Simple. If services are only accessible through VPN I can’t easily use multiple services at different locations at the same time. Another reason would be that I can’t just use another device to access my service without installing VPN, importing the connection settings and putting a valid logon profile on a device I don’t control.

My work laptop has 6 or 7 different VPN clients to connect to customers networks. That’s nothing I want to have on my private PC or phone. And if I sit at home and the customer uses Cisco AnyConnect like my company it would be hard to access work resources when working on a client. Services published through accessible gateways (with encryption and authentication) don’t have these problems.

If you just want to access your own services from your own devices and don’t want to publish it to strangers a VPN is all you need.