Fixing Your Mis-Deployed NGFW

By Rich Campagna, Chief Marketing Officer, Bitglass

firewall logo imageThe Firewall/Next-Gen Firewall has been the cornerstone of information security strategy for decades now. The thing is, changes in network traffic patterns have resulted in most firewalls protecting a smaller and smaller percentage of enterprise network traffic over time.

This post will illustrate the root cause of these firewall mis-deployments, and how the typical enterprise can correct the issue, restoring the efficacy of their security strategy.

In the beginning

In the beginning, your firewall was in position to protect the majority of your corporate data and applications. Most users were on managed devices, on network (either physically or via VPN), and connected to data and applications inside of the enterprise (private) data center. Everything was protected and the deployment was sound:

premise apps to managed devices

Time goes on

As time went onthe first sanctioned SaaS applications were introduced to the organization. These typically took the form of major SaaS applications like Office 365, G Suite, and Salesforce. Since these applications are publicly available from anywhere, BYOD started to rear its ugly head as well (even if you had held it off in the past). This was the first step towards firewall mis-deployment, with a good portion of corporate data now existing unprotected outside the firewall:

premise apps to BYOD

Eventually, the business got the idea that cloud was easier, more agile, and more cost effective than premises applications, so the demands started to increase. In addition to major SaaS apps, niche industry and/or functional applications started popping up, and the organization began migrating premises applications (both custom apps and package software) to IaaS platforms. Today’s picture for most enterprises looks something like this:

premise apps to IaaS

Results are in

The result? Your firewall is currently protecting only a small percentage of your enterprise applications and data. There is, however, a simple fix for this deployment challenge:

firewall zero to CASB

With the constant wave of applications migrating to the cloud, it won’t be long before we hit Firewall Zero, with Cloud Access Security Brokers taking the firewall’s place as the cornerstone of enterprise security strategy.

Leave a Reply

The name and email fields are solely used to comment on posts. Cloud Security Alliance does no further processing of this data. See Section 3 of the CSA Privacy Policy for details.



Share this content on your favorite Social Network.