Skill Level: Any Skill Level

To understand the contrasts between the two, which situations are best for using IBM’s Secure Gateway Service and which are best for VPNs, this recipe will delve into what each actually is and how they both work.


When evaluating the options to safely access organizational data or assets, you may be perplexed by the available options. Both IBM’s Secure Gateway Service and VPNs can be useful in a range of scenarios, but at the end of the day, they are different tools that leverage different technologies. This means that they also have varying use cases in which each is ideal.

To understand the contrasts between the two, which situations are best for using IBM’s Secure Gateway Service and which are best for VPNs, it’s important to delve into what each actually is and how they both work. This post will explain everything you need to know.


  1. Learn: What is Secure Gateway Service?

    Secure Gateway Service is designed to “connect anything to anything.” It is IBM’s scalable and simple solution for connecting third-party cloud environments, on-premise resources, or even devices like laptops to the IBM Cloud. Using Secure Gateway Service, you can create a secure tunnel through which your protected information can flow.

    One of the Secure Gateway Service’s key advantages is that it can be quickly set up and enables users to work around the complex security configurations that are often involved in connecting to on-premise resources. With Secure Gateway Service, all of this can be avoided without having to compromise a network’s security.

  2. What Problems Does Secure Gateway Service Solve?

    Let’s say that an organization runs a hybrid system, with some of its resources kept on its premises instead of in the cloud. A manager is at a conference and needs to access a report, which is normally only available over the local network. They can’t rush back to their desk to access it locally, and the security configurations are not set up for the manager to access the report remotely. They are stuck without the report. If a Secure Gateway had been configured, the manager would have had an easy way to access the report through their laptop.

    Let’s look at another situation: a development team has been charged with making a new app based on microservice architecture. They need to access a range of the company’s resources, many of which are behind firewalls. Whenever they want to access these resources, they have to navigate the complex stream of security policies, taking up a huge portion of the project’s time and causing constant delays. Instead, Secure Gateways can be set up to let the development team access all of the resources they need through IBM Cloud, without wasting time dealing with security policies.

    Many organizations haven’t migrated all of their resources to the cloud. There can be a range of reasons for this, from security to legal or even economic issues. While these issues are important, retaining some resources on-premise can lead to a variety of challenges and difficult situations such as those listed above.

    Secure Gateway can connect different aspects of an application, even if they are behind a firewall. This is especially important in the modern development era, where many apps are developed with microservice architecture rather than in a single-tiered fashion.

    Despite the many benefits of the microservice approach, it does lead to information barriers which cause complications. Secure Gateway Service provides a simple solution that allows the development team to build apps based on microservice architecture, while still being able to easily access the resources they need. It does this all without weakening the security perimeter.

  3. Secure Gateway Service Features

    Secure Gateway Service has a range of features which make it a convenient and secure mechanism to use in situations such as those mentioned above. It provides connections between the IBM Cloud and on-premise networks via a server-client pair. This allows users to access the on-premise resources through the IBM cloud.

    One of its prime advantages is that it can be configured quickly. Secure Gateway Service limits resource access by default, which, as we will discuss later, can be an advantage when compared to VPNs. With Secure Gateway Service, there doesn’t have to be any network downtime, even when enforcing or revoking security policies.

    Secure Gateway Service also allows for a range of configurations to suit different scenarios. Destinations can be set up with mutual authentication TLS, server-side TLS, or without TLS. There is also an access control list which can be used to prevent unauthorized access to each individual resource. Even if a resource has been defined and a public endpoint provided, the resource will not be available until the access control list has been altered to allow it.

    Another feature of Secure Gateway Service is that it can manage the mapping between the destinations of resources. They can be monitored individually through its client or collectively through the dashboard.

    Secure Gateway Service is useful for accessing resources from behind controlled networks, without complications or negatively affecting security. Despite this, it needs to be configured and used carefully to prevent exposing parts of the network. If there are any security concerns, access can be rapidly revoked. Secure Gateway can also be shut down easily if necessary.

  4. How Easy is it to Set Up a Secure Gateway?

    A Secure Gateway can be set up in just a few simple steps:
    • Create a new Secure Gateway in the IBM Cloud.
    • Add the Secure Gateway to the local environment where the resource that you need to access is located.
    • Install the Secure Gateway Service client locally.
    • Create a new destination for the required resource.

  5. Learn: What is a VPN?

    In essence, Virtual Private Networks (VPNs) enable users to share data across public networks as though they were using a private network. They create virtual point-to-point connections using tunneling protocols, encryption, and dedicated connections, which facilitate secure and functional environments for the data to be shared.

    These days, VPNs are used in two major scenarios. The first is for organizations to securely manage their applications and resources across different locations, including between regional offices and remote employees.

    The other major use case is for personal VPNs, which many people may be more familiar with. In these situations, users employ VPNs to avoid censorship, spoof their location to get around geo-restrictions, or preserve their online anonymity. While they work under the same principles, this article will focus on the former, because it is more in line with use cases of IBM’s Cloud Secure Gateway.

    At an organizational level, VPNs are useful for connecting networks between multiple sites, such as the regional and head offices of a company. They can also be used to connect remotely-based devices to the network. This allows a virtual network to be created for an entire organization with many separate locations. Data and resources can be shared and accessed securely by employees across locations, or those traveling or working from home.

    VPNs can use a range of encryption and tunneling protocols to secure user data. Encryption is often AES, while a popular VPN tunneling protocol is OpenVPN. The endpoints of the tunnels are secured with authentication that is generally based on passwords, digital certificates, and two-factor authentication.

  6. How are VPNs Different from Secure Gateway Service?

    One of the key contrasts between VPNs and Secure Gateway Service is that VPNs expose the entire network by default. This is useful if the intention is to share significant amounts of resources over the network, but it requires extensive configuration to secure the resources that you don’t want to share.

    Secure Gateway Service approaches things in the opposite manner. By default, access to local resources is denied. To allow access to a resource, it has to be added as a destination, and authorization needs to be granted in the access control list. This makes Secure Gateway Service a convenient choice if there is a limited amount of resources that need to be accessed, because it involves significantly less configuration to keep other assets secure.

  7. When Should You Use a Secure Gateway and When Should You Use a VPN?

    You can use both Secure Gateway Service and VPNs to connect and access resources through the IBM Cloud, but the ideal option will depend on your use case. If only a limited set of resources needs to be accessed – such as in our scenarios mentioned above involving the manager or the app development team – then a Secure Gateway is probably the best way to go. This is because Secure Gateways are much quicker and easier to configure, and won’t run the risk of exposing assets that were intended to remain closed off.

    On the other hand, if a company needs to share vast amounts of its resources between its head office and regional offices, VPNs can be a better choice. The administrators can then configure the VPN to lock down those resources that they don’t want shared over the virtual network.

    It really comes down to a matter of needs. If you only require granular access, a Secure Gateway can be a much simpler option. For more wide-scale access, VPNs may be a better setup.

Join The Discussion