Network security is a foundational cybersecurity issue, and the rise of Secure Access Service Edge and security service edge are leading the shift of network security controls from on-premises to the cloud.
Network security occasionally gets a bad rap as a legacy technology. It can be overlooked compared to hotter growth areas, such as cloud and identity security. The truth is that the network security market has been undergoing a transformation for years and remains a foundational component of any cybersecurity program. The rise of SASE and SSE put a label on a well-established trend: the shift of on-premises controls to the cloud.
In addition to shifting controls to the cloud, infrastructure in the cloud needs to be protected. Until recently, security teams have had two main network security options for protecting their cloud infrastructure, each with its own set of pros and cons:
- Use firewall tools from the cloud service provider. Often favored by cloud teams and organizations born in the cloud, cloud service provider (CSP) firewalls offer ease of use due to native integrations with the CSP’s infrastructure and management console. TechTarget’s Enterprise Strategy Group research, “Network Security Trends in Hybrid Cloud Environments,” found that 48% of organizations using CSP firewalls do so for ease of management, while 46% do so for ease of deployment.
The security capabilities of these tools might not be up to par with what organizations are accustomed to using on premises. Firewall vendors have spent years optimizing intrusion detection systems, intrusion prevention systems, sandboxes and other advanced security options available on their firewalls. CSP offerings don’t always provide the same type of functionality.
- Use virtual instances of traditional on-premises firewalls. Virtual firewalls are often deployed by large, multi-cloud organizations that need to protect hybrid infrastructure across multiple CSPs. They help security teams extend what they’re used to on premises to the cloud, which provides consistency from management and policy perspectives. Virtual firewalls also provide the same security capabilities as hardware firewalls, ensuring strong protection in the cloud.
Enterprise Strategy Group research found that 51% of security teams using virtual firewalls in the cloud do so for better alignment with their organization’s structure and skills — i.e., what they’re used to. Unfortunately, this VM model is not natively integrated with the cloud infrastructure, making deployment and ongoing management more difficult. Administrators typically must deploy load balancers and manually add VMs as the environment grows, which somewhat negates the elasticity the cloud is supposed to provide.
Cloud-native firewalls could be the answer
Third-party firewall vendors are now introducing cloud-native firewalls that offer the best of both worlds. Cloud-native firewalls are deeply integrated with the CSP infrastructure, providing autoscaling and removing the need to manually configure load balancers. Via integrations with cloud-native services, such as Terraform, firewalls can be automatically deployed as new resources are spun up or as virtual private clouds are brought online. Further, updates are applied automatically, reducing the need for security teams to manage this sometimes cumbersome process.
Cloud-native firewalls are available via a CSP’s marketplace and typically offer flexible, consumption-based pricing that aligns with how organizations purchase cloud infrastructure services. Perhaps most importantly, they offer the same level of strong security services enterprises are used to running on premises.
Palo Alto Networks and Fortinet have made strides in this area with deep partnerships with AWS, Azure and other CSPs. Cisco acquired Valtix to improve its cloud capabilities as well, with a focus on multi-cloud. With the benefits of this model so clear, other firewall vendors are sure to follow. Like everything, these transitions can take time. Security leaders should begin to reevaluate their current cloud network security strategy to understand how a cloud-native firewall could benefit their organization.
Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.