The migration to cloud hosting of the past decade has triggered major changes across the ecosystem. Business systems, IT needs, and security practices all needed to be modulated to stay relevant to the new reality of computing and data storage.
Notably, we’ve seen cybersecurity teams move away from static, isolated protections like firewalls, which focus on perimeter defenses, and towards smart, responsive security strategies like SASE (Secure Access Service Edge) frameworks.
There’s also a growing awareness of the vital role played by a different kind of protection that recognizes and combats threats which have already penetrated the network. These include phishing attacks, compromised credentials, malware and ransomware attacks.
However, firewalls have held onto their place in the cybersecurity toolkit, albeit in a new incarnation and with renewed capabilities.
Cloud security is constantly changing
It would be a mistake to talk about cloud migration as a one-off event with a clear beginning and end. In many ways, the shift to the cloud is still underway, with attitudes to cloud adoption constantly evolving.
The first big cloud migration saw companies decamp to public cloud solutions, although private and hybrid cloud already existed. Public cloud offered a number of benefits, particularly in supporting remote work, so it’s not surprising that it became so popular during the pandemic era. Now we’re seeing a new phase, with business users choosing a modulated version of cloud hosting.
Organizations aren’t moving away from the cloud, but they are increasingly deciding to repatriate their data to new variations of cloud, especially to private cloud. A number of motivations underlie this swing, including costs, which are soaring for public cloud; data privacy and security concerns; control over infrastructure; and most of all, anxiety about data ownership and AI.
I’m hearing a lot of nervousness from business leaders that AI models such as OpenAI’s ChatGPT and Google’s Gemini will use data that’s stored on the public cloud to train their public-facing AI models. This creates a huge risk that your proprietary, private data could be leaked into the public realm, blunting your competitive edge and potentially compromising your ability to comply with data privacy regulations like GDPR, HIPAA, and CCPA.
At the same time, there’s a shift from IaaS and PaaS towards SaaS as providers of cloud services. This has a knock-on effect on security choices. Companies are increasingly choosing standalone cloud workload security (CWS) providers over all-inclusive behemoths like AWS, Azure, and Google. In fact, Forrester predicts that platform specialists will squeeze out native cloud platforms’ security capabilities by 2025.
Firewalls are evolving to fit the times
As part of this shift, firewalls are making a comeback in a new form as Web Application Firewalls (WAF). Traditional network firewalls block any unauthorized external user, making them too rigid in more ways than one. They block legitimate users who are trying to log in from an unrecognized device, which happens a lot in the days of remote work, BYOD, and round-the-clock responsiveness. However, they also fail to protect against certain subtle types of attack like SQL injections.
The WAF plays a different game. It protects apps, not networks, so it’s more flexible than traditional firewalls. A WAF sits in front of your apps to inspect every internet-based traffic HTTP request and check server responses for patterns that indicate web app attacks. Only requests that it can verify as non malicious are allowed through the firewall.
This greater flexibility enables a WAF to secure businesses against a whole swathe of threats, including XSS attacks, DDoS attacks, SQL injection attacks, code injection, cookie signing, custom error pages, request forgery, URL encryption, session hijacking, buffer overflow, and command and control (C&C) communications. Security leaders can set specific rules to define malicious behavior that should be blocked, even if it’s coming from an authorized user.
Additionally, today’s WAFs can keep up with evolving cloud preferences. They can be hosted in different locations, such as network or hardware-based WAF, host-based WAF, or cloud WAF. While network WAFs are expensive and host-based WAFs are complex to install and maintain, cloud WAFs have some key advantages. They are subscription-based, fast to deploy, easy to configure, and have access to constantly-updated threat intelligence. Many cloud WAFs come with managed services for incident response and to define security rules.
Even cloud WAFs can come in different flavors. You can choose between public cloud firewalls, firewall as a service (FaaS), and even next-generation firewalls (NGFW). These are packages that come bundled with network firewalls, deep packet filtering, advanced threat prevention, intrusion prevention system (IPS), and DNS security to deliver holistic protection.
At the cutting edge of firewall technology, we’re seeing a move to automated smart WAFs. These use machine learning (ML) instead of being rules-based, for added versatility and resilience. With rule-based firewalls, you need to constantly update rules so that they remain relevant, but automated WAFs learn what constitutes normal behavior patterns and adapt independently to recognize emerging threats.
New cloud systems need new protections
In an era of cloud security, firewalls remain relevant, but only as one part of comprehensive defenses. WAFs are, in my view, vital for robust cloud security, but they are just one element in a complex ecosystem. Tools like SASE, endpoint security, access control management, and phishing awareness education are all required to secure the many moving parts in your wider digital environment.