Endangered List Alert: On-Premise Firewalls, A Casualty of the Cloud
This article originally appeared on automox.com
The rapid increase in global cloud computing applications is killing off endangered on-premise, behind the firewall species.
The firewall, once known for its self-centered focus on its internal users, an unwillingness to play nicely with others, and an inflexible work ethic that disavows even its own members who work outside its borders, recently moved up three positions on the endangered species list, inching closer to fax machines and beepers. When asked to comment, dial-up internet responded with a series of pings and static before getting cut off by a phone call.
The increasing rate of adoption of cloud applications by companies and their employees, has made the firewall a relic of another time, specifically the late 90’s. The firewall’s discrimination based on location, device, vendor, and operating system is no longer tolerated. People are embracing the advantages and flexibility of being able to work from anywhere, at any time, without limitations.
When asked to comment, one politician who asked not to be named said, “We can not tolerate cloud applications that don’t respect borders! We can’t have these younger, smarter applications coming in and taking away jobs from the old on premises applications. This kind of environment threatens the current less capable population with a more diverse and automated offering. As an American, that’s just plain WRONG!”
As more organizations adopt cloud products like Office 365, enabling their staff to execute their daily work without connecting to corporate through a VPN, IT departments are realizing that they have fallen behind on keeping pace with patching and managing all of their other endpoints. People now natively work across multiple devices and multiple locations, the borders that need protection are always changing, and the firewall can no longer handle this level of omnichannel productivity. Information can no longer be contained on company housed mainframes or data centers.
The demise has been years in the making. The theory of “behind the firewall” traffic containment was designed to keep the outside from getting in and creates a bidirectional choke point. This level of control is no longer an option. With the advent of HTTPS encryption everywhere, lower TCO, and the other benefits SaaS is providing, companies have to let go of this antiquated approach.
Cloud applications on the other hand are notoriously resistant to obsolescence. HTTPS and persistent connections from agents can traverse the firewall and create bidirectional secure connections to cloud services w/o vpn. Their ability to evolve and get smarter every day is but one advantage they have over on-premise applications.
Tesla, for example recently greeted its owners with autopilot capabilities that were pushed over-the-air the night before. This same mechanism was also used to resolve product “recalls”, fine tune the falcon-wing doors of their model X, and improve the user interface of the model S. Thanks to the cloud, no annoying trips to the dealer were required.
Today’s security best practice use security groups to selectively open the ports (TCP/IP) of a server or endpoint that you want to expose to the outside world. This reduces an endpoint attack footprint by essentially turning off outside world access to any default services or software that may be installed (or inadvertently installed) that could contain exploitable vulnerabilities.
The firewall isn’t going the away completely, like the mimeograph or overhead projector, which is a good thing. And in all seriousness there are instances like blocking access to server ports or specific services where firewall tools come in handy. But those holding on to the inflexible policy of keeping everything behind the corporate firewall will struggle to keep up in an environment where employees are simply looking to get work done from anywhere at anytime.