Firewall as a service (FWaaS) refers to a cloud firewall that delivers advanced Layer 7/next-generation firewall (NGFW) capabilities, including access controls, such as URL filtering, advanced threat prevention, intrusion prevention systems (IPS) and DNS security.
The concept of the FWaaS is not about simply virtualizing appliances. FWaaS enables organizations to eliminate firewall appliances and simplify their IT infrastructure. Centralized management from a single console enables organizations to eliminate the challenges of change control, patch management, coordinating outage windows, and policy management associated with NGFW appliances while delivering consistent policies across the organization wherever users connect.
Backhauling traffic to an NGFW at a corporate or regional data center made sense when applications resided in the corporate data center, and the majority of workers were found in corporate or regional offices. However, applications began moving out of the data center and into the cloud, and organizations had increasing numbers of remote branches and workers. The workforce moved off the corporate network and began connecting from everywhere, making traditional approaches to networking and security, including the NGFW, insufficient. That’s because NGFWs, just like other appliances, were never designed with the cloud in mind.
Cloud applications, such as Salesforce and Microsoft Office 365, were designed to be accessed directly via the internet. Therefore, internet traffic must be routed locally to deliver a fast user experience. Routing traffic back to NGFWs in corporate data centers to egress to the internet no longer makes sense.
However, applying traditional security approaches to local internet breakouts means organizations would need to replicate the corporate security stack at every location. This requires deploying NGFWs or stacks of security appliances in every branch office, an option that is simply not viable in terms of the cost and complexity of deploying and managing them all.
As stated earlier, NGFWs were never designed to support cloud applications. NGFWs are easily overwhelmed by cloud apps because they cannot scale to support the high volume of long-lived connections the apps create. They also cannot natively handle SSL-encrypted traffic. This has become increasingly important with the exponential growth in encrypted traffic during the past several years. To execute SSL inspection, NGFWs must bolt-on proxy capabilities that execute SSL inspection in software, rather than at the chip level. This has a significant impact on performance and results in a negative user experience.
As organizations embrace a cloud-first approach, they still need to deliver enterprise firewall capabilities across the organization for all users and all locations. Unfortunately, NGFWs were architected more than a decade ago and are not designed to support cloud applications or the dynamic requirements of the cloud-first enterprise. And, their virtual firewall counterparts have many of the same limitations and challenges as traditional NGFW appliances. It makes sense that as applications are moving to the cloud, your firewalls move to the cloud as well.
Cloud FWaaS allows organizations to establish secure local breakouts for all applications without security appliances to buy, deploy, or manage. Security capabilities, including full Layer 7 firewall, are delivered as a cloud service that scales elastically to handle SSL inspection, growing bandwidth and user demands, and cloud application traffic with long-lived connections. Centralized management from a single console enables organizations to deliver identical protection for any user, on any device, wherever they connect—whether they are at the corporate office, visiting a local branch, or working from home.
FWaaS (also known as Cloud Firewall in Zscaler parlance) provides multiple benefits over NGFWs, including:
Shouldn’t you be moving your firewalls and security to the cloud? Request a demo to learn how cloud firewall as a service can provide greater security and agility for your organization.