Firewalls in the Cloud

It baffles my mind how many organizations, who were always security conscious when it came to their own infrastructure, have seemingly forgot security existed when they moved to the cloud. If you had a Managed Firewall in your data centre and moved everything to the cloud, you still need a Managed Firewall. The Cloud Providers seem to downplay the importance of Security in the cloud, as I wrote back in 2015, but the fact is, it is more important than ever. 

The generic Firewall's provided by the Cloud Providers have very basic functions and limited diagnostic capabilities. So, even if your provider includes the firewall, your better off using a Brand name that you've always trusted. Most vendors have included a software version of their well know appliances, and these VM enabled firewall's will provide the same services as their hardware counterparts. 

Another concern is that of Performance. Today's hardware based NGFWs are often running multiple tasks, and many of those tasks run in ASICs. Hardware designed specifically for a task. This help provide the throughput required in today's high bandwidth environments. If your planning on turning on many of these features in a cloud environment, you need to size the server accordingly. Even then, you likely won't be able to get the performance and ASIC version can deliver.

My advice to all those moving to the cloud is to ensure that all of the precautions you took securing your data centre are addressed in your cloud infrastructure. This includes firewalling, IPSec VPN, IPS/IDS, AntiX, logging and monitoring.