Firewalls were once handy little devices you installed to protect individual computers. How things have changed since then. Cyberthreats have become so widespread and are evolving at such a rapid rate that organizations are struggling to stay secure. However, time and personnel resources have become big issues. Hence, firewall as a service offerings have emerged whereby cloud providers and security providers supply firewall services over the cloud to organizations. This frees up limited internal resources to focus on business priorities.
Here are some of the top trends in firewall as a service:
1. Firewalls remain important
Some say firewalls have gone away. Certainly, they have become one element within larger and more broadly encompassing security suites. Similarly, organizations have delegated their function to the cloud in some cases. But this doesn’t mean firewalls have lowered in importance. They are every bit as important within the security arsenal as they ever were. They are just not as novel as they once were and now must function side by side with a great many other newer and shinier security tools.
Without a firewall in place, organizations are blindly accepting every connection into the network from anyone. And these days, anyone is likely to mean anything ranging from basement hackers to cybercriminal gangs, nation-state operatives, or intellectual property thieves. With no way to detect incoming threats, devices and networks are vulnerable to the deeds of malicious users.
2. Zero trust in the cloud
Zero trust is no longer enough to provide protection for user endpoints and monitor access to cloud apps. More FWaaS vendors are realizing that zero trust within the cloud (of the cloud workloads themselves) is also critical. Gaining visibility into network connectivity and applying security policies that enable least privilege access between workloads has become a top priority.
“Cloud Service Providers led the trend in offering Firewall-as-a-Service to protect cloud workloads but these solutions were missing enterprise security standards and had challenges scaling policies as enterprises cloud footprint increased within a cloud and across cloud,” said Vishal Jain, Co-Founder and CTO at Valtix.
Expect, therefore, FWaaS offerings to change dramatically in the coming year. They will incorporate a lot more zero-trust features and will be able to secure cloud applications, multicloud networks, on-premises systems and devices, and any and all workloads operating anywhere within this tangle of interconnections. They will come embedded with more zero-trust network access features as well as other security features.
3. Convergence of security functions
Dennis Monner, Chief Commercial Officer at Aryaka, takes this trend a stage further by outlining some of the specific security functions that will be combined with or offered as part of FWaaS. Overall, we are seeing clear indications of large-scale convergence among large elements of the security ecosystem.
“The most significant trend that we are seeing across both our customer base and channel partners is that of convergence,” said Monner. “Demand for FWaaS is significant, but it is a part of a larger discussion about reducing complexity across the entire network and security stack.”
Through the lens of where we are in the macro environment, it makes sense. Already depleted IT and security teams are still unraveling the quick-fix deployments they put in place to survive the pandemic. In front of them sits an economy (and budget) that is filled with uncertainty. They are looking for solutions that offer simplicity and flexibility, especially as more of the data they are protecting sits in the cloud.
“We expect to see massive adoption of FWaaS, but this will be integrated with SD-WAN, Secure Web Gateway, and other traditionally siloed solutions,” said Monner.
4. Decoupling of security from the underlying infrastructure
Ratan Tipirneni, President & CEO at Tigera, perhaps put his finger on the pulse of the megatrend that dominates these dramatic shifts in security and firewall services: The decoupling of network security controls from the underlying infrastructure.
“Workloads can and will move across different infrastructures,” he said. “Network security controls have to move with the workload and shouldn’t be tied to the underlying infrastructure so that you can assure complete workload portability.”
He added that network security controls are best implemented upstream in the CI/CD process; and that developers are now starting to play an active role in designing network security controls. They are in the best position to design these security controls since they have a deep understanding of their microservices architecture.