Firewalls as a Service (FWaaS); the future of network security

Firewalls as a Service (FWaaS); the future of network security

Does your organisation still have a physical (or virtual!) appliance for a firewall? Its days may be numbered. Developments in cloud solutions are creating an upward trend toward cloud-based security services. Cloud firewall deployments are becoming the norm in many enterprises. Firewall as a Service (FWaaS), otherwise known as ‘Cloud Firewalls’, has surfaced as a standalone product and a key element of the overarching Secure Access Service Edge (SASE) architecture. FWaaS is helping meet enterprise security requirements and improve network connectivity and end-user response times.  

Here we help build your understanding of what FWaaS is, why companies are considering it as part of their security strategy, and why it is an integral part of the SASE architecture.

What is FWaaS?

Much like a fire-proof wall prevents flames from travelling through a building, network firewalls prevent unauthorised access to, or through, an organisation’s network. They act as an inspection gateway, stopping malicious data from entering or exiting the secured network.  

Firewalls have been an essential element of network security since their invention in late 1980, just before the launch of the web browser in August 1991. The rest, they say, is history. As companies move their applications and data to the cloud and people work remotely, firewalls continue to evolve.

FWaaS is the latest version of the Next Generation Firewall (NGFW). It operates the same way as an ordinary hardware-based firewall; however, instead of installing a firewall appliance on a physical server, it puts the same capability to the cloud. FWaaS provides a centrally managed exit point for all staff’s internet access (e.g., corporate headquarters, remote and branch offices, mobile users) without backhauling the traffic through the corporate data centre. It leads to end-user performance improvement, reduced network and link costs, and removal of the DC bottleneck. As a result, FWaaS permits the data centre firewall to focus on its primary role – protecting the corporate servers and data. 

As a corporation no longer manages the infrastructure or software patching, security staff can focus more on performing a role that creates real business value – protecting the corporate data. By centralising administration, a consistent security policy can apply across all staff traffic.

How Does FWaaS Work?

Firewalls enforce rules developed by the organisation’s IT administrators that ‘gate’ what staff can access (e.g., Web sites/categories, IP addresses). When prohibited behaviour is detected, users are blocked and alerted accordingly. As mentioned above, this is very similar to a legacy on-premises firewall; however, it is conducted “in the cloud” using an FWaaS provider. 

Installing the firewall is comparatively easy, often only involving changing a company’s router settings. As soon as the network links to the FWaaS provider, network traffic travels through the provider instead of the company’s firewall.

Why do companies need FWaaS? 

With more companies adopting the cloud, and an increase in remote workers, network complexity is intensifying. As a result, the network permitter has changed. Where corporate data was previously on-premise, data is now in “the cloud”. A centralised firewall introduces latency due to backhauling data to the central corporate firewall, which may require high network bandwidth to improve performance, which in turn flows on to needing a larger firewall to accommodate the extra traffic flowing. 

FWaaS addresses these inhibitors by providing dedicated, corporate-controlled security services located close to the end-users and the data they seek to access. Shorter paths mean lower latency and better response times. Corporate security is enhanced with a firewall to user access and lets the data centre firewall focus on its original function of protecting the corporate data centre. 

IT teams can now build customised cloud-friendly security models protected by enterprise-grade firewalls as a vital part of a cloud strategy.  

The Benefits

FWaaS is the answer for companies looking for enterprise-level network security solutions but is still in the early stages of deployment. In September 2019, Gartner estimated that less than 5% of distributed companies deploying cloud-firewalls took advantage of FWaaS. However, as the benefits become more widely known, the number will likely quadruple to 20% by 2024(1).

Here are some of the reasons an increasing number of companies are leaning towards FWaaS:

Simpler architecture – FWaaS manages corporate user traffic by leaving the current data centre based physical firewall to handle only data centre related traffic, thus simplifying the firewalls’ configurations by dedicating them to specific tasks.   

Scalability – FWaaS scales “on-demand” compared to the physical firewall, requiring life cycle management and capacity planning. When additional throughput is needed, it can be enabled within hours or days at incremental pricing with no disruption to service.

Unified Security Policy – FWaaS provides a single egress point for all staff, whereby enforcing a standard policy without addressing the potential multiple egress points that may exist today.

Easy to install and manage – Companies can easily integrate FWaaS into their existing IT infrastructure – no complex implementation.

Easier maintenance – FWaaS firewalls are always current, so there are no risks of late or missed software updates. IT staff have more time to plan the infrastructure’s future needs rather than on routine maintenance.

Complete network visibility – Together, FWaaS and SD-WAN can implement a single logical managed platform. Companies have full visibility and control over their user internet and WAN traffic from one centralised location. In turn, companies can get consistent delivery of critical security information (e.g., data breach). 

Cost-effective: Business units can configure and manage FWaaS remotely. Thus, eliminating the need to purchase, license, install, maintain, and update hardware and software. Simply put, FWaaS is ideal for businesses of all sizes as it can reduce costs significantly while maintaining the safety of all their data.

Challenges of FWaaS

The following are challenges (not disadvantages!) companies may face when they adopt FWaaS :

  • Resistance to Adoption: Enterprise businesses may be hesitant to move a critical function like security into the cloud. They may be willing to forego all the cost savings and operational conveniences of FWaaS and continue to stay with legacy firewall appliances.
  • Concerns about Network Latency: As mentioned above, integrating SD-WAN and other cloud services with FWaaS makes it a more attractive solution for enterprises. While doing this, FWaaS providers need to guarantee a network latency comparable to or better than that of legacy firewalls.
  • Data Centre Traffic: Corporate servers in data centres have different access requirements linking inbound connections. FWaaS are maturing in this space, but it’s not there yet. Currently, the data centre still needs its own firewall/internet service. We expect this limitation to reduce over time. Telstra has released their Secure Edge product, which addresses these constraints.

FWaaS & SD-WAN

FWaaS provides several benefits as a standalone solution; however, when it converges with other technologies such as Software-Defined Wide Area Networking (SD-WAN), companies can restructure their network and route it directly to its destination without sacrificing security and visibility. FWaaS and SD-WAN can significantly enhance performance and serviceability and reduce the dependency on the corporate WAN. Together, FWaaS and SD-WAN are essential components of the emerging cloud-based networking architecture known as Secure Access Service Edge (SASE). 

FWaaS & SASE 

When aligning to the SASE framework, FWaaS connects with other cloud-based security components to develop an architecture that provides inline protection and access control at the network edge. SASE is becoming the framework for securing organisations. SD-WAN’s capabilities address connectivity constraints, restricting heavy end-user access by creating a reliable firewall connection for office, branch, remote and mobile locations.

Together with FWaaS and SD-WAN, the SASE framework incorporates Cloud Access Security Brokers (CASE), Secure Web Gateways (SWG), and Zero Trust Network Access (ZTNA) to defend the network from potential threats. 

Making the Switch to Firewall as a Service (FWaaS)

Is your organisation ready to adopt FWaaS? The answer is ultimately dependant on where your company’s network strategy is going. An SD-WAN strategy aligns with cloud-based FWaaS. SD-WAN with FWaaS will reduce the load and complexity on the centralised corporate firewall whilst providing a better end-user experience to corporate users due to better egress pathing.

Companies with a complex firewall deployment will still need to maintain an on-premises firewall; however, Telstra’s Secure Edge FWaaS is a new option that places the firewall on the edge of your existing MPLS network. This solution provides a Next-Gen Firewall which protects both corporate users and the systems in the data centre. 

FWaaS, either cloud-based or Telstra’s network-based solution, should be considered when you review your network or firewall strategy. 

Oreta partners with vendors to offer customers cloud-based FWaaS solutions that have Next-Gen functionality. Our strategic partners include Palo Alto Networks, Checkpoint and Cisco. With our advisory, delivery and managed service capabilities, we can ensure that our customers benefit from a SASE or FWaaS solutions. Contact us today for a non-obligatory conversation about your company’s security requirements. 

Resources

  1. Top 4 firewall-as-a-service security features and benefits (techtarget.com)
Roundtable – Secure SD-WAN; foundation for your digital strategy

Roundtable – Secure SD-WAN; foundation for your digital strategy

Secure Access Service Edge (SASE), pronounced “sassy” supports secure branch office and remote worker access. SASE’s cloud-delivered set of services, including Zero Trust Network Access (ZTNA) and Software-Defined WAN (SD-WAN) is driving rapid adoption. Gartner predicts that by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at the end of 2018.

More and more companies are evaluating their network connectivity in the new world, post-pandemic, and the importance of encompassing secure network technologies as part of their digital strategy.

Recently Oreta, together with VMware, hosted a dynamic technology roundtable discussion that mainly focused on the future of SD-WAN and Secure Access Service Edge (SASE).

Moderated by Oreta ’s MD, Sachin Verma, several insights and tips were shared during the conversation, including;

Key Insights

  • SD-WAN is not a question of if, but when. SD-WAN is hardwired; driven more by a cloud strategy than a network strategy.
  • SD-WAN overcomes the challenge faced with less than agile Telcos assisting with speed to market.
  • SASE (Secure Access Service Edge) is not a bolt-on. It has to be part of your network strategy when deploying SD-WAN.  It provides greater convenience, however, with convenience comes a price.  
  • A company’s security posture depends on what network platform a business uses. More companies are moving towards a user-based security architecture.

Key Takeaway

  • COVID was an eye-opener to many companies regarding the influence technology has on business outcomes. IT needs to take decision-makers (e.g. IT procurement and finance) on the journey from awareness, education, and adoption, and bridge the knowledge gap that exists within some organisations.

Moving Forward – Customer and Partner Expectations

The conversation extended its focus to the importance of developing a healthy working relationship between a customer and their technology partner when resolving connectivity issues and upgrading from a legacy WAN to secure SD-WAN.

There are three fundamental components customers look for when appointing a technology partner. They include;

  • Technology partners must have a proactive outcome-based approach to advising/guiding customers on emerging technologies and trends. Don’t just promote the next ‘shiny’ offer,
  • Technology partners should have a genuine willingness to solve a problem – no matter what the issues may be,
  • Customers want to purchase an outcome and not be tied down with issues, so that they can concentrate on more strategic aspects of the business.

There are three fundamental components a technology partner looks for when working with a customer, including;

  • Customers want to have trust in the value of the advice and service provided,
  • Customers want to adopt a collaborative approach with their chosen technology partner, and work together to develop a successful outcome,
  • Customers want their technology partner to be readily available to work with them to resolve issues as and when they arise.
Oreta achieves Microsoft Gold Partner status

Oreta achieves Microsoft Gold Partner status

Oreta has achieved the Microsoft Gold – Certified Partner status in the Cloud Platform solution competency.

Attaining this status is no easy feat and is only achieved by a very small percentage of Microsoft’s global partners. Partners, such as Oreta, which accomplish this status have met the highest standards of Microsoft’s widely recognised partnership program.

Microsoft has a policy of strictly assessing all its partners, and several criteria have to be met before any certification is awarded. Oreta achieved its gold status after passing rigorous examinations, and our technical specialists attaining their Microsoft Azure Administrator Associate certificates.

Sachin Verma, MD, Oreta, said that “Our Microsoft gold partner status adds to our capability stack. It proves that we have deep expertise in deploying cloud solutions that will put us at the top of our partner ecosystem.”

The gold partner status is a testament to Oreta’s commitment to Microsoft’s cloud services. It will enable us to have a higher level of engagement with our Microsoft contacts, as well as boost our internal research and development efforts, and consequently offer greater support, both technical and commercial, to our cloud customers, especially those who have or are considering investing in Microsoft Azure.

Mr Verma said that, “With the Microsoft Gold Partner status, Oreta is now accredited as a Microsoft Azure specialist, our customers can now leverage our expertise to deliver advanced cloud solutions and take our customers even further in its journey to cloud.

If you looking at replacing or augmenting your on-premise servers, Microsoft Azure could be the right solution for you. If you’re interested in learning about its full potential and ways you can use it, talk to one of our technical experts today.

Talk to us about your cloud needs

Transforming with SD-WAN

Transforming with SD-WAN

What is SD-WAN?

SD-WAN (Software-Defined Wide-Area Network) allows for a new way to manage WAN connections such as broadband internet, 4G, LTE, or MPLS. It connects networks of all sizes from SMB to enterprise — including branch offices and data centres — over large geographic distances. 

Customers no longer need to invest in expensive, proprietary technology to get the connectivity they need. SD-WAN allows customers to a range of technologies to deliver higher values of service.

SD-WAN essentially virtualises the network and abstracts much of the complexity from the customer. It is now possible to use lower-cost links for backup (think NBN or 4G) as opposed to paying for different path point to point connections. All the management of these links are centralised, and traffic can be routed via the most appropriate path. This approach can significantly assist organisations who are looking to deploy into Hybrid and Multi-cloud environments.

Getting your design right

While many SD-WAN solutions may make it sound simple to deploy and manage, it is crucial not to miss the design phase of your overall network requirement. Understanding traffic flows, firewall rules, application dependencies and system performance needs to bring any SD-WAN project to a halt. It is also crucial to build a level of future-proofing into your design. Incorrect sizing of the equipment to meet your future business needs is a very typical issue that hits many organisations. SD-WAN allows you to scale your network bandwidth needs, but it needs to have the capacity itself for the number of users going through it, especially for things like remote VPN and FW throughput.

How can we help?

Oreta has multiple in-house resources that can assist you in understanding and transforming your network to meet your changing business requirements. Many of our resources are certified with our industry partners and are technically adept at working across several WAN technologies, routing and deploying SD-WAN. 

We have a profound understanding of our partners SD-WAN applications, including VMware by Velocloud and Cisco’s full Cisco SD-WAN stack, from small to medium business products (Meraki) to large scale enterprise (Viptela). Also, we have a strong background in integrating connectivity options from Telstra, Equinix, AWS, Azure and Google Cloud Platform (GCP).

Oreta can tailor your SD-WAN solutions, using the lowest cost links while giving you the highest levels of service and security. 

If you would like more information, please get in touch with us here.

What’s Multi-Cloud?

What’s Multi-Cloud?

Multi-cloud is the use of more than one cloud platform that each delivers a specific application or service. A multi-cloud architecture can be made up of two or more public or private clouds to achieve a business’s IT goals. 

What is the difference between hybrid cloud and multi-cloud?

There are several distinct differences between Hybrid cloud and multi-cloud architectures.

Traditionally ‘Hybrid cloud’ has meant the combination of private (either on-premises or hosted in a datacentre) and public cloud infrastructure, with application tools used to orchestrate and deploy workloads and manage the balance between the two.

Multi-cloud by contrast has more of a strategic emphasis. Enterprises use multiple cloud providers to meet different business requirements. At its most granular, multi-cloud is made up of various IaaS, PaaS and SaaS services with the cloud-native applications being the most mature, which are built up from containers and microservices, and provided by different cloud providers.

The main difference between the two is ‘Hybrid cloud’ refers to multiple cloud platforms, multi-cloud refers to multiple cloud services or vendors.

Benefits of a multi-cloud approach?

Many businesses nowadays have adopted a multi-cloud strategy by deploying applications and services across several cloud environments.  There are many reasons for this, including:

Remove Vendor Lock-In – one of the most common reasons organisations adopt a multi-cloud strategy is the desire not to lock into any particular cloud provider. Enterprises recognise that no one provider can be everything to everyone. A multi-cloud approach gives organisations the flexibility to identify and partner with the vendors that have best-of-breed solutions that best align to their business needs.

Improved Performance – organisations with a wide range of cloud-based workloads can minimise latency and other performance barriers, such as packet loss, by investing in multiple cloud providers closest to where the applications and users are.

Compliance Management– Data governance often requires customer data to be held in different locations. Using a multi-cloud strategy improves adherence to such policies.

High Availability and Resilience – All cloud providers, even hyperscale ones with multiple geographically dispersed, redundant datacentres – suffer outages from time to time. If organisations put their dependency only on one cloud provider, they run the risk of their mission-critical applications becoming unavailable. A multi-cloud strategy allows for better security, failover, and disaster recovery – and resilience.

Challenges

Although a multi-cloud strategy has its advantages such as greater flexibility and scalability, it can also cause complexity in deployment and management, including:

  • Security and governance are more complicated. There are more “moving parts” which may create resiliency issues.
  • Organisations could suffer a paradox of choice when having to select the right cloud products and services.
  • Management complexity could become a problem especially if multi-cloud is adopted in an ad hoc manner rather than been planned from the ground up.
  • Organisations could experience perimeter dissolution.In a single cloud environment, it is easy to build a perimeter to protect sensitive data and workloads which are residing in the same cloud. With a multi-cloud approach, data is spread across multiple cloud locations, making it easier to access, traverse across different cloud locations and blur the lines. Therefore, strategies zero-trust become imperative to implement.
  • A multi-cloud approach does not provide the same level of visibility as a single cloud environment. As underline infrastructure becomes more abstract, as more clouds are adopted, operation levels could reduce as does the level of visibility and control.
  • Organisations need to dedicate significant time monitoring all their assets (e.g., cloud functions) and resources across their entire multi-cloud environment, especially as modern software architecture continues to evolve, and their life span becomes shorter.
  • As every cloud operates differently, organisations need to have robust policy and access control protocols to protect their data and workloads. Organisations need to be able to uniformly apply these policies and access control across their entire cloud environment.

Is a multi-cloud strategy right for you?

Cloud computing adoption is well established in enterprises, SMEs, and start-ups. But how much cloud should a business adopt? How should workloads be deployed across public, private, and hybrid clouds? And if multiple cloud providers (public and/or private) are used, which ones should you choose, and how can they be managed to a business’s best advantage? These are all questions organisations need to consider when determining what cloud strategy they will deploy.

Why appoint Oreta

At Oreta, we believe that understanding shared responsibilities is the key to adopting a multi-cloud environment. When keeping up with the rapid changes in business requirements, the right strategy should be chosen from the start.

If you are looking at a cloud deployment, then reach out to us. Our focus is on meeting your requirements as an organisation. We are here to partner with you and make your business an ongoing success.