Cloud VPN providers
As mentioned, there's no technical need to invest in a full physical VPN hardware solution. Cloud VPN services let all your clients connect (via the provider's endpoint software) through a hosted server, which then connects to your central resources.
One big advantage of these services is that they're normally timely with fault rectification, since they do nothing else all day. They can also be much simpler to manage for an uncomplicated business setup but you may hit conflicts if you're signed up with a big cloud provider that requires you to use its VPN to access your hosted resources.
Another disadvantage is that several of them only do IPsec and not SSL, so you can't rely on being able to connect from any old hotel lobby or caf. This can cramp a mobile workforce's style.
Nearly VPNs
Depending on your needs, a classical VPN might not be the only, or best, solution. One alternative is remote desktop access, via services such as LogMeIn, TeamViewer and GoToMyPC. These products appeal to managers who fear the complexity and costs of a full VPN, and they tick the key boxes: you can normally connect from anywhere, and the traffic between the controller and the controlled PC is encrypted.
But if you want to take this route, there are some significant issues to consider. Offering a convenient gateway for users to connect to a machine inside your company's firewall means opening up the same opportunity to unscrupulous hackers. Some businesses address this by sending their remote-control traffic over their VPN, just to make you think about that combination. What's more, while the costs may seem low at first, the licensing structure can quickly become expensive and restrictive. Some of the product-support remote-control apps come in at 1,500 per year per starting licence, which may quickly turn you back onto more traditional VPN solutions.
Another idea that could, in theory, replace a conventional VPN service is taking advantage of IPv6 to open a secure connection directly to any internet-accessible device. I've seen Microsoft staff do this in meetings: if they've left a relevant file on their desktop PC back in Redmond, they simply pop open an IPv6 Teredo tunnel, from wherever in the world they happen to be at the time, and grab it.
This shouldn't be taken as a recommendation, however, not least because I honestly have no idea what sort of defences Microsoft has at the edges of its IPv6 network. I suspect that its security resources are formidable indeed, and the number of companies who can match them is evidently small, because I seldom see anyone else even trying to dip a toe in the water.
Indeed, although IPv6 was originally envisaged as a general-purpose transport for connecting any two devices in the universe, there's a whole range of alternatives out there, including completely private protocols, such as those underpinning Amazon's services. Rather than becoming the universal transport, IPv6 may end up being an ancestor of the eventual winner which isn't at all clear right now, and may not even exist yet.
