All Blogs

Keeping the fires contained

Friday, October 25, 2019

Firewalls: cloud-based versus on-premises

IT peeps have always been great at coming up with dramatic terms for anything to do with security. Firewalls are no different. Like the original firewalls built to keep flames from spreading throughout, say, an apartment complex, firewalls as they relate to your network are intended to keep damage-causing attacks from spreading and resulting in total destruction.

It’s “perimeter,” in air quotes

No doubt that firewalls are a necessity in today’s evolving security climate. Here’s why: The security “perimeter” has changed. Back in the day, your perimeter was defined by the traffic being generated within the walls of your business. Users were accessing apps and data directly from your on-premises data center, so as long as you had protections in place for the traffic going out of your network, you were fine. Firewalls did what they were intended to do: stop intruders from accessing your network from the outside without your permission. Today, with the trend toward remote work, and with users commonly accessing apps, data, and services from the cloud, your perimeter has literally expanded to everywhere.

So a robust firewall is a must. But today, businesses have a choice: on-premises versus cloud-based. What’s the difference?

Scalability

Cloud-based firewalls, sometimes referred to as “firewall as a service” (FWaaS), are managed by third-party providers that have multiple customers—your network, plus those of other businesses. Because of this, they’re designed for scalability, with powerful servers in place so that when firewall workloads and bandwidth requirements balloon, a provider can easily expand to accommodate the extra firewall throughput. If you need an extra server to handle your traffic, they’ll let you know, then add it. An on-premises firewall requires that you pay for and install the additional servers yourself.

Security

Then there’s the reason you have to have a firewall in the first place: protection from security threats. A cloud-based firewall provider can monitor and provide automatic updates for zero-day threats—attacks that security researchers just detected a hot minute ago—and take them down like an offensive tackle. On the other hand, if you are internally managing your own on-site firewall, the reaction time to protect your network can be slower; in addition, downloading and installing the frequent security updates is on you.

Availability

Cloud firewall providers—certainly, any that you should consider—generally offer high-availability SLAs (99.99 percent is the norm), as well as fully redundant power, HVAC, network services, and backup strategies in the event of a site failure. So, while an outage is possible, it’s about as likely as spotting a bald eagle in your backyard. An on-premises firewall is only as reliable as the IT infrastructure it’s running on. To gain the high availability you need, you may need to shell out more money for better on-premises equipment.

Control

True, it can seem scary to put your network security in the hands of an outsider. Certainly on-premises firewalls lend themselves to on-site control by people you know and trust to ensure your security policies are being enforced—at least, within the walls of your business. But cloud-based firewall providers also tend to put robust security controls in place—and they have security experts dedicated solely to ensuring the performance of your firewall and the protection of your business. Do you have internal IT staff members who are completely dedicated to nothing but the security of your network?

Considering cloud? Consider Kinetic Business

These are just a few of the differences between on-premises and cloud-based firewalls. If you’re looking to put a cloud-based firewall in place, Kinetic Business by Windstream offers a fully managed cloud-based firewall that is also PCI compliant. Learn more at kineticbusiness.com.

 

​​