More and more companies are moving resources and infrastructure to the cloud. In view of this development, conventional firewalls are reaching their limits. A comment by Michael Veit, Technology Evangelist at Sophos.
The current evolution of the modern workplace suggests that both traditional and cloud environments are merging into a world where hybrid security infrastructure use cases will dominate the future of network security. This is where SASE approaches can offer organizations the utmost flexibility to interact and work on both sides of the spectrum as the transition into this new world of work progresses.
The consequence of the current development is that more and more companies are relocating resources and infrastructure to the cloud. This migration has demonstrated the limitations of traditional firewalls, which are no longer able to address the security challenges inherent in hybrid and virtualized environments. This results in two of the most important requirements and properties that a network firewall of the future must meet:
- The management of a dispersed administration and control plane, in which the command and control of firewall functions can be flexibly maintained in the more “traditional” perimeter use cases, while adopting a policy construct that is also applicable in the cloud. A technology that can ensure across both deployment types and use cases that the customer experience and hence adoption of the new approach will be positive is therefore essential.
- The scalability of the processing data layer must also be a key factor. Still-needed on-premises deployment requires things like SD-WAN, internal security processing and connectivity – but also needs to be able to handle even faster speeds than before due to upgrades in connectivity infrastructures like 5G. Whereas cloud-deployed firewalls must cope with the surge in processing demands as users become more mobile and online across different time zones. Therefore, a data plane that works for both scenarios while providing a similar user experience is also very important.
As a result of this evolution, we will see more and more services like Secure Web Access, Zero Trust Network Access and SAAS Access Security – and they will become a mainstay for businesses because they are convenient for customers and will soon be familiar. A closer look at these services makes it clear that they are essentially concerned with accessing public websites and public/private applications. The next natural progression for these offerings will now be to send all traffic and data to these services. It creates a natural place to add firewalls as a service as an offering. While up to now mainly large corporations have been using these platforms, the offers are now available at an ever better price-performance ratio and are therefore also of interest to SME customers. In this way, we will eventually see a larger and larger shift from on-premises firewalls to SASE platforms.
However, firewalls will always have a place in the Zero Trust model unless we believe that all forms of networks cease to exist and network-to-network communications virtually disintegrate. Right now, perimeter placement is an increasingly important factor for organizations—but that transformation won’t happen overnight. It is precisely in these uncertainties of a hybrid working world that the flexible SASE model can score points, including firewalls in various forms and thus working coherently with the Zero Trust principles. The possibilities are endless here.