Firewalls are an essential aspect of modern-day IT security. But they must be set up correctly to facilitate storage processes. They also need to be able to cover the many areas where storage repositories may reside – on-premises and in any of several cloud locations.
Here are some of the top firewall trends:
1. Air gaps
Firewalls can be hacked. They can sometimes be bypassed. While they remain an important element of overall storage security, they are no longer enough. Organizations are supplementing them with a variety of approaches. Chief among them is the air gap. The basic concept is to remove the storage medium completely from the network. By doing so, it cannot be hacked.
Some cloud providers try to provide a virtual air gap in the cloud. But that is far less secure than an actual air gap using tape. The IBM Diamondback Tape Library, for example, provides high-density archival storage that is physically air gapped to help protect against ransomware and other cyberthreats. It is capable of securely storing hundreds of petabytes of data. Its long-term endurance allows tape to store data for up to 30 years.
“With data breaches and ransomware attacks now a constant threat, the IBM Diamondback Tape Library provides critical protection against a variety of threats,” said Scott Baker, Vice President and Chief Marketing Officer of IBM Storage.
2. Protecting edge storage
Julia Palmer, an analyst at Gartner, predicted that more than 40% of enterprise storage will be deployed at the edge by 2025, up from 15% in 2022. Thus, enterprise firewall architectures will need to be adjusted to accommodate this trend. Imagine the problem if expensive firewall architectures can only protect the enterprise storage but offer no protection to close to half the capacity that sits in the edge. Whether firewalls will be extensions of primary firewalls or will be individual smaller firewalls remains to be seen. If the latter is the case, centralized management and alerting will need to be incorporated.
3. Coping with NVMe-oF
NVMe stands for non-volatile memory express. And oF stands for over fabric.
Both are host controller and network protocols that utilize the parallel-access and low-latency features of solid-state storage and the PCIe bus. Of particular interest to firewalls is the fact that NVMe-oF extends access to nonvolatile memory remote storage subsystems across a network.
Some believe that these advances may cause problems to firewalls in some cases. Palmer recommended that organizations using NVMe-oF consider the possibility of replacing physical firewalls with function accelerator cards (FACs), which are dedicated hardware accelerators with programmable processors to accelerate network, security and storage functions. FACs have onboard memory and peripheral interfaces and can run independently, added Palmer.
4. Unified threat management and beyond
Firewall vendors love to change up their nomenclature as they add features. First there were hardware firewalls. Then software firewalls appeared. In the last few years, next generation firewall (NGFW) has been the popular term. More recently, we have seen the emergence of unified threat management (UTM) platforms that promise security in a box. Aimed more at small and midsize enterprises (SMEs), UTM combines multiple network security functions in a single appliance including firewalls, intrusion prevention systems (IPS), secure web gateways, secure email gateways, remote access, routing and WAN connectivity.
Now more change is afoot. Gartner no longer does a Magic Quadrant for standard firewalls or for UTM. It has coined the term network firewall. Others prefer terms such as unified endpoint management (UEM) and unified endpoint management and security (UEMS). Wherever the market heads, the likelihood is that the firewall will remain a foundational item, but its presence may be obscured by being packaged among multiple other functions.
5. Physical firewalls will persist
Despite all this change and the fact that they tend to be packaged within larger suites or security products, firewalls will continue to be a big seller. According to Dell’Oro Group, physical firewall appliance revenue, still accounted for more than 75% of total hardware-based network security revenue in 2020, is expected to continue to grow for the next five years. The analyst firm predicts 7% annual growth until at least 2026. It appears that network and security personnel still like the simplicity offered by a hardware firewall – although the market is gradually shifting to more sophisticated offerings.
“Since the arrival of the first network security appliances in the 1980s, the Network Security market has been dominated by an assortment of purpose-built boxes, but we see a seismic shift taking place,” said Mauricio Sanchez, Research Director, Network Security at Dell’Oro Group. “Between enterprises embracing cloud applications and hybrid work as the new normal, we see them preferring SaaS- and virtual-based network security solutions that serve these use cases better. This is not to say that we see hardware security appliances disappearing, but they no longer represent the vanguard of network security they once were.”