Firewalls In The Clouds

Verisign Masters of Internet Infrastructure

Where is your firewall? Yes, it’s in a rack—but where’s the rack? Increasingly, we find organizations looking to a layered firewall model where the first line of defense is not in a rack in the data center, it’s in the cloud. Organizations are turning to cloud-based firewall services for traditional firewall functions as well as defense against distributed denial of service. In this second part of a three part series we’ll look at cloud-based security services with a focus on the firewall. The firewall is not static. As the pace of change for the business increases, so does the need to continually update firewalls: new applications, new business models, new trading partners, etc. Maintaining firewalls requires significant time and money investment as well as investment in firewall technician training. This increases over time given the continually evolving threat landscape and increase in attack sophistication. Every security team has at least one staff member spending time updating software, monitoring logs and tweaking rule settings for on-premise firewalls in order to continually manage risk by balancing openness with protection. Firewall teams for that manage 24 x 7 operations require six or seven people. Unfortunately, many IT organizations do not have the necessary resources to dedicate to firewall management so it often becomes a responsibility added to network management jobs. IT organizations that do have the financial resources have trouble finding and retaining skilled firewall technicians. Both situations put the organization at risk. Lacking personnel or resources negatively affects the firewall effectiveness. And, as I discussed in my last post, IT security professionals see a cloud-based security services provider’s effectiveness as the primary driver to move to cloud-based security services. This lack of effectiveness is the weak link, setting up a dilemma for information security management: Organizations that want to pay for an on-premise firewall-management program may not be able to find the human resources to be effective. Those that can find the human resources may not be able to afford it. In both cases, organizations must evaluate a cloud-based firewall service. In the first case, this requires finding a service that can meet the corporate risk appetite. In the second case, it requires finding a service that meets the corporate risk appetite and shows a significant return. In my next post we’ll look at the factors that go into a cloud-based firewall cost analysis.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2011 IDG Communications, Inc.