Dieter Petereit June 6th, 2017

Security For Any Website: Cloud-based Web Application Firewalls

Keeping the bad guys away is no longer a question of space, expertise, bandwidth and money. Cloud-based web application firewalls are available to just about anyone running a website.

Firewalls Then and Now

Running a firewall in front of a web presence is generally advisable. All visitor traffic is directed through the wall, which is able to tell malicious requests from regular visitors. As soon as a malicious attack is identified, the firewall will block the attacker from reaching the web server. This way, no security breaches or exploits that might exist on the web server can be made use of. Imagine a firewall as sitting between the visitor and your web server, acting as a filter through which any information in and out has to pass. [caption id="attachment_102179" align="alignnone" width="1024"] On-premise means physical, a disadvantage in itself. (Image by Thomas Ulrich from Pixabay)[/caption] Firewalls can be run on the same machine that hosts the web server, but this is a security flaw in itself. Thus, typically, firewalls for websites are run on their own hardware, which constitutes a disadvantage: anyone able to corrupt the firewall automatically gains the access they were trying to. However, as web application firewalls are off-site, constantly monitored and updated, and maintained by security experts, in the unlikely case of a breach, 24/7 teams will deal with the issue.  This way breaching the web access firewall does not automatically mean accessing the web server as well. From that perspective, it becomes clear why firewalls have been a luxury product in the past. They were only used by companies that drove their own server farms with the proper bandwidth connection and had large hardware requirements, networking expertise and the money to install and maintain them, including someone to keep an eye on their reports and status at all times. All the many page operators running on hardware not their own were left out of the game. That changed with the rise of cloud-based services on the one hand (you can even keep your fonts in the cloud nowadays) and the increase of connection speed and bandwidth on the other. Today, this “filter” - the firewall - can be located just about anywhere, as long as it has a robust internet connection. With the ever-rising amount of data centers around the world and the ever-rising power of the big cloud service providers such as Google, AWS or Azure, this problem declines and will rather sooner than later disappear completely provided individual operators consider security and deploy a WAF. These new developments are not only very appealing to companies that have not opted to use firewall protection up to now but also for those that have. When space and costs are issues, cloud-based firewalls can be a perfect relief.

Advantages of Cloud-based Firewalls

Although much more frequently used in recent years, web applications have been around since the early ‘00s, and experts have always called for increased levels of security for web applications due to their more accessible nature. As rising the security levels and blocking potential attackers is the general task of any firewall, let’s concentrate on the specific benefits that are unique to cloud-based offerings. Performance We all know that computing power in the cloud is limitless. Cloud servers are as virtual as can be. You need more processor power? Book it for three hours or however long you need? The same goes for memory, space, whatever. In-house, also called on-premise firewalls, are limited to their physical configuration. This is certainly something you cannot change with a click of your mouse for the next three hours. Cloud-based firewalls are not one device but a virtual powerhouse that is as large as it needs to be and can be easily extended. If you let it, it scales infinitely. Conceptually, this makes it faster as any on-premise firewall you could think of, at least when your money resources are not limitless. Expertise and Uptime Booking a managed cloud-based firewall frees you of all sorrows regarding that firewall. Managing a firewall is no child’s play but a challenging task that demands real expertise. Are you able or even willing to pay for a team of 24/7 experts? [caption id="attachment_102176" align="alignnone" width="1024"] Security Staff is Expensive. (Image by Ryan McGuire from Pixabay)[/caption] Firewall providers are. As they can solely focus on the management of their firewall services they usually reach uptimes of close to 100 percent. They’re able to update the rules to the latest threats rather than relying on annual (or worse) updates. Try to achieve that with an on-site team. Higher Recognition Rate and Handling Capabilities Providers of cloud-based firewalls see way more traffic than you will when running your appliance. Thus, they will recognize new types of attacks earlier than you would, which makes it likely that they will be able to respond faster to these future threats than you could. It is also possible for dedicated firewall providers to architect specific solutions for specific problems. The sheer computing power also allows then to handle large-scale attacks more successfully than you would. Lower Cost and Higher Relaxation Rates Cloud-based firewalls bring better security to more page operators and at affordable rates. Even companies running on-premise appliances might double-check whether it wouldn’t be wise to add cloud-based firewalls to their security strategy. Security won’t suffer, that’s for sure. And the addition will not cost a fortune or put further load on the IT team. Disadvantages of Cloud-Based Firewalls Nothing comes without downsides, not even cloud-based firewalls. These are only to be considered if you have alternatives, however. If it is technically impossible for you to run your on-premise firewall, you need not read further. Book a cloud-based firewall instead. If you have the capacities needed to run on-premise security, the downsides of cloud-based security are evident. It is Cloud-based The security of your company is dependent on third-party reliability. The provider’s staff will have access to all the information passing the filters. Any outage will happen out of your range. You will need to rely on the provider taking proper care of the security of their security appliances. You get the point. Outsourcing a firewall service is about letting go and trusting. This goes for any outsourcing you’d ever consider. If you ask me, I wouldn’t see too many problems hiding in the shadows as long as we are talking about a web application firewall. There are companies that offer both appliances for on-premise installation as well as cloud-based services based on the same technology. When it comes to a firewall strategy as a whole, a hybrid approach might be preferable as soon as you meet the requirements for own installations. If you don’t, cloud-based is your only friend. Featured Image by MasterTux from Pixabay

Dieter Petereit

Dieter Petereit is a veteran of the web with over 25 years of experience in the world of IT. As soon as Netscape became available he started to do what already at that time was called web design and has carried on ever since. Two decades ago he started writing for several online publications, some well, some lesser known. You can meet him over on Google+.

Leave a Reply

Your email address will not be published. Required fields are marked *