A vendor of ours has a client application we use to access data on the SQL Server at their office. They insist that our mobile users can use the application while traveling without the need to connect to their office over a VPN. When I asked how they secured the connect they replied:
With our "Anywhere" hosted infrastructure we have the capabilities to send SQL data over the internet through an encrypted tunnel. We have special hardware that filters SQL requests and encrypts the data between the clients and our servers. It even looks for malicious SQL code and blocks that code.
Everything I've read says roaming client-to-server communications are only safe running over a VPN or by SSH tunneling. Or am I missing some other method that's also safe?