Firewalls are aptly named, because they stop the spread of flames beyond the wall, and help to preserve the building itself from falling down or burning to a crisp. The metaphor works just as well with malware defense as it does fire safety, but now that we’ve moved to the cloud en masse, “fire” can spread further and faster than ever. No longer are we protecting on-site resources. Our hardware and resources are thousands of miles away, and sometimes we don’t know if ignition has been sparked before it’s too late – for ourselves and the millions of others sharing the same cloud.
Firewall as a Service (FWaaS) has emerged to bring the concept of a firewall to the cloud, and among the other security tools that companies have relied on, it has been a helpful tool in escorting companies through a safe cloud transition free of malware and unauthorized access. But they haven’t always been as necessary as they are now. For compounding reasons, FWaaS is more than ever a mandatory component of the security toolkit in place for businesses of any size.
Resources moving to the cloud is a natural pursuit of more efficiency, which is a business staple. For organizations, it’s easier to consume storage and bandwidth as a service than it is to run the hardware supplying these things. For their part, cloud providers have also benefited immensely by switching from selling hardware to renting it over the internet. These are basic concepts to nearly everyone who has used computers in the last 20 years, but cloud computing is actually much older than we tend to realize, and this context is important to understanding the rise of FWaaS.
Though we like to think in terms of when we started uploading photos to iCloud or using Google Drive, cloud computing actually began way back in the 1950s with the first mainframe computer, and evolved from there. However, only recently have firewalls evolved alongside virtual machines and increased bandwidth availability through the internet, taking the very concept of a physical appliance, and transplanting it into cloud infrastructure.
Because security reacts to the trends happening elsewhere, and molds itself to be the antithesis to the latest attacks, it is always late to the party, and especially to the cloud as entertainment and commercial ideas took priority. This meant that firewalls weren’t on the cloud until many other things were first, so most companies still applied clunky physical appliances to their growing cloud networks. Another reason that FWaaS hadn’t appeared at the forefront of the cloud movement was because it’s purpose is to protect infrastructure, and IaaS (Infrastructure as a Service) didn’t become popular until long after SaaS.
The blooming of SaaS before IaaS was largely due to the ease with which a SaaS product can be hosted – even on a single machine under your desk – so it made sense why a physical firewall would suffice as SaaS matured. No longer. Now, the increasing embrace of IaaS and the wholesale movement of entire departments onto the cloud has meant that firewalls simply must be a part of this environment.
As companies move to the cloud, their IT teams have discovered that relying on old firewalls is more than inefficient for configuration and integration. It also reduces visibility over the network and resources within the network that are now a few degrees of separation from the office premises itself. The old perimeter guard approach, where firewalls are the sentinels standing inside the moat of the “network castle”, doesn’t work when resources are no longer inside the walls and are not thoroughly protected by cloud providers.
Moreover, a quickly-multiplying number of mobile devices are now connecting to these cloud resources, so IT teams struggle to define their network perimeter, let alone protect it. FWaaS solves this problem by integrating easily with third party cloud infrastructure, giving IT a looking glass into how users are accessing SaaS products such as Salesforce, AWS, and Google Suite, and the centralized, cloud-based access management panel for them to control traffic through these resources and fight malware.
As workers move from offices to their homes, FWaaS has become a central tool that IT teams can use to provide safer remote access. This idea hasn’t changed, but the way it’s being delivered to businesses is, as single-purpose security tools “as a Service” are going through the same cloud consolidation process that productivity and entertainment products did not long ago. Firewalls and other things like VPN tunneling and Single Sign-On are better for security in today’s mobile environment, but when orchestrated independently of one another are still risking network security.
This is why a new idea in the industry, SASE (Secure Access Service Edge) has zeroed in on FWaaS as one of its cornerstones. Security providers are racing to provide SASE platforms since Gartner introduced the idea late last year, but they must first collect and provide the tools that deliver SASE’s promise: unified network security on the cloud edge. FWaaS, CASB, SWG, MFA, Cloud VPN, and other security services are part of this single unified platform. FWaaS is one of the most important pieces of the SASE puzzle and one of its core functions, because it has a unique job that other components can’t do.
Thanks to growing SASE platforms like Perimeter 81 and the FWaaS functionality provided as part of this consolidated, cloud-native offering, organizations are able to aggregate their traffic effectively from all resources and enjoy total visibility across them, with no hardware involved. Though it’s true that the acronym FWaaS is now standing in SASE’s immense four-letter shadow, it cannot be discounted.
Because even alone, FWaaS has merit when paired with some other basic security tools like VPNs. Companies with simpler networks, a few SaaS resources, and smaller teams can rely on a basic setup like this to mime the cloud security chops of SASE until growth demands an even more scalable solution. FWaaS is central to a safe future on the cloud any way you slice it, and will