As organizations of all sizes continue to move more data and workloads to the cloud, most are facing significant new security challenges. Ninety-eight percent of companies surveyed recently by IDC said they experienced at least one cloud data breach within the previous 18 months, with 67 percent reporting three or more such incidents.
Cloud firewalls address many of the issues creating this heightened risk. The software-based devices deployed in the public cloud offer capabilities similar to traditional on-premises firewalls, but with significant scalability, extensibility and management advantages.
One reason cloud security events are on the rise is that many organizations remain confused about their security obligations with public cloud instances. Too many assume their cloud provider is handling that. Under the cloud’s shared responsibility model, however, providers commit to securing their cloud infrastructure but customers must protect their own data and applications within the cloud.
Another issue is that companies often continue to use on-premises firewalls to secure their cloud-based resources. Although conventional firewalls have been an essential first line of defense for decades, they are poorly suited for protecting cloud-based applications delivered by external service providers across an Internet connection.
The cloud model allows users to access data and apps with a web browser from any location, which is what has made it invaluable for supporting the transition to remote and hybrid workforces. However, it also makes it incredibly difficult to monitor traffic moving in and out of the cloud with an on-premises firewall. Many organizations are still trying to filter cloud traffic by backhauling everything to the data center through private MPLS links.
There are a number of downsides to this approach. For one, it’s quite expensive. MPLS links can cost 100 times more than other broadband connectivity options, and there’s the overhead of maintaining and upgrading on-premises devices. There’s also a performance penalty due to the extra network hops backhauling creates. Plus, it’s incredibly difficult to scale across multiple clouds, requiring you to purchase, install, configure and maintain additional hardware.
A Better Solution
Cloud firewalls eliminate these issues. Because they run on the cloud service provider’s infrastructure in close proximity to your applications and data, they are in a position to monitor traffic without the need for backhauling. The software solutions can also be deployed rapidly with almost infinite scalability. In fact, solutions such as WatchGuard’s Firebox Cloud have auto-scaling capabilities that automatically adjust resources based on the volume of user requests.
Cloud firewalls provide all the familiar features of conventional hardware-based solutions. For example, Firebox Cloud includes the comprehensive portfolio of security services you’d find in WatchGuard’s Firebox Unified Threat Management (UTM) appliances. In addition to traditional intrusion prevention, gateway antivirus, application control and URL filtering, it includes more advanced services for protecting against evolving malware, ransomware and data breaches.
What’s more, Firebox Cloud is compatible with WatchGuard Dimension, a cloud-ready threat intelligence platform. Dimension aggregates data from all your cloud-based and on-premises security appliances to deliver deep visibility into all traffic across the distributed network. A suite of reporting tools allows administrators to gain valuable insights into your security posture and set meaningful security policies from a single dashboard.
Analysts say that up to three-quarters of all workloads are now being processed in cloud data centers, with the volume expected to rise to more than 90 percent over the next few years. While the cloud offers the accessibility and availability required by today’s remote and hybrid workforces, it also introduces a fair amount of risk. Contact us to learn more about using cloud firewalls to extend the reach of your in-house security.