For more than 20 years, companies either managed their edge firewall appliances or had service providers rack-and-stack appliances in their data centers and did it for them. This was called a managed firewall — an appliance wrapped with a managed service, often from a carrier or managed security service provider. The provider assumed the management of the firewall box, its software, and even its policy. But customers ended up paying for the inefficiency of dealing with appliances (i.e. “grunt work”).
A new architecture was thus needed – a transformation that shifted the focus from an appliance form factor towards a true cloud service. This is the Firewall as a Service (FWaaS). The promise of FWaaS is to provide simpler and more flexible architecture by leveraging centralized policy management, multiple enterprise firewall features and traffic tunneling to partially or fully move security inspections to a cloud infrastructure. Some of its elements are discussed in more detail below:
Single, global firewall instance. With FWaaS every organizational resource (data center, branch, cloud infrastructure or a mobile user) plugs into the FWaaS global service and leverages all of its security capabilities (application control, URL filtering, IPS, etc).
Seamlessly scales to address inspection workload. FWaaS provides the necessary compute resources to perform all security processing on all traffic. It can scale to accommodate increasing needs (e.g. growing SSL traffic volume) without disrupting the customer’s business operations.
Enforcing a unified policy. In heterogenous firewall environments security policy is hard to configure and enforce increasing exposure to hackers and web-borne threats. Contrast that with a single cloud-based firewall that uniformly applies the security policy on all traffic, for all locations and users.
Self-maintained. Because the cloud-based firewall software is maintained by the FWaaS provider, the firewall is kept up to date by quickly fixing vulnerabilities and bugs, and rapidly evolving with new features and capabilities that the customers can immediately access.
FWaaS is a viable alternative for IT teams that waste time and money to sustain their distributed edge firewall environments — the so-called appliance sprawl. With FWaaS, they can now reduce the operational and capital expense of upgrading and refreshing appliances as well as the attack surface resulting from delayed patches and unmitigated vulnerabilities. By simplifying the network security architecture, FWaaS makes IT more productive and the business secure.