Borderless Networks: Where Has the Firewall Gone?
Few aspects of networking have experienced as much change in recent years as the network firewall. Once considered a desktop security device, then embraced as the cadre of gateway security for businesses of all sizes, the firewall has lost its “place”. Don’t get me wrong, I’m not belittling the importance of the network firewall – in fact, my intention is quite the opposite!
Today Cisco made an announcement that supports the notion that the network firewall is more important than ever. But where does it belong? Marketers and IT professionals, alike, are all guilty of using the silly “brick wall” graphic in all our presentations. I’ve done it myself more times than I can count – right there, between the network edge and the DMZ. After all, that’s where it has traditionally lived, right?
The problem is that with the advent of cloud computing, virtualization, and the ability to gain anytime/anywhere access to data from a wide range of devices, it’s hard to tell where the network begins and where it ends these days. And if we can’t find the network edge, where do we place the firewall? How do we protect our network assets from the deluge of Internet-borne threats?
Given the realities of modern-day computing, perhaps a more appropriate question is “where don’t we put the firewall?” In other words, if the firewall is intended to provide the first and strongest defense in a layered defense strategy, stopping threats before they have an opportunity to touch the network, then we need to place the firewall anywhere the network exists.
With users demanding “anytime, anywhere” access to data, using a variety of devices, the network is arguably everywhere. Therefore, to truly protect your network assets, your firewall has to have the capability to span multiple platforms, technologies, and deployment scenarios – including physical and virtual platforms. It also has to be capable of delivering high performance connectivity, while ensuring that those connections remain secure. And given all the BlackBerry devices, iPhones, iPads, and other mobile devices accessing the network, the firewall had also better be capable of supporting a broad spectrum of desktop and mobile platforms.
So going back to the presentation we’ve all developed, perhaps it’s time to replace that old tired graphic of the firewall in the center of the slide, and replace it with a miniature firewall around every asset we use to access the network and every network device through which our traffic traverses. Likewise, our DMZ is no longer a single place, but rather it’s everywhere around us. We all live and breathe in the DMZ!
Once we agree on this, we just need to ensure that our firewall is capable of spanning all these devices, to provide the connectivity we’ve all come to expect, plus scaling to serve the number of simultaneous devices that are accessing it. And the connection speed has to be fast, so it also needs to be capable of scaling to serve all these devices, without introducing too much latency.
Now put that picture on a slide!
For more about where Cisco is going with its firewall and the new ASA-5585-X, see the videobelow from Tom Gillis, Vice President and General Manager of Cisco’s Security Technology Business Unit, and visit www.cisco.com/go/asa.