We’re still in an era where the term firewall is typically thought of as a tool for securing data center architectures because that’s what a next-generation firewall is designed to do. However, as organizations continue to inch closer to the cloud era, many are still using traditional firewalls to secure cloud workloads and applications. Is this the best way to approach security in the cloud? It might be worthwhile to step back and take a look at the cloud security requirements moving forward before continuing to implement the same security tools in an entirely different environment. For example, you need to find out if the firewall integrates with the cloud fabric, or provides a full-featured API, or if the pricing aligns with current cloud consumption models? This all depends on if the firewall is engineered for the cloud — ultimately it’s about having the right tool for the job. But don’t take my word for it, let’s ask someone who spends a lot of time in the cloud.
Q & A with Tim Jefferson, VP Public Cloud, Barracuda
Q: Does the cloud require a different set of security tools?
A: It’s critical to understand the cloud environment that your applications will be deployed in, and the native services that the IaaS provider offers to achieve security control coverage. Then, customers can instrument in their required controls that leverage the provider’s deployment best-practices. This means not necessarily bringing in legacy data-center architectures and tools, which tend to be ‘anti-patterns’ in the cloud. For example, perimeter-based firewall architectures are highly effective in a data center, but can become sources of friction when deployed in the public cloud. The public cloud also offers customers agility, while being consumed differently than traditional IT. Those who are building in the cloud, like DevOps teams, for example, are looking for the same agility when deploying security controls — specifically for ways to consume and deploy third-party security tools via API.