common reasons could be :-

- Cost, VPNs and the hardware to run them can be expensive

- Single point of failure. If you run all your remote access through a VPN gateway then you run the risk of disruption if it goes down. Of course you can implement redundnt/multiple gateways but that increases cost.

- Complexity for B2B setups. If you're exposing an API and you want third party services to access it, it can be more complex if there's a VPN involved.

All that said, I still wouldn't run something like this (or indeed most services) directly on the Internet as it's a single vuln. away from problems, however I've seen plenty of services directly visible on the Internet for these reasons. You can spelunk around one of the search engines like Shodan or Censys to get an idea of how many people run application services directly on the Internet.

As well as all the other great reasons listed, you might not want users to have a VPN if for instance they are an external user (e.g. if your client's documentation is on your confluence instance and you want to give them access, it might be a giant pain and bad customer experience to force them to sign into your VPN in order to get access to their documentation).

Some people think VPNs are harmful - see the Google BeyondCorp model.

our VPN is a PITA to connect to.

being connected all the time sucks for zoom meetings as the vpn server is on the other side of the continent.

I love having access to most of my work tools outside the vpn - github, confluence, jira, aws console.

Probably because they’re on a mobile device or essentially monitoring 24/7 would be my guess.