up my VPN, and start working on the day's unfinished tasks. Now, I go home, tuck my PC bag under my desk, pull my iPhone out of my pocket, and get back to emails, IMs, and telephone calls without the use of a VPN. Yes, there are still times when I need a PC for its screen and keyboard, but even then I rarely start up my VPN.
So, what changed? How do I gain access to the tools I need without having to connect to the corporate network?
A VPN connection secures a device -- all of the device. It creates an encrypted data tunnel between my PC and the VPN concentrator at my company's headquarters. In essence, a VPN allows my PC to act as if it is hanging off a very long Ethernet cable. The upside is that to my PC's applications, office and home look alike. The downside is that not only does Microsoft Office have full access to my corporate LAN, so does everything else on my PC. Any virus or ill-behaved application that sneaks onto my PC has that same unfettered access.
Since this is my work-issued PC, the security threat is the same at home as it is in the office. However, the same cannot be said about my iPhone. It's not a corporate device and my company has no control over what I put on it. Or how about my personal PC? I can create a VPN connection on it back to my office and subject my company to anything my kids might have downloaded.
We are all aware of the Target security breach. Hackers snuck malware into Target's Point of Sale (PoS) devices that allowed credit card numbers to be stolen at the time of a shopper's purchase. The malware was successful because it was able to situate itself between the PoS application and the device's encryption software. So, even though the data was secure on the Target network, there was a point in time when it could be easily read and therefore stolen.
Most VPN software acts like a device driver that is only invoked when data flows in and out of a PC's network interface. Like the Target PoS device, this creates a security gap where unencrypted data is readily available to malware and other nasties that might exist on a user's PC. Most applications don't concern themselves with security because they expect something else to handle it for them.
The answer is really quite simple. Instead of securing the device, let's secure the application. In terms of SIP and unified communications, that comes down to three more words: Session Border Controller. An SBC creates a secure network edge that only accepts and passes SIP signaling and RTP media. I configure Avaya SIP Communicator on my iPhone to point to my company's SBC, and voila -- remote enterprise telephony without having to start a VPN on my iPhone. It doesn't matter what else I might have on my mobile device. The SBC makes sure that only the SIP traffic gets in and out.
This is very similar to how we secure Web applications. The next time you use Outlook Web Access (OWA), make note of the fact that your Web browser is using secure HTTP (HTTPS). Similar to the SIP messages to and from my iPhone, the browser's stream of data has been secured and not the device the browser is running on.
The benefits of securing the application instead of the device are significant. My IT department can provide me access to the company's SIP communications system without having to worry about anything malicious sneaking into the corporate network. I can load up my iPhone with as many games as I want, and not one of them will get past the SBC.
This holds true for other devices, as well. An SBC can secure the SIP traffic from an Android phone, iPad, Surface RT, PC, Mac, or any other device that supports SIP communications. This allows an enterprise to fully embrace Bring Your Own Device (BYOD) while safely and responsibly managing security risks.
Will there still be uses for VPNs? Yes, but like modems, VPNs are falling out of favor. Enterprises are far more security savvy than they were a few short years ago. This is especially true since many IT departments have lost control over what their users put on those devices. They may not be able to control the device or the user, but with tools such as SBCs, they can control the data they allow in and out of their networks.
Andrew Prokop writes about all things unified communications on his popular blog, SIP Adventures.
Follow Andrew Prokop on Twitter and LinkedIn!
@ajprokop
Andrew Prokop on LinkedIn
