SECURITY CHECK-IT: STEP 8

The Firewall in the cloud era

One of the first things one thinks about when talking about security is the Firewall. This device has been the gatekeeper for perimeter security for decades and has evolved from a simple shield to a device that can inspect and protect all traffic between the secure inside world and the evil outside world.

And that is our business problem today. Especially since Covid19, people all over the world started working from home massively and we saw an increase in the use of cloud services like never before. According to AXA (tijd.be), hackers have been more active than ever since Covid19 and there are no indications that we will return to the old days of working only in the office behind the big old Firewall.

What can we, as a business, do.

The first reaction of IT might be: we need to upgrade the Firewall to cope with all users working from home. Although from a classic infrastructure point this seems a logical step, it has a lot of drawbacks. A hardware firewall is not an elastic computing device. So it will either quickly come to its physical limits or we will get an over dimensioned device at a very high cost. There is the maintenance aspect of updating and configuring policies which can be complicated.

The last but probably most important drawback is the backhauling of all traffic through the corporate Firewall. This means that all internet traffic from home workers will be sent from their computers to the office and then to the internet / Office 365. The results are that you do not only need a very powerful Firewall, but also an expensive fiberglass internet connection with high upload capacity.

When employees are working globally, backhauling causes latency because traffic needs to be sent from, for example, Sydney to Brussels before it breaks out to the internet. As a result, the end users will experience slow responding to almost non-functional applications.
On the security side of things, on premise Firewall are incapable of securing cloud / SaaS applications like Office 365.

The modern approach to this problem is a Firewall in the cloud.

Companies like Zscaler run their Cloud Firewall on multiple data centers all around the world. Clients connect to this Cloud Firewall directly over the Internet. These powerful data centres are not bound by the on premise drawbacks like processing power or available bandwidth. They also do not suffer from latency because they are both globally dispersed and give priority to Office 365 traffic.

This cloud firewall allows us to protect SaaS applications, by only allowing them when tunnelled through the cloud firewall. Operationally, deploying policies to users in the cloud is easier than doing so on X amount of Firewalls in branch offices. By excluding the possibility to forget one Firewall, this solution is more secure. End users will have an engaging workplace due to direct internet access and less tickets with VPN or bandwidth issues.

On the financial side we save costs on:

  • Hardware Firewalls and subscriptions for every location
  • Management of all the individual Firewalls
  • Bandwidth / internet connections for the Offices
  • Office space due to smooth home working.

Do you have any questions or would you like to exchange more information about Firewalls? We will gladly help you! Send an email to [email protected] and we will contact you as soon as possible.

Related Tips

Based on our years of experience, we’ve created a 15-step plan, offering free advice to bring your security to a higher level.
Read all about it.

Checkit campaign