More and more companies are moving resources and infrastructure to the cloud. In view of this development, conventional firewalls are reaching their limits. […]
The current development of the modern working world suggests that both traditional and cloud environments are converging into a world in which use cases for hybrid security infrastructures will dominate the future of network security. Here, SASE approaches can provide companies with the highest degree of flexibility to interact and work on both sides of the spectrum as the transition to this new world of work progresses.
The consequence of the current development is that more and more companies are moving resources and infrastructure to the cloud. This migration has exposed the limitations of traditional firewalls, which are no longer able to cope with the security problems typical of hybrid and virtualized environments. This results in two of the most important requirements and characteristics that a network firewall of the future must meet:
The management of a dispersed management and control layer, in which the control and control of the firewall functions can be flexibly maintained in the more “traditional” perimeter use cases, while at the same time adopting a policy construct that is also applicable in the cloud. A technology that can ensure that the customer experience and thus the adoption of the new approach will be positive across both deployment types and use cases is therefore essential.
The scalability of the processing data level must also be a key factor. The still necessary on-premise deployment requires things like SD-WAN, internal security processing and connectivity – but also needs to be able to handle even higher speeds than before due to upgrades in connectivity infrastructures like 5G. Whereas firewalls deployed in the cloud have to cope with the sudden increase in processing requirements, as users work more and more mobile and in different time zones online. Therefore, a data layer that works for both scenarios and at the same time provides a similar user experience is also very important.
As a result of this development, we will see more and more services such as Secure Web Access, Zero Trust Network Access and SAAS Access Security – and they will become a mainstay for companies, as they are convenient for customers and will soon also be familiar. Upon closer examination of these services, it quickly becomes clear that they are essentially concerned with accessing public websites and public/private applications. The next natural evolution for these offers will now be to send all traffic and data to these services. It creates a natural place where firewalls as a service can be added as an offer. While so far mainly large corporations use these platforms, the offers are now available at an ever better price-performance ratio and are thus also interesting for SME customers. In this way, we will eventually see an ever-increasing shift from on-premise firewalls to SASE platforms.
However, firewalls will always have a place in the zero trust model, unless we believe that all forms of networks cease to exist and network-to-network communication practically dissolves. At the moment, perimeter placement is an increasingly important factor for organizations – but this transformation will not take place overnight. It is precisely in these uncertainties of a hybrid working world that the flexible SASE model can score points, include firewalls in various forms and thus work coherently with the zero trust principles. The possibilities are endless here.
*Michael Veit is Technology Evangelist at Sophos.