ATM PVC as security barrier

["Alfred R. Collins" <collinar () ARAMCO COM SA>]

Our network engineer proposed ATM PVC's as a means to route Internet traffic
across our corporate backbone. Obviously, the best approach is to carry the
Internet traffic on totally separate channels. However, we have to
distribute Internet access to far flung sites on our corporate owned
network, and network engineering does not want to pay for independent
communication channels. They insist on using the existing corporate network
infrastructure because it is already there. I proposed VPN's as more secure
than PVCs. Any other alternatives?  I am looking for feedback on using PVC's
versus VPN's as a security barrier between our corporate network and the
Internet. Note I am proposing that VPN's provide security in the reverse
direction than how they are typically used. Rather than protecting traffic
inside the VPN transversing an insecure network, I am proposing that a VPN
can protect a corporate network from the insecure Internet traffic confined
within the VPN. Is this a valid assumption? Note: both ends of the VPN
terminate at a firewall that we control. Comments?