The Virtual Private Network (VPN) is Dying. Here's Why.

A lot has changed since I left college and entered the workforce.  My first “real” job began July 5, 1983 at the company formerly known as Northern Telecom.  My first desk telephone was an analog 2500 set.  I did most of my work on a green CRT (Cathode Ray Tube) screen logged into a PDP-11 via a 9600 baud modem.  There were no cell phones, e-readers, Google, or Microsoft Word.  Heck, in 1983 there was barely a Microsoft.

I don’t want to sound too much like an old geezer reminiscing on a park bench, but I can’t help but marvel at how different things are today.  However, as much as the technology has changed, so has the way I do my job.  My job used to be a place I went to.  If my car broke down, I didn’t work.   If the roads were too icy to drive on, I didn’t work.  If I had to stay home for a repair person, I didn’t work.  I suppose I could have sat down with a pad of paper and wrote PLM code (my first professional programming language) by hand, but that wasn’t very practical.

These days, work is something I do and not a place I go.  I work at home.  I work from airports and hotel rooms.  I’ve worked at my kid’s baseball games and swim meets.  Remember when we used to take sick days?  Now, I just prop myself up in bed and call it my office.  No matter where I am, I have immediate access to email, instant messages, video, and enterprise telephony.  The presence jellybean on my Microsoft Lync client might tell you that I am available, but it doesn’t let on that I am working in a coffee shop in downtown Minneapolis.

Of course, the only thing constant about change is change itself.  It’s true that I have moved from being an office worker to an everywhere worker, but aspects of that are quite different from what they were just a short time ago.

The biggest change for me has to do with three words – Virtual Private Network.  A Virtual Private Network (VPN) is technology that creates a tunnel between a remote device and a corporation’s network.  When I start the VPN on my PC, it’s as if I am sitting in the office connected to the Ethernet jack underneath my desk.   I see no difference in the way my applications run or act upon corporate data.

I clearly remember the days when I would go home, start my PC, fire up my VPN, and start working on the day’s unfinished tasks.  Now, I go home, tuck my PC bag under my desk, pull my iPhone out of my pocket, and get back to emails, IMs, and telephone calls without the use of a VPN.  Yes, there are still times when I need a PC for its screen and keyboard, but even then I rarely start up my VPN.

So, what changed?  How do I gain access to the tools I need without having to connect to the corporate network?

chess king fallen

The King is Dead

A VPN connection secures a device – all of the device.  It creates an encrypted data tunnel between my PC and the VPN concentrator at my company’s headquarters.  In essence, a VPN allows my PC to act as if it is hanging off a very long Ethernet cable.  The upside is that to my PC’s applications, office and home look alike.  The downside is that not only does Microsoft Office have full access to my corporate LAN, so does everything else on my PC.  Any virus or ill-behaved application that sneaks onto my PC has that same unfettered access.

Since this is my work-issued PC, the security threat is the same at home as it is in the office.  However, the same cannot be said about my iPhone.  It’s not a corporate device and my company has no control over what I put on it.  Or how about my personal PC?  I can create a VPN connection on it back to my office and subject my company to anything my kids might have downloaded.

So, what’s a teleworker to do?

The answer is really quite simple.  Instead of securing the device, let’s secure the application and the connection it has back to the corporate network.  In terms of SIP that comes down to three more words – Session Border Controller.   An SBC creates a secure network edge that only accepts and passes SIP signaling and RTP media.  I configure One-X Mobile on my iPhone to point to my company’s Avaya SBC for Enterprise and voila – remote enterprise telephony without having to start a VPN on the iPhone.  It doesn’t matter what else I might have on my mobile device.  The SBC makes sure that only the SIP traffic gets in and out.

This is very similar to how we secure web applications.  The next time you use Outlook Web Access (OWA), make note of the fact that your web browser is using secure HTTP (HTTPS).  Similar to the SIP messages to and from my iPhone, the browser’s stream of data has been secured and not the device the browser is running on.

The benefits of securing the application instead of the device are significant.  My IT department can provide me access to the company’s SIP communications system without having to worry about anything malicious sneaking into the corporate network.  I can load up my iPhone with as many games as I want and not a one of them will get past the SBC.

This holds true for other devices, as well.  An SBC can secure the SIP traffic from an Android phone, iPad, Surface RT, PC, Mac, or any other device that supports SIP communications.  This allows an enterprise to fully embrace Bring Your Own Device (BYOD) while safely managing security risks.

Will there still be uses for VPNs?  Yes, but like modems, VPNs are falling out of favor.  Enterprises are far more security savvy than they were a few short years ago.  Securing applications makes more sense than trying to secure an entire device.  This is especially true since many IT departments have lost control over what their users put on those devices.  They may not be able to control the device or the user, but with tools such as SBCs, they can control the data they allow in and out of their networks.

* * *

This article originally appeared on Andrew Prokop’s unified communications blog, SIP Adventures, and is reprinted with permission.

Related Articles:

Innovation that Accounts for Increased Mobility

Today Avaya announced Avaya Mobile Experience, an innovative offer initially targeted at enterprise contact centers to help them expand the range of digital interactions for their customers, as well as to accelerate the velocity of their digital transformation. Personally, it is a special day for me as I’ve been driving towards this vision and offer for more than a couple of years. There is a strong development-minded and innovation-oriented team at Avaya delivering this new offer to the market.

With the Avaya Mobile Experience, we pose the question: Is there a way for enterprises to take advantage of the rising number of mobile phones—many of which are smart phones—being used to call into contact centers today, that creates a better experience for the customer and greater cost efficiencies for the enterprise?  The answer is a resounding, YES! And here’s how.

Unlike products Avaya has introduced into the marketplace such as Contact Center Elite or Avaya Aura Contact Center, Avaya Mobile Experience is different. It is different because it is not a product, rather it is a service.  The service is rendered from software that sits on the newly created Avaya Cellular Business Network . There are three main elements to this service:

  • Carrier-scale Mobile Core
  • Pay-as-you-go Mobile Network
  • Software assets that sit atop the mobile network

Given Avaya’s leadership and legacy in enterprise communications, we found a willing and energetic mobile partner. We partnered to source a carrier-scale Mobile Core and the pay-as-you-go Mobile Network. The Mobile Experience software that then sits atop the network was created in-house by Avaya. All together, these elements make up the Avaya Cellular Business Network.

How Does Avaya Mobile Experience work?

This pay-per-consumption service starts by first identifying whether a call destined for a number owned by the subscribing enterprise originated from a wireless network or not.

If it is from a wireline network—a landline phone—then it is treated like an ordinary inbound call attempt. However if the call is recognized by the Avaya Cellular Business Network to be from a cellular network, then we can provide special treatment and add contextual information about the call as pre-programmed by the enterprise.

An example of a special treatment the enterprise might offer is the ability to automatically move the mobile callers to a lower cost, more fit for purpose digital channel.  In this case the caller would be asked if they would like a smart phone web or app experience. If the answer is yes, then the caller will be sent a personalized (text) message containing a link to an app or webpage for them to click on and access the information they are calling about. At this point, with the customer now connected to the business via self-service text and web channels, the voice portion of the call terminates automatically. What would have been an expensive voice self-service interaction will be an inexpensive and more satisfying digital self-service interaction with Avaya Mobile Experience. This advances that enterprise’s digital transformation adoption.

If in the course of the digital interaction, the caller still wants to interact with a real person, then the web or app can escalate to real-time media be it voice, video, or screen share (or even co-browse with an agent) giving the customer a mobile, omnichannel experience.

Added Context for Better Customer Experiences

Likewise, when the mobile caller does not want to use the mobile web or an app, then they may be offered a segmentation menu via voice recognition. After selection, the caller will be routed to the contact center via a SIP trunk. However, unlike traditional carrier SIP services, with Avaya Mobile Experience the routing of the mobile customer will include added context that is encapsulated in a special SIP method, known as a MIME attachment.

Additionally by interacting with the cellular network the caller is using, Avaya Mobile Experience verifies the authenticity of the phone’s number and knows about the phone’s home geography. This increases the fidelity of that context. Geographic routes are more effective from the core as a result. Also caller-ID is far less likely to be spoofed. These benefits extend to contact centers universally irrespective of vendor technology.

The added context of the MIME attachment helps the contact center better service the customer. There is no restriction of how the context is consumed. The MIME attachment can be consumed by an SBC or SIP router and then used to influence CTI methods to add context to the call. A modern Avaya Contact Center, for example, might use a Breeze Snap-in for such a purpose.

The net effect is that the contact center can now better service the mobile caller. It helps propel the digital transformation of the contact center and the enterprise. Avaya already has many patents pending for this innovation, and the approach allows us to apply methods for other scenarios that will also reduce friction between the customer and businesses serving them.

Wait! There’s More!

We are also announcing an Identity as a Service solution. This service helps solve the ever-growing problem of ensuring that the person on the other end of the connection is exactly who you need them to be.

As with Avaya Mobile Experience, Identity as a Service also has a no friction adoption method that means consumption billing for what is used, no long term commitments, and a very easy and compelling pricing structure.   And we have other ideas that expand into the Unified Communication space and even payment facilitation. Whenever you wonder whether it truly is a new day at the newly public Avaya, just check out our innovations. We are here to reduce the friction of innovation and transformation.

Your Avaya Developer Journey Starts Here

STEM. Hackathons. Hour of Code. Oh, my…

I’ve been in the developer and ecosystem space pretty much my entire career, and I can’t recall a time when there was a greater focus on strengthening and expanding skills in software development with new audiences. I’m excited to see Avaya making such efforts across our Team and Customer Engagement portfolios with new and expanded APIs, toolkits, and supporting educational materials for Avaya Breeze, Avaya Oceana, and Avaya Vantage.

Start Your Own Journey—It’s Free!

Many of our customers are aware of the value of the DevConnect “Compliance Tested” designation used by our DevConnect Technology Partners to indicate the proven interoperability of their products. But you may not realize that DevConnect isn’t just a testing and partner program. It’s a full-fledged and open developer program for all types of developers looking to leverage Avaya technology. You can freely browse all our developer content and it takes just a few seconds to register when you want to download a specific SDK. And it doesn’t cost you anything to do this.

For example, we’ve added online developer documentation and code samples like integrating Desk Phone Services into custom applications using Avaya Breeze™ Client SDK, which applies to Android-based mobile devices. And to go alongside that, we’ve expanded our Forum Boards to include discussions on developing custom clients for the Avaya Vantage™ Device, as well as made available a full set of source code for a basic Vantage client using the Breeze Client SDK.

But Wait… There’s More!

With the introduction of the Avaya Breeze™ Platform and the Avaya Oceana™ Solution, Avaya’s made available even more resources for developers to leverage in the form of Avaya Collaboratory and the Avaya Snapp Store.

Avaya Collaboratory provides cloud-based, fully configured developer environments to support jump-starting your projects and evaluating the powerful capabilities of Avaya Breeze and the Avaya Breeze Client SDK. Whether building snap-ins using the Java SDK for Avaya Breeze, or learning to create complex workflows in Avaya Engagement Designer, a Collaboratory environment gives you a full Avaya Aura and Breeze software stack to play around with.

And if you’re looking for additional pre-build snap-ins or workflows, there’s the Avaya Snapp Store. Similar to the DevConnect Marketplace, the Snapp Store highlights a range of Avaya-build and third-party snap-ins for Avaya Breeze or Avaya Oceana environments. Some snap-ins can even be purchased directly from the Snapp Store itself, so you can drop them into your own Collaboratory or Breeze environment in a matter of minutes.

And There’s Even More Coming

We’ve been running some very successful hackathon events around Avaya Breeze, Vantage, and Zang in the past few months, so keep your eyes open for more opportunities to get hands on with new Avaya offers. Note that Avaya Learning has introduced a variety of training courses specifically aimed at Breeze. There are also courses for Avaya Breeze Client SDK developers—on Android and Windows and on iOS and macOS, so Avaya developers can continue to build skills on these new and powerful products.

Keep watching the Avaya Developer blog for deeper insights from key technical leads for many of these products, as well as insight into how our customers and partners are leveraging these new technologies through their own application development efforts.

And even if you aren’t yet ready for the latest and greatest of what Avaya has to offer, visit the DevConnect portal—you may be surprised by what you’ll find for the Avaya products you’re currently using.

Continuous Learning: Propelling Forward in a Rapidly and Inevitably Changing World

Whether we realize it or not, advanced technologies like artificial intelligence (AI), augmented reality, and the Internet of Things (IoT) have transformed the way we think about the world around us. From how we protect our schools to the way we navigate our streets to how we shop for groceries, such technology now lies at the heart of practically everything we do today.

Just as these technologies have changed the way we live, they have changed the way we work. Today’s rapid pace of innovation has transformed nearly every business task, process, and workflow imaginable—so much so that industry analysts estimate that up to 45% of activities that employees are paid to perform can now be automated.

This digital disruption—or what many are calling the Fourth Industrial Revolution—without question redefines traditional roles and responsibilities. In fact, research shows that in five years, more than one third of skills that are considered important in today’s workforce will have changed. Even more, analysts estimate that 65% of children today will grow up to work in roles that don’t yet exist.

While we do still see employees that specialize in one skill or expertise, we’ve mostly moved away from the days of hiring an employee for just one job. As technology evolves, so too do the skills required to innovate and propel forward. Looking ahead, employees must have a propensity for continuous learning and adopting new skills to be able to recognize and respond to today’s speed of digital change.

Consider how technology has changed the marketing paradigm. As recently as 10 years ago, marketing platforms like Marketo and HubSpot had only just been founded, Facebook was still in its infancy, and the first iPhone had newly hit the market. As technologies like cloud, social, mobile and big data evolved, however, we suddenly began seeing new tools specifically designed to enhance digital media, social media marketing, and mobile marketing. As a result, companies began searching to fill roles for social media coordinators, digital campaign managers and integrated marketing planners—jobs that were unfathomable 15 to 20 years prior.

Fast forward to today and we’re seeing the emergence of new technology for marketing, such as augmented reality, geofencing, and emotion detection. The continual emergence of new technology perpetually creates skills gaps that must be filled by employees who are passionate, motivated, and invested in their own learning. These kinds of team members are committed to developing new skills and leveraging their strengths to outperform.

But not all employees can easily identify their strengths or develop new skills. This is likely why nearly half of employees today feel unengaged at work, with nearly 20% feeling “actively disengaged.” At the same time, companies are struggling to align employee strengths with organizational priorities. Employees may have certain strengths, but employers may find those skills don’t directly increase operational efficiency or performance. This is why nearly 80% of businesses are more worried about a talent shortage today than they were two years ago.

So, what’s the answer? Employees and employers must work together to identify what roles are currently filled, what skills are still needed, and who best exemplifies those skills. For employees, this means taking control of how they grow their careers and improving for the better. For employers, this means displaying an unwavering commitment to employee reinvestment by understanding key areas of interest to effectively fill skills gaps.

At Avaya, for example, we’re leading an employee enablement program under our Marketing 3.0 strategy. The initiative is designed to help strengthen our marketing organization by equipping employees with the right competencies that reflect our culture, strategy, expectations and market dynamics. By doing so, we can ensure we’re recruiting and managing talent in the most strategic way, putting the right people in the right jobs with the abilities to perform at maximum potential every day. By having each marketing function participate in a simple knowledge profile exercise, we can begin objectively determining development opportunities that best meet their needs and the needs of our business.

As technology continuously evolves, it’s crucial that employees have a propensity for continuous learning and that organizations foster an environment for this learning. In the words of former GE CEO Jack Welch, “An organization’s ability to learn, and translate that learning into action rapidly, is the ultimate competitive advantage.”

We live in a world that is rapidly and inevitably changing. Employees should embrace this change to thrive, and must if they wish to propel business forward. As employers, we are responsible for strategically leveraging our resources to align employee strengths with organizational needs to succeed in this environment of constant change.