For the past few posts I’ve been writing about cloud-based security adoption while focusing on cloud-based firewall as a service, which enjoys high interest among enterprise security architects and staff. There are definitely inherent advantages and disadvantages to moving to a cloud-based firewall and in this post we’ll look at some of these as we work toward making a cloud-based firewall business case. First let’s look at the advantages. What makes a cloud-based firewall different from an on-premise firewall (other than being off-premise) comes down to three things: scalability, availability and extensibility. Scalability: Cloud-based firewall providers deliver services to multiple customers and at the core of their service they use firewalls designed to scale to meet ever-increasing demand. From the enterprise perspective this scalability comes into play when bandwidth increases. Unlike an on-premise firewall that needs replacement when bandwidth exceeds firewall throughput, cloud-based firewalls are designed to scale as customer bandwidth increases—or at least any hardware upgrade has to be made transparent to customers. Availability: Cloud-based firewall providers offer extremely high availability (> 99.99%) through an infrastructure with fully redundant power, HVAC, and network services, as well as backup strategies in the event of a site failure. In contrast, on-premise firewalls are only as reliable as the existing IT infrastructure, which may not be an issue at the data center but could be at the branch. High availability is certainly possible but depending on the manufacturer, high-availability can double the cost of hardware and make operations more complex. Extensibility: Cloud-based firewalls are available anywhere the network manager can provide a protected communications path. Given interconnection agreements between network providers, the footprint of service may extend well beyond the boundaries of any single service provider’s network. An on-premise firewall on the other hand may be deployed at any corporate location, with the associated capital cost (higher for redundancy)—if there is enough space and the necessary out-of-band management connection. So, what about the downside to a cloud-based firewall? Fundamentally, it’s the same issues we see with managed security services: successful security management requires context. Security staff must evaluate an alert in the context of the infrastructure and unique institutional characteristics. To put this in context: “I’m not sure they [managed security providers] gained the expertise [of our environment] that really benefited them. For us, we gain security expertise [from the provider] but we lose internal knowledge. An alert out of context is just as much an issue as an alert without expertise,” says the chief security officer of a manufacturer. A number of companies echo this sentiment: much of the corporate security zeitgeist is lost in the transition to the cloud. The best way to deal with this is to make sure you get multiple references and really dig into the process and procedures the cloud-based firewall provider offers to discover, assimilate and maintain its knowledge of the unique characteristics of your organization, the context necessary to deliver strong firewall security in the cloud.
Verisign Masters of Internet Infrastructure
The DNS Under Your HoodNext Post
Mobile Voice and Data Availability: it’s an internet security issue
I have run Ubuntu 15.04 since the day it was made available, and while it was a great release, one...
Star Wars Rebels, Fireworks, Shakespeare and lots of quests are featured in top iPhone and iPad games.
All of the major announcements from the Google I/O keynote, including Android M updates, Android Pay...
51% of world's population connected by 2019
Cybersecurity professionals must gain experience and get comfortable with virtual network security
In this guide, we’ll discuss the options for DIY home security systems that offer similar -- and in...
From Android M to Google Photos to the updates to Google Play, here are the most important...