For more than a decade, analysts and security pundits have declared the firewall era over and said that organizations had likely already signed their last firewall-related contract. First, it was the fact that mobility was rendering the perimeter irrelevant. Then they said the cloud was going to eliminate firewalls. Now there is talk that zero-trust security approaches will cause the firewall’s demise.
Yet, despite these bold predictions, few security professionals have removed all firewalls from their computing environments. Ignoring the shade thrown at them, firewalls soldier on.
Indeed, changes in technology and business led to significant evolutions in the firewall world. A shift has taken place from simple, stateful inspection technology to next-generation firewall offerings.
As organizations’ needs changed, the selection process and use of firewalls also changed. On top of this, it is well understood that firewalls cannot protect everything and that moving to the cloud changes how organizations use firewalls. Today, many companies are asking whether the firewall as a service (FWaaS) model is the next step in that evolutionary process.
What is firewall as a service?
FWaaS offerings provide perimeter protection without requiring organizations to deploy dedicated firewall hardware to each business location. Instead, a FWaaS provider operates a centralized firewall service that consolidates traffic headed to all locations operated by the organization. This includes main corporate headquarters, remote branch offices, mobile users traveling in different countries and cloud services operated by or on behalf of the organization. No matter the source or destination, the FWaaS offering can implement a consistent security policy across all traffic.
Relative to the long history of firewalls, FWaaS is still in the early stages of deployment. Gartner estimated in September 2019 that less than 5% of distributed firewall deployments took advantage of FWaaS. However, Gartner also predicted that number would quadruple to 20% by 2024.
4 key FWaaS features
The more complex an organization’s network footprint, the more likely it will benefit from the consolidated management of FWaaS. Four key features delivered by this approach include the following:
- Streamlined policy enforcement. Security teams can define their security policies in one location. Teams can then depend on the FWaaS platform to enforce those policies across all locations, both on premises and in the cloud.
- Increased network visibility. The use of a managed platform ensures all traffic is logged to a centralized location. Distributed firewall deployments are infamous among security teams for either being unproperly configured to log centrally or going unnoticed when logs stop arriving. FWaaS providers can integrate with an organization’s SIEM to provide consistent delivery of important security information.
- Simplified scalability. Organizations experiencing bursts in demand can rely on their firewall provider to scale successfully and meet that demand. The scale of cloud-based firewall services enables them to easily absorb bursts of traffic generated by a single customer.
- Enhanced reliability. All services experience failures, but FWaaS platforms are engineered to provide high reliability and providers’ 24/7 teams monitor performance to quickly detect and resolve service issues.
Is it time organizations adopt FWaaS? The answer is a definitive “maybe.” Organizations with a complex firewall deployment that are at a natural firewall architecture decision point should definitely have FWaaS on a list of possibilities. Otherwise, keep this technology on your radar for the next major refresh.
This was last published in September 2020
Dig Deeper on Network device security: Appliances, firewalls and switches