Security "Bits"

Fixing Your Mis-Deployed NGFW

By Rich Campagna | August 29, 2018 at 4:37 AM

CASB replaces FirewallsThe Firewall/Next-Gen Firewall has been the cornerstone of information security strategy for decades now. The thing is, changes in network traffic patterns have resulted in most firewalls protecting a smaller and smaller percentage of enterprise network traffic over time. 

This post will illustrate the root cause of these firewall mis-deployments, and how the typical enterprise can correct the issue, restoring the efficacy of their security strategy. 

In the beginning, your firewall was in position to protect the majority of your corporate data and applications. Most users were on managed devices, on network (either physically or via VPN), and connected to data and applications inside of the enterprise (private) data center. Everything was protected and the deployment was sound:

As time went on, the first sanctioned SaaS applications were introduced to the organization. These typically took the form of major SaaS applications like Office 365, G Suite, and Salesforce. Since these applications are publicly available from anywhere, BYOD started to rear its ugly head as well (even if you had held it off in the past). This was the first step towards firewall mis-deployment, with a good portion of corporate data now existing unprotected outside the firewall:

Eventually, the business got the idea that cloud was easier, more agile, and more cost effective than premises applications, so the demands started to increase. In addition to major SaaS apps, niche industry and/or functional applications started popping up, and the organization began migrating premises applications (both custom apps and package software) to IaaS platforms. Today's picture for most enterprises looks something like this: 

The result? Your firewall is currently protecting only a small percentage of your enterprise applications and data. There is, however, a simple fix for this deployment challenge:


With the constant wave of applications migrating to the cloud, it won't be long before we hit Firewall Zero, with Cloud Access Security Brokers (CASB) taking the firewall's place as the cornerstone of enterprise security strategy. 



see all