The old proverb “my home is my castle” no longer applies to enterprise IT. Locating the corporate network at headquarters and securing the data center with a fortified firewall consisting of an assortment of appliances just isn’t viable any more. It made sense back in the day when networks were more manageable and threat vectors were less plentiful and pernicious. But today’s reality is far different. Most fast-growing companies have branch offices sprawled across several continents. Plus, the number of applications to which employees need daily access has multiplied. And, with digital transformation, applications are mostly hosted in the cloud—outside the network perimeter.
Say goodbye to the traditional perimeter
Today, employees can set up shop pretty much anywhere—at a home office, an airport lounge, or a branch office. In many cases, mobility is the rule rather than the exception. And that’s where the problems start. In fact, the security perimeter is breached by every branch office and every laptop used outside the company network, making the network vulnerable to malware.
What’s more, the increased use of cloud apps has obliged companies to provide high-speed internet access at every branch office. Users, particularly with apps like Office 365, will not tolerate the latency that occurs when their traffic is steered through centralized security gateways.
The high cost of Multiprotocol Label Switching (MPLS) is another argument against this kind of traffic detouring, given that Office 365 generates around 40% more traffic than the traditional Office implementation. As a result, a hub-and-spoke infrastructure has given way to local internet breakouts. But protecting such breakouts with hardware-based firewalls in every branch office would be enormously costly and complex. And maintenance on the hardware, such as keeping up with the required upgrades, represents a huge administrative workload.
With software-as-a-service (SaaS) solutions—as well as the dramatic rise in applications moving from the data center to cloud providers such as Azure, Amazon Web Services (AWS), and local service provices—most traffic is destined for the internet. Administrators must rethink how users interact with applications.
Depending on the application, firewall strategies can vary. Let’s take a look at some common approaches.
A real firewall in the cloud
As an organization grows and new locations or subsidiaries sprout in places near and far, the concept of a hardware firewall is unworkable. If the number of local internet junctions is in the hundreds, this approach is simply untenable from a financial and organizational standpoint. In a scenario like this, there’s a need for remote administration and policy updates in real time. As bandwidth requirements increase, the firewall must be flexible enough to grow with them.
What’s the solution? Secure users at every location from a cloud security platform. This relegates multiple functions to the cloud: security intelligence, threat management, policy enforcement, real-time logging, and more.
A cloud-based firewall is also the perfect solution for local internet access because it eliminates the administrative overhead associated with deploying and maintaining hardware locally. The only thing that has to be installed locally is a router that builds a tunnel to the nearest location of the cloud security platform. As a result, each location is protected with a local internet breakout that extends to the cloud security platform, making it possible to define policies for each location via a central management console while also correlating the logs for all locations. Even more security functionality is available through an integrated platform approach—and performance is also addressed. Fortunately, most security vendors already provide web security, URL filtering, advanced threat protection, and cloud sandboxes, as well next-generation firewalls.
The next step in firewall innovation is a next-generation firewall from the cloud, a solution that enables digital transformation of firewall applications in the cloud. When it comes to securing organizations with multiple locations, one thing is pretty obvious: we need to bid the hardware firewall a fond farewell and usher in the era of the cloud firewall.