Security remains a major roadblock to true e-government. Citizens demand certain privacy rights, and agencies must protect the sanctity of their networks. Traditionally, this meant the adoption of wide area networks (WANs) that required expensive equipment, dedicated lines and a large IT staff to maintain operations.
"We could not find nor afford network administrative
staff for installing, upgrading, billing and supporting remote access," said David Lewis, CIO of Massachusetts.
Lewis turned instead to virtual private network (VPN) technology. The network runs over the Web, so the price tag is considerably reduced. But do lower costs result in compromised security? Or do VPNs represent a viable method of connecting a dispersed user community within a secure perimeter?
The word "virtual" often connotes "not even close to." But its true meaning is "practically the same as." Fortunately, with VPN technology, the latter definition applies.
"While there have been a lot of networking technologies that havent lived up to the initial hype, that is not the case with VPNs," said Gary Smith, an analyst at Dataquest. "In fact, their acceptance has come a little bit faster than anticipated."
In support of this statement, Infonetics Research reports that worldwide revenue for managed VPN services is expected to grow from $541 million in 1999 to $3.7 billion in 2001 and $12.2 billion in 2003.
VPNs are catching on due to improvements in security, as well as their significant financial advantages. Connecting four buildings via WAN typically requires six dedicated lines. As a result, many jurisdictions cant afford to hook up police and county court systems or even databases within one agency.
A VPN uses a single Internet connection rather than dedicated lines and relies on data encryption techniques to keep information private. In essence, a VPN enables two private networks to be connected securely over a public network. It accomplishes this by establishing an encrypted tunnel that acts as an extension of the private network, riding on the back of the existing Internet infrastructure. Encryption is accomplished via software that is installed in each computer that accesses the VPN. Because a VPN functions comfortably on top of the existing telecommunications infrastructure, it costs a fraction of the amount needed to establish and maintain a WAN.
To enter the network via desktop or laptop, a user enters a logon ID and password. Once a message is ready, the data is encrypted before relay. At the other end, the receiving terminal decrypts it. This process occurs automatically, so the user is not burdened with additional steps.
Although VPNs have several layers of built-in security, individual users still need to protect the data on their own machines. Lewis said all VPN subscribers in Massachusetts are required to use anti-virus and personal firewall software. Further, each person who wishes to remotely access the network is required to sign an acceptable use agreement and a remote access statement. This increases awareness of a users security responsibility.
But how secure are VPNs? For some, VPNs have developed over the past couple of years into a dependable enterprise technology. "Security is on every managers mind, and VPNs are the technology of choice for secure IP communications," said Jeff Wilson, director of access at Infonetics Research.
Kentucky started a VPN service a year ago. "The VPN is ideal for agencies that have mobile or remote employees but are con cerned about the potential security risks of confidential information being intercepted," said Aldona Valicenti, CIO of Kentucky.
Others, however, remain skeptical, pointing out that, like the Internet, security is an evolving discipline.
Although many regard VPNs as secure enough for government deployment, additional security tools are becoming available that can further enhance network security. Digital certificates, for instance, provide agencies with a high level of user authentication.