Physical or Cloud Firewall?

Updated: Jun 18

I get asked this million-dollar question a lot:

Physical or Cloud Firewall?

Well, I must say that that’s a great question, and it makes a lot of sense really.

For many Enterprises & SMEs, the obvious question is why would you continue to spend buckets of time and money maintaining expensive on-premise firewalls when you can simplify and strengthen your security posture with the cloud? In fact, getting rid of on-premise firewalls and saving money on infrastructure is perceived as one of the biggest benefits of moving to public or private clouds in the first place, right?

But then you might ask me, what’s the difference between a physical firewall and a cloud firewall? And which should I get?

The term firewall is common enough. I mean, I probably mentioned it about 7 times since I started writing but who’s counting right?

So, let’s talk about firewalls.

What is a Physical Firewall?

Simply put, a firewall is a filtering program or a hardware device. It basically screens any information coming from the Internet connection to your computer system or private network, and filters out any malicious traffic.

Traditionally, firewalls have run in between a trusted internal network and an untrusted network – for example, between a private network and the Internet. Early firewalls were physical appliances that connected to an organization’s on-premises infrastructure. Firewalls block and allow network traffic according to an internal set of rules. In fact, some firewalls even allow administrators to customize these rules.

Description: Macintosh HD:Users:Therese:Downloads:Screen Shot 2019-12-02 at 7.46.24 pm.png

Firewalls are very important to any organization. Very important.

Picture this scenario. You’re in a company with about 300 employees, each of these employees will have their own workspace and computer. This means the company has hundreds of computers on their hands, all of which have network cards that are connecting them to each other. On top of that, the company will also have one or more connections to the Internet.

What happens if there is no firewall in place for these hundreds of computers? It means that your sensitive and confidential company data is easily accessible to anyone on the Internet. Hackers who know what they are doing can easily probe your computers. In fact, all it takes is one opening for a hacker to get through and wreak havoc on your system.

What is a Cloud Firewall?

So let’s talk about banks. Now, do you remember the last time you visited a bank? Did you notice the security guard standing right at the door as you enter and exit, and the several security cameras watching your every move like a hawk?

Yes, banks have a lot of physical security features in place. I mean, the cash is even stored in highly secure safes!

But imagine if, instead of being kept in one place, each bank branch’s cash was stored in different safes all over the country that were operated by a company specializing in safe maintenance. How could the bank be sure that its money was secure without deploying additional security resources around its scattered safes? This is what cloud firewalls do.

The cloud is like a bank with scattered resources, but instead of money, the cloud stores data and computational power. Authorized users can connect to the cloud from anywhere and on almost any network.

Cloud firewalls basically block cyber attacks directed at these cloud assets. As the name implies, a cloud firewall is a firewall that is hosted in the cloud. Cloud-based firewalls form a virtual barrier around cloud platforms, infrastructure, and applications, just as traditional firewalls form a barrier around an organization’s internal network. Deploying a cloud firewall is like replacing a bank’s local security cameras and a physical security guard with a global 24/7 security center that has a centralized staff and security camera feeds from all the places where a bank’s assets are stored.

So do I still need a physical firewall when there are cloud firewalls available now?

Now, before I answer this question, let me first tell you the benefits and drawbacks of each firewall.

Benefits of Cloud Firewall

  1. Easy to configure – much more modular than physical firewalls, and designed to handle all different kinds of communications

  2. Scalable – can evolve as your business grows, and allows you to not worry about hardware space on-premise

  3. Automatic updates if you are using firewalls-as-a-service (FWaaS) – your managed service provider (MSP) can monitor the internet and patch and fix your firewall when they find malware threats

  4. Extra space on server

Drawbacks of Cloud Firewall

  1. Susceptible to outages – if your server goes down, and you depend on it to check your company’s traffic for malicious agents, then your entire business’ network can grind to a halt in an instant

  2. Losing ownership of security assets – once your company’s assets are in the cloud, somebody else controls who has access to them

  3. Unpredictable latency – due to multiple clients sharing the same cloud-based security system, which manifests itself as increased latency in the traffic as it passes through the security service

  4. Vulnerability to discontinuation of the service – MSPs may stop providing their service at any time, and migrating to a new MSP is difficult, disruptive and expensive, which might even result in a loss of security information. Hence, choosing a reliable MSP is key

  5. Variability of data rate – as guaranteeing internet bandwidth on arbitrary paths across the internet is not possible. This is because now that security is provided in the cloud, all your internet traffic now has to pass through the cloud service

Benefits of Physical Firewall

  1. Internal Network Security – on-premise physical firewalls can provide firewalling of internal data, which cannot be feasibly achieved by a cloud-based service

  2. End-to-end VPNs – using an on-premise physical firewall allows VPNs to protect your data throughout its entire journey across the Internet

  3. Defense in depth – relying on a security service located remotely on the Internet, and providing security for all sites from this one cloud-based location, does not provide the necessary depths of defense for optimal security

Therefore, to answer the question in the first place, I would say that although storing your data in the cloud is wise and effective, and having a cloud firewall